Technology Consulting – Cyber Security Consultant(北京&济南)

Job description

Consulting – Cyber Security Consultant(北京&济南)

Excellent career opportunity with Ernst & Young:

Ernst & Youngis one of the leading global professional services organizations with 268,000 staff around the world.  We are proud of our people culture which we believe sets us apart in the profession.  Ernst & Young helps you achieve your best by providing great learning and career growth opportunities, by offering ways to help you achieve satisfaction in work and life, and by looking at each decision with a keen eye toward how it will affect you.

Job summary:

Cyber Security's engagements focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks.  Engagements may be either assurance (attestation) and/or risk advisory in nature, and vary considerably in size and complexity.  All of our Security services, whether assurance or advisory in nature, are designed for the dual purpose of strengthening internal controls and helping our clients improve IT and business performance

Responsibilities:

·  Collaborate with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments, and other planning documents.  Work with the engagement team to document the business processes dependent on information technology.  Serve as a fieldwork leader by directing the daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance;
·  Demonstrate and apply a thorough understanding of complex information systems.  Use knowledge of the current IT environment and industry IT trends to identify the engagement and client service issues, and communicate this information to the engagement team and client management through written correspondence and verbal presentations;
·  Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services;
·  Demonstrate expert ability to identify and analyze business and user requirements, develop, present and demonstrate professional solutions to prospective customers based on detailed customer requirements;
·  Prepare and conduct proposal presentations, demonstrations and participate in marketing and promotional activities (workshop, seminar, training and speech etc.);
·  Perform planned and ad-hoc security reviews to ensure compliance with existing policies;
·  Lead team to provide information security advisory services on risks and security best practice.

Requirements:

·  University graduates in Information Systems / Computer Science and Accounting
·  A minimum of 1~3 years of relevant experience with reputable international accounting firms; or experience in IT operations, holding ITIL and/or ISO20000 certificate; or experience in initiating, maintaining and monitoring information security policies, processes and procedures in enterprise according to ISO 17799/27701 and conducting information security risk assessment and treatment programs.
·  Strong interpersonal and organizational skills
·  IT 咨询： IT 规划（网络，基础架构，数据和应用规划）， IT 流程管理 （IT管理体系， ITIL）
·  IT风险： IT风险管理， 信息安全 （安全规划，安全技术， 数据安全， 应用和网络安全，云安全等）
·  业务安全/渗透测试/安全产品，(WAF/TD)日志做全面分析/应急响应/Data Security/Cloud Security/penetration testing/vulnerability management/incident response/jave, python, docker/OWASP10

安全漏洞运维类

·  熟悉常见的Web漏洞及攻击方法，比如：SQL注入、XSS、CSRF等；熟悉常见的漏洞扫描工具的使用，如SQLmap、AWVS、Burp Suite、Jenkins等；
·  具有1到3年以上信息安全运营（安全监控，安全事件响应，安全事件分析等）经验
·  熟悉主流SOC，SIEM平台包含Splunk，LogRhythm, McAfee, ArcSight等
·  具有设计实施SOC及相关者优先
·   攻防对抗、云计算安全运维、SDL、CISSP/CISP

安全测试类

·  Application security
·  Penetration test
·  Vulnerability scan
·  CEH
·  CISSP

安全产品类

·  Sales Engineer（售前）
·  Data loss prevention (DLP)
·  IAM
·  SIEM
·  Security operation center (SOC)
·  Incident response

 

HR Number:85241