Senior Analyst, Vulnerability Management, Global Deloitte Technology

Deloitte • Full-time • Toronto, ON, CA • 1d ago

Senior Analyst, Vulnerability Management, Global Deloitte Technology

Posting Start Date: 5/12/26

Job Type: PermanentWork Model: RemoteReference code: 133325Primary Location: Toronto, ONAll Available Locations: Toronto, ON

Our Purpose

At Deloitte, our Purpose is to make an impact that matters. We exist to inspire and help our people, organizations, communities, and countries to thrive by building a better future. Our work underpins a prosperous society where people can find meaning and opportunity. It builds consumer and business confidence, empowers organizations to find imaginative ways of deploying capital, enables fair, trusted, and functioning social and economic institutions, and allows our friends, families, and communities to enjoy the quality of life that comes with a sustainable future. And as the largest 100% Canadian-owned and operated professional services firm in our country, we are proud to work alongside our clients to make a positive impact for all Canadians.

By living our Purpose, we will make an impact that matters.

Have many careers in one Firm.
Enjoy flexible, proactive, and practical benefits that foster a culture of well-being and connectedness.
Learn from deep subject matter experts through mentoring and on the job coaching

--

Deloitte Global is the engine of the Deloitte network. Our professionals reach across disciplines and borders to develop and lead global initiatives. We deliver strategic programs and services that unite our organization.

What will your typical day look like?

As a Vulnerability Management T2 Operator, you will leverage your expertise to ensure the Vulnerability Management Service consistently delivers high-quality results across regional areas, in alignment with Deloitte’s best practices and recognized industry standards. You will be responsible for the initial triage and prioritization of critical vulnerabilities, ensuring swift action on high-impact risks. You will develop, maintain, and optimize infrastructure, focusing on continuous improvement and automation of the service roadmap. By adhering to frameworks such as NIST, ISO/IEC 27001, and Deloitte’s internal protocols, you will maximize value for global service teams and member firms, ensuring that processes remain secure, efficient, and compliant with regulatory requirements.

Manage Global Vulnerability Management (VM) Infrastructure

Oversee the global VM infrastructure and conduct analysis, implementation, and orchestration of regional VM operational solutions
Monitor maintenance and drive continual improvement of vulnerability management infrastructure, initiatives, integrations, and processes
Act as a regional operator managing and optimizing VM scanning tools (e.g., Qualys, Tenable, Rapid7)
Manage major service upgrades and changes to core platforms to ensure consistency and stability
Improve and automate existing vulnerability management systems

Vulnerability Analysis and Validation

Perform in-depth review and validation of vulnerability findings from enterprise scanning and threat intelligence sources
Analyze exploitability, asset criticality, exposure, and business impact for accurate prioritization
Identify and resolve false positives, compensating controls, and misclassified risks
Perform information system security vulnerability scanning across networks, operating systems, applications, databases, and other system components
Support rapid response activities for zero-day and executive-level priority vulnerabilities
Research and assess emerging security threats and vulnerabilities

Strategic Guidance and Team Support

Provide strategic recommendations to the VM team on major changes or tactical enhancements to improve quality, resiliency, value, and exploit new business opportunities
Serve as the primary escalation point for Tier 1 analysts, critical vulnerabilities, and SLA-at-risk findings
Act as a liaison between Member Firms, Infrastructure, Cloud, Application, and Engineering teams and other Global teams
Be the main point of contact for the team, representing the team as subject matter expert
Provide technical support for vulnerability management projects
Act as tooling subject matter expert to provide insight and guidance on service deployment structure

Remediation and Communication

Clearly communicate remediation expectations, timelines, and technical guidance to asset owners
Track remediation commitments, validate fixes through rescans or evidence review, and ensure audit-defensible closure
Monitor remediation methods in place and ensure timely completion
Support exception handling, risk acceptance reviews, and compensating control documentation
Prepare reports on metrics, remediation guidance, and technical risk evaluation
Provide exposure reports for vulnerabilities, assets, and software

Operational Excellence

Troubleshoot authenticated scanning, coverage gaps, and data quality issues
Maintain accurate ticketing and vulnerability records in enterprise workflow tools
Identify operational inefficiencies and recommend improvements to processes, runbooks, and tooling
Contribute to vulnerability trend analysis, SLA metrics, and leadership reporting inputs
Assist in the development of best practices to mitigate against common threats and assess damage potential
Manage multiple projects including ongoing scanning, security awareness, documentation, and technical reviews
Maintain documentation regarding threat management, including policies and procedures

