Senior Consultant, Vulnerability Cybersecurity

Putting people first, every day

BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, our professionals provide exceptional service, helping clients with advice and insight they can trust. In turn, we offer an award-winning environment that fosters a with a high priority on your personal and professional growth.

Your Opportunity

BDO is seeking a seasoned professional to join our growing Cyber Security team as a Senior Consultant, specializing in Vulnerability Management. In this role, you will play a critical part in helping our clients strengthen their security posture by identifying, assessing, and managing vulnerabilities across complex enterprise and cloud environments.

If you are passionate about proactive risk mitigation, client advisory, and continuous improvement in vulnerability and patch management operations and want to work in a collaborative, innovative environment—this is the right opportunity for you.

This is a new role in our team. As a Senior Consultant on BDO’s Cyber Security team, your responsibilities will include :

Lead the design, implementation, and optimization of enterprise vulnerability management programs, ensuring alignment with industry standards and client security objectives.

Oversee the deployment and continuous tuning of automated vulnerability scanning tools to ensure comprehensive coverage and timely identification of security gaps.

Develop and refine custom enterprise security metrics and dashboards that provide clear visibility—from executive-level summaries to tactical, operational details—enabling informed decision-making.

Analyze complex enterprise environments to tailor patch management recommendations that align with the organization’s incremental security goals and operational realities.

Advise clients on improving their patch management operations, ensuring that security updates are applied efficiently and effectively without disrupting business operations.

Develop and maintain metrics tracking vulnerability remediation timelines and effectiveness, providing regular reporting to senior leadership and executives.

Collaborate closely with software development and DevOps teams to integrate security best practices into the software development lifecycle, ensuring vulnerabilities are addressed early and effectively.

Provide executive-level reporting on vulnerability trends, risk levels, and remediation progress to enhance organizational visibility and accountability.

Continuously assess and refine vulnerability and patch management processes to enhance efficiency, minimize downtime, and reduce risk exposure.

Stay current on emerging vulnerabilities, exploits, and technologies; contribute to continuous improvement across vulnerability management and related practices.

How we define success for your role :

You demonstrate BDO’s core values of Integrity, Respect, and Collaboration in all aspects of your work.

Clients describe you as a trusted advisor who delivers high-quality, actionable insights and solutions.

You demonstrate proven success in managing and executing enterprise vulnerability management programs, improving measurable security outcomes.

You foster an inclusive and engaging work environment that encourages knowledge sharing and innovation.

You actively adopt and promote digital tools and data-driven strategies to enhance vulnerability visibility and remediation efficiency.

You invest in your professional growth and contribute to the advancement of BDO’s cyber security practice.

Your experience and education

Bachelor’s degree in Computer Science, Information Security, or a related field.

5+ years of experience in vulnerability management, risk assessment, or cyber security consulting.

Strong understanding of vulnerability scanning tools and platforms (e.g., Qualys, Nessus, Rapid7, Tenable, InsightVM).

Familiarity with security frameworks such as NIST CSF, ISO 27001, CIS Controls, and related governance models.

Proven ability to communicate technical findings clearly to both technical and non-technical audiences.

Experience collaborating with cross-functional teams (SOC, DevSecOps, IR, and leadership).

It's an asset if you have :

Experience in a consulting environment or supporting a diverse portfolio of enterprise clients.

Experience with cloud platforms (Azure, AWS, GCP) and related vulnerability assessment methodologies.

Familiarity with DevSecOps practices, container security, and CI / CD pipeline scanning.

Experience developing or scripting automation for security operations (e.g., Python, PowerShell, KQL, or API integrations).

Understanding of compliance and reporting requirements in regulated industries (e.g., finance, healthcare, public sector).

It's preferrable if you have the following certifications :

CISSP, CISM, CRISC, or CISA.

GIAC GSLC, GCCC, or GVMS.

Microsoft SC-200, Azure Security Engineer Associate, AWS Security Specialty, or equivalent cloud certifications.

CompTIA Security+, CySA+, or CEH.

The expected range of compensation for this role is $84,000 - $128,000 annually.