Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.
We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.
Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
* Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the client's current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels.
* Perform detailed Quality Assurance (QA) review of web- based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels.
* Complete the draft and final reports and other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately.
* Act as a subject matter resource in specific programming languages and web application environments. Propose vulnerability risk level and estimated level of remediation effort. Propose code fix or architectural strategies to remediate identified vulnerabilities. Confirm appropriateness of a proposed remediation approach or propose viable alternatives and perform the actual remediation.
* Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. Ensure high- quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.
* Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues. Communicate with the engagement team and client management through written correspondence and verbal presentations.
* Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
To qualify, candidates must have:
* Bachelor's degree and a minimum of 1 years of related work experience; or a Master's degree and related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major.
* Experience conducting application security vulnerability assessments and attacks including creation of proof- of- concept exploits.
* Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP.
* Demonstrated experience with enterprise application development in one or more of the common development platforms: Java/J2EE, .NET/C#, C/C++, PHP, Python, or Flash.
* Demonstrated experience in Information Security strategic planning, architecture migration strategies or security engineering strategy.
* Knowledge of networking and system- level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture.
* Demonstrated experience in key Cybersecurity domains such as identity, access management, and cryptography.
* Enterprise experience with application development for mobile platforms such as iOS, or usage of mobile frameworks such as Kony or PhoneGap is a plus.
* Understanding of best practice methodologies in application security including OWASP and mobile.
* Understanding of development methodologies such as waterfall, agile, continuous integration.
* Demonstrated experience in writing enterprise security standards, policies, coding guidelines.
* Ability to examine issues both strategically and analytically..
* A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required.
* The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect, or CEH certification.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
Ernst & Young (doing business as EY) is a multinational professional services company.