Day-to-Day Support Activities

Develop ad-hoc scripts, reports, or dashboards to enhance, automate, and drive service enhancement in the use of vulnerability management tools and triage of data
Respond to time-sensitive requests from member firms and patching teams
Perform recurring and on-demand scanning of organization systems and cloud environments
Monitor vulnerability scans to assess, prioritize, and report findings, providing recommended remediation actions
Gather security notifications from vendors and perform initial analysis and reporting

About The Team

Global Technology Services works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Enough About Us, Let’s Talk About You

Required:

Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field (or equivalent practical experience).
5+ years of experience in vulnerability management, security operations, or infrastructure security.
Strong working knowledge of vulnerability scanning platforms (e.g., Qualys, Tenable, Rapid7, cloud security tools).
Demonstrated experience triaging and managing critical and high risk vulnerabilities in large, complex environments.
Solid understanding of:
CVSS, exploitability, and threat intelligence
OS and application patching lifecycles
On prem, cloud, and hybrid environments
Strong ability to clearly communicate complex cybersecurity statements to technical and non-technical audiences at various hierarchical levels
Experience working with CMDBs and ticketing systems (e.g., ServiceNow).
Ability to translate technical risk into clear, actionable guidance for non security stakeholders.

Preferred:

Demonstrated experience operating within a mature enterprise vulnerability management or security operations program, beyond entry level monitoring.
Hands on exposure to complementary security domains such as penetration testing, SIEM operations, threat detection, or network security controls, with the ability to contextualize findings.
Experience contributing to the design, enhancement, or rollout of security technologies or VM processes in large or complex environments.
Background supporting IT controls monitoring, audit readiness, or regulatory/compliance driven security requirements.
Experience developing or enhancing risk, vulnerability, or SLA reporting using visualization or dashboarding tools for operational or leadership audiences.
Working knowledge of cloud computing, automation, networking, and application architectures, with the ability to assess risk across hybrid environments.
Experience with vulnerability data management, including normalization, prioritization, and process or reporting automation.
Strong understanding of OWASP Top 10 risks and common secure software development controls.
Familiarity with at least one major cloud platform (Azure, AWS, and/or GCP) in an enterprise context.
Practical knowledge of vulnerability standards and scoring frameworks such as CVSS, CVE, and exploit intelligence sources.
Experience analyzing large or complex data sets to identify risk trends, operational gaps, or remediation bottlenecks.
Exposure to automation or scripting to reduce manual effort and improve operational efficiency.
Proven ability to work effectively in cross functional, matrixed environments, influencing stakeholders without direct authority.
Strong understanding of modern threat landscapes, common attack vectors, and indicators of compromise (IOCs).
Familiarity with Secure Software Development Lifecycle (SSDLC) concepts and security controls.
Ability to communicate technical risk clearly to both technical teams and non technical stakeholders.

Total Rewards

The salary range for this position is $69,000 - $114,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.

Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. On top of our regular paid vacation days, some examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, firm-wide closures known as "Deloitte Days", dedicated days of for learning (known as Development and Innovation Days), flexible work arrangements and a hybrid work structure.

Our promise to our people: Deloitte is where potential comes to life.

Be yourself, and more.

We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance.

You Shape How We Make Impact.

Diverse perspectives and life experiences make us better. Whoever you are and wherever you’re from, we want you to feel like you belong here. We provide flexible working options to support you and how you can contribute.

Be the leader you want to be

Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader.

Have as many careers as you want.

We are uniquely able to offer you new challenges and roles – and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors.

The next step is yours

At Deloitte, we are all about doing business inclusively – that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan, Reconciliation Action Plan and the BlackNorth Initiative.

We encourage you to connect with us at accessiblecareers@deloitte.ca if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations) or indigenouscareers@deloitte.ca for any questions relating to careers for Indigenous peoples at Deloitte (First Nations, Inuit, Métis).

When you apply, we will review your application using Deloitte's Global Talent Standards to ensure a consistent recruitment experience. Our recruitment advisors and hiring teams will utilize human screening combined with AI technology to help identify the skills and qualities that matter most to our business, while safeguarding your privacy and using AI responsibly.

Deloitte Canada has 20 offices with representation across most of the country. We acknowledge that Deloitte offices stand on traditional, treaty, and unceded territories in what is now known as Canada. We recognize that Indigenous Peoples have been the caretakers of this land since time immemorial, nurturing its resources and preserving its natural beauty. We acknowledge this land is still home to many First Nations, Inuit, and Métis Peoples, who continue to maintain their deep connection to the land and its sacred teachings. We humbly acknowledge that we are all Treaty people, and we commit to fostering a relationship of respect, collaboration, and stewardship with Indigenous communities in our shared goal of reconciliation and environmental sustainability.