Cyber Security team - Multiple Opportunities
POLAND Teaching
Job description
Cyber Security team - Multiple Opportunities
The opportunity
We are looking for a top-notch technology savvy specialists willing to move our projects on the new track! You will use the most advanced technology stack and have an opportunity to develop and implement new solutions while working with top leaders in their industries. As a part of our global team you will participate in international projects.
Right now, we are looking for multiple roles to join Cyber Security team within EY GDS Consulting:
Pentester
The Pentester is responsible to deliver Attack & Penetration Testing projects and various other security projects including application code review, social engineering, Red Team Assessments, Purple Team Assessments, Threat Modeling and Security Architecture reviews.
· Minimum 2 years of experience in conducting penetration tests,
· Knowledge of security issues at the technical level,
· Knowledge of solutions and recommendations to prevent or mitigate security vulnerabilities,
· Knowledge of the application security verification standards,
· Understanding of how information’s technology systems work:
· networking architecture,
· networking protocols
· operating systems.
· Understanding of how web applications work, starting from backend, ending with frontend
DevSecOps and Cloud Engineer
The DevSecOps Specialist is responsible for designing and implementing of Continuous Integration and Deployment/Delivery solutions. Cloud engineer with understanding of Cloud delivery, security and deployment models for IaaS, PaaS, SaaS offerings provided by at least one of popular Cloud vendors, AWS, Azure, GCP.
· DevOps with experience in deployment security in SDLC and CI/CD. Provisioning automation tools e.g. Docker, Kubernetes, Openshift, CI/CD
· Developing infrastructure as code (PowerShell/Ansible/Terraform) Familiarity with technologies is an advantage: Maven, Jenkins, SonarQube, Harbour, Nexus, Git, Istio, Prometheus, Fluentd, Kafka, Hashicorp
· Basics in test automation AND/OR Vulnerability Scanning DAST/SAST is a plus.
· Cloud engineer with understanding of Cloud delivery, security and deployment models for IaaS, PaaS, SaaS offerings provided by at least one of: Amazon Web Services (AWS), Microsoft Azure and Google Cloud platforms
· Cloud platforms. Working knowledge of key cloud security standards e.g. NIST, CIS, NCSC, ISO, CSA STAR
· Technical architecture skills, incl. tiered security architecture design
· Ability to implement security into cloud services and evaluate cloud configuration to optimize it
Information Security Consultant
As an Information Security Consultant within Strategy, Risk, Compliance & Resilience (SRCR) competency, you will help EY Clients to evaluate the effectiveness and efficiencies of their cybersecurity and resiliency programs in the context of the business growth and operations strategies.
· Associate with analytical and problem-solving skills, ability to work effectively as a team member, observant with an eye for detail.
· Strong Project Management and Audit skills
· Certificates in: CISA, CISSP, CISM, ISO27001 Lead Auditor or Lead Implementer will be a value
· Awareness of any of the Information Security-related norms and standards such as: ISO27001, NIST, TISAX or any other ISMS governance systems, IT Controls such as: IT General Controls (ITGC), IT Application Controls (ITAC), IT SOX Compliance, SSAE16, business cycle controls (BCCs) review, general computer controls (GCCs), Segregation of duties analysis, etc.
· Performing audits or reviews of ISMS systems and/or IT general controls. support clients with implementation of their ISMS, write documents, set controls frameworks etc.
· IT Controls such as: IT General Controls (ITGC), IT Application Controls (ITAC), IT SOX Compliance, SSAE16, business cycle controls (BCCs) review, general computer controls (GCCs), Segregation of duties analysis, etc.
Data Protection Consultant
The Data Protection Consultant is responsible for data identification and protection in organization and apply policies to deliver given.
· Experience in supporting Data Security Technology:
· Information Security concepts related to Governance, Risk & Compliance
· DLP/Data Classification/CASB/DAM, Encryption, PKI, CLM Technology support and Event Handling
· Experience in administration of the DLP, O365 (DLP, AIP, RMS, MCAS), PKI (MS PKI, HSM, CLM), CASB, DAM tools which includes configuring policies, upgrading and patching.
· Technical/Vendor CASB (Netskope, Prisma, Symantec), DLP (, Forcepoint, McAfee, Symantec), Data Classification (Titus, Boldon James), DAM (IBM Guardium, Imperva) certification will be added advantage.
IAM Consultant and IAM Architect
As an IAM Consultant you will be responsible for designing and implementing optimizing processes related to IAM in our clients’ landscape and business implementation of identity management systems. Architect will lead a technical team of engineers providing the technical design and engineering of IAM platforms. This role will be a key role in defining the plan for business transformation working in conjunction with Identity Access Management teams, vendors and other infrastructure/ application technical teams of EY's Client.
· Strong understanding of identity governance and lifecycle.
· Use case design, Solution Requirements Specification and mapping business requirements to technical requirements
· Hands-on development experience on Provisioning Workflows, triggers, rules and customizing the tool as per the requirements.
· Strong understanding of Identity Access Management concepts.
· Experience in design and configuration of SailPoint or Saviynt - architecture, design, development, configuration, testing, integration, and deployment.
· Experience in any other IDM suite (OIM, IBM, Sun, CA, Microfocus / NetIQ) is an added advantage.
· Experience in creation of SailPoint or Saviynt solutions in presales phase for selling opportunities (RFP, RFI) for our clients. Hands-on experience on SailPoint or Saviynt Migration projects.
Threat Detection & Response Consultant/Architect
The TDR Senior Consultant is responsible for creation of solutions/architectures and/or participation in the projects as a Subject Matter Expert. Knowledge of the following topics:
· SIEM,
· Security Operations Center (SOC),
· Cyber Threat Intelligence,
· Vulnerability Assessment / Management,
· Creation of architectures
· RFP (Request for Proposal) solutioning
Application Testing and Vulnerability Assessment Consultant
The Application Testing Consultant is responsible for assessment application and controls. The Application Testing Consultant is responsible for application testing to identify vulnerabilities which can be leveraged by rogue party
· Excellent technical architecture skills, incl. tiered security architecture design
· Ability to implement security into cloud services and evaluate cloud configuration to optimize it
· Ability to introduce Security Test Tools in to the SDLC (SAST, SCA, DAST in Dev, DAST etc.)
· Hands on in introducing Security Standards (ASVS for Web) and (MASVS for Mobile Applications) in to SDLC
· Experience with Implementation of security Test tools in to the application pipeline: SonarQube (DAST), Dependency Checker (SCA), Black Duck (SCA), ZAP (Dast in Dev)
What we offer
EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.
· Continuous learning:You’ll develop the mindset and skills to navigate whatever comes next.
· Success as defined by you:We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
· Transformative leadership:We’ll give you the insights, coaching and confidence to be the leader the world needs.
· Diverse and inclusive culture:You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
About EY
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.