Putting people first, every day
BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, our professionals provide exceptional service, helping clients with advice and insight they can trust. In turn, we offer an award-winning environment that fosters a people-first culture with a high priority on your personal and professional growth.
Your Opportunity
BDO is seeking a seasoned professional to join our growing Cyber Security team as a Senior Consultant or Manager specializing in Vulnerability Management. In this role, you will play a critical part in helping our clients strengthen their security posture by identifying, assessing, and managing vulnerabilities across complex enterprise and cloud environments.
If you are passionate about proactive risk mitigation, client advisory, and continuous improvement in vulnerability and patch management operations and want to work in a collaborative, innovative environment—this is the right opportunity for you.
As a Senior Consultant or Manager on BDO’s Cyber Security team, your responsibilities will include:
Lead the design, implementation, and optimization of enterprise vulnerability management programs, ensuring alignment with industry standards and client security objectives.
Oversee the deployment and continuous tuning of automated vulnerability scanning tools to ensure comprehensive coverage and timely identification of security gaps.
Develop and refine custom enterprise security metrics and dashboards that provide clear visibility—from executive-level summaries to tactical, operational details—enabling informed decision-making.
Analyze complex enterprise environments to tailor patch management recommendations that align with the organization’s incremental security goals and operational realities.
Advise clients on improving their patch management operations, ensuring that security updates are applied efficiently and effectively without disrupting business operations.
Develop and maintain metrics tracking vulnerability remediation timelines and effectiveness, providing regular reporting to senior leadership and executives.
Collaborate closely with software development and DevOps teams to integrate security best practices into the software development lifecycle, ensuring vulnerabilities are addressed early and effectively.
Provide executive-level reporting on vulnerability trends, risk levels, and remediation progress to enhance organizational visibility and accountability.
Continuously assess and refine vulnerability and patch management processes to enhance efficiency, minimize downtime, and reduce risk exposure.
Stay current on emerging vulnerabilities, exploits, and technologies; contribute to continuous improvement across vulnerability management and related practices.
How we define success for your role:
You demonstrate BDO’s core values of Integrity, Respect, and Collaboration in all aspects of your work.
Clients describe you as a trusted advisor who delivers high-quality, actionable insights and solutions.
You demonstrate proven success in managing and executing enterprise vulnerability management programs, improving measurable security outcomes.
You foster an inclusive and engaging work environment that encourages knowledge sharing and innovation.
You actively adopt and promote digital tools and data-driven strategies to enhance vulnerability visibility and remediation efficiency.
You invest in your professional growth and contribute to the advancement of BDO’s cyber security practice.
Your experience and education
Bachelor’s degree in Computer Science, Information Security, or a related field.
5+ years of experience in vulnerability management, risk assessment, or cyber security consulting.
Strong understanding of vulnerability scanning tools and platforms (e.g., Qualys, Nessus, Rapid7, Tenable, InsightVM).
Familiarity with security frameworks such as NIST CSF, ISO 27001, CIS Controls, and related governance models.
Proven ability to communicate technical findings clearly to both technical and non-technical audiences.
Experience collaborating with cross-functional teams (SOC, DevSecOps, IR, and leadership).
It's an asset if you have:
Experience in a consulting environment or supporting a diverse portfolio of enterprise clients.
Experience with cloud platforms (Azure, AWS, GCP) and related vulnerability assessment methodologies.
Familiarity with DevSecOps practices, container security, and CI/CD pipeline scanning.
Experience developing or scripting automation for security operations (e.g., Python, PowerShell, KQL, or API integrations).
Understanding of compliance and reporting requirements in regulated industries (e.g., finance, healthcare, public sector).
It's preferrable if you have the following certifications:
CISSP, CISM, CRISC, or CISA.
GIAC GSLC, GCCC, or GVMS.
Microsoft SC-200, Azure Security Engineer Associate, AWS Security Specialty, or equivalent cloud certifications.
CompTIA Security+, CySA+, or CEH.
Why BDO?
Our people-first approach to talent has earned us a spot among Canada’s Top 100 Employers for 2025. This recognition is a milestone we’re thrilled to add to our collection of awards for both experienced and student talent experiences.
Our firm is committed to providing an environment where you can be successful in the following ways:
We enable you to engage with how we change and evolve, being a key contributor to the success and growth of BDO in Canada.
We help you become a better professional within our services, industries, and markets with extensive opportunities for learning and development.
We support your achievement of personal goals outside of the office and making an impact on your community.
Giving back adds up: Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives. We support staff with local and national events where you will be given the opportunity to contribute to your community.
Total rewards that matter: We pay for performance with competitive total cash compensation that recognizes and rewards your contribution. We provide flexible benefits from day one, and a market leading personal time off policy. We are committed to supporting your overall wellness beyond working hours and provide reimbursement for wellness initiatives that fit your lifestyle.
Everyone counts: We believe every employee should have the opportunity to participate and succeed. Through leadership by our Diversity, Equity and Inclusion Leader, we are committed to a workplace culture of respect, inclusion, and diversity. We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation. If you require accommodation to complete the application process, please contact us.
Flexibility: All BDO personnel are expected to spend some of their time working in the office, at the client site, and virtually unless accommodations or alternative work arrangements are in place.
Our model is a blended approach designed to support the flexible needs of our people, the firm and our clients. It’s about creating work experiences that meet everyone’s needs and providing flexibility to adjust when, where and how we work to meet the expectations of our role.
Code of Conduct: Our Code of Conduct sets clear standards for how we conduct business. It reflects our shared values and commitments and includes guiding principles to help us make ethical decisions and maintain trust with each other, our clients, and the public.
With your consent, BDO Canada may use AI technology (Microsoft Copilot) to transcribe during preliminary conversations, solely for the purpose of note-taking and not for other purposes, such as resume review, evaluation or selection of candidates.
More information on BDO Canada’s Privacy Policy can be found here: Privacy Policy | BDO Canada
Ready to make your mark at BDO? Click “Apply now” to send your up-to-date resume to one of our Talent Acquisition Specialists.
To explore other opportunities at BDO, check out our careers page.