* JOB SUMMARY
Cyber threats continue to evolve and pose serious risks within the business environment. EY's Cybersecurity as a Service (CaaS) offering addresses the ongoing operational requirements through the following services:
* Threat Detection and Response
* Threat Exposure Management
* Identity & Access Management
* Data Protection
Clients retain CaaS to defend their environment and respond when threats are detected. As a CaaS security professional, you will belong to a globally connected team of security professional delivering 24x7 services from our Dallas Cyber Center.
What this means for you
At EY, we believe your career is a journey and we are committed to providing you an array of exciting opportunities to help you find the career path that is right for you. In this role, you will have the opportunity to team with a wide variety of clients to deliver professional services and to actively participate in a rapidly growing practice. With each engagement, you can expect to build leadership, communication and client-management skills, as well as sharpen your problem-solving capabilities. EY Security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. If you are interested in "building a more secure and trusted working world," being part of a dynamic team, serving clients and reaching your full potential, EY Advisory Services is for you. Apply today!
* Responsible for understanding and interpreting event discovery and incident response activities
* Full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating of resolution, and event reporting
* Supervise tier-1/2 analysts in resolving issues and troubling shooting connection and technology issues
* Understanding the "how," "when," "where," and "why" of the incident threat
* Perform mitigation activities for current and residual risk
* Assist with project planning and identification of mitigation activities
* Perform the activities necessary for the immediate, short-term rapid resolution of incidents to minimize risk exposure and production down-time
* Maintain a professional communicative relationship with clients and management to provide information throughout the incident, problem, and change management cycles
* Coordinate and drive efforts among multiple business units during response activities and post-mortem
* Proactive monitoring of internal and external-facing environment using specialized security applications
* Provide timely, comprehensive and accurate information in both written and verbal communications
* Proactively research and monitor security-related information sources to aid in the identification of threats to client networks, systems and intellectual property
* Lead and mentor other staff members on incident response, analysis and tools
* Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
* Participate in after hours on-call rotation when required
To qualify, candidates must have:
* Bachelor Degree in Computer Science, Mathematics, Engineering, or other related area of study with 3-5 years of overall IT professional work experience
* At least 3 years in Information Security, especially in an security operations and vulnerability discovery OR information operations/incident role
* Hands-on troubleshooting, analysis, and technical expertise to resolve incidents and service requests; previous experience in troubleshooting day-to-day operational processes such as security monitoring, data correlation, security operations etc.
* Proven experience performing analysis of security events and incidents, to determine root cause and provide resolution; working experience against advanced persistent threats is well seen;
* Strong working knowledge of at least three of the following security tools: host-based antivirus, anti-spam gateway solutions, firewalls, IDS/IPS, server and network device hardening, data loss prevention, forensics software, vulnerability management, website security;
* Competence in using both internal and external ticketing systems for ITIL-based incident, problem and change management.
* Detailed knowledge of applicable security tools, technologies, and trends
* Fundamental understanding of defense-in-depth and intelligence-driven strategies
* Working knowledge/experience of network systems, security principles, and applications
* Experience with utilizing security tools software such as Splunk, LogRhythn, CarbonBlack, Fidelis, and ServiceNow
* Ability to mesh sound technical and security practices to problem solving
* Additional certifications and training preferred in the following areas: Network Security certifications (CISSP, C|EH, Security+, SANS, ISACA, Vendor Certificates), Project Management training/certification, and Quality Management (ITIL, Six Sigma, TQM, etc.) training/certification
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
Ernst & Young (doing business as EY) is a multinational professional services company.