As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Consultant – Cyber Security
Cyber Security is one of the most important risks facing businesses today. Systems and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth. Our clients are overwhelmingly turning to EY for help and guidance on how to protect their assets, minimize business disruption and improve security as they continue to exploit technology and the Internet of things.
At EY we have ambitious plans to expand our already market leading Cybersecurity practice. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy. As a Consultant in our Cybersecurity practice you will be working within IT Risk and Security and will have exposure to cyber security assessments and work in teams to deliver security implementations or remediation programs.
Your key responsibilities
- Define technical and business requirements for information security solutions.
- Review and build business, privacy and security policies.
- Review / assess IT and information security related technology products.
- Review, assess, benchmark and develop observations and remediation action plans for all aspects of information security programs and technologies.
- Perform Security assessments based on the various standards and Security frameworks
- Evolve in preparation of the final work products to confirm the work is performed with the highest quality standards.
- Experience in developing, implementing or architecting information security systems
- Strong understanding of information security regulatory requirements and compliance issues
- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, threat hunting architectures and governance
- Understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell)
- Experience in process definition, workflow design and process mapping
- Demonstrated ability to contribute to the development of client deliverables and technical content
- Good written and verbal communications skills
- Excellent leadership and teaming skills
- Demonstrated integrity within a professional environment
- Ability to travel at least 75% of time.
- Capability and experience in the following areas:
o Cyber Strategy & Maturity Review Assessment
o Attack & Penetration Testing / Ethical Hacking
o Threat Intelligence
o Red Teaming
o Security Monitoring
o Cyber Incident Response
Skills and attributes for success
- Strong knowledge of networking fundamentals (all OSI layers)
- Strong knowledge of the Windows and *NIX operating systems and command line tools
- Familiarity with or knowledge of cybersecurity in Industrial Control Systems and Operational Technology an asset.
- Demonstrated leadership abilities, willingness and drive to build a national penetration testing/red teaming service line
- Strong knowledge of software exploitation on modern operating systems
- Knowledge of malware packing and obfuscation techniques
- Knowledge of cloud technologies and cloud hosting
- Ability to automate tasks using scripting languages
- Ability to develop advanced tools using coding languages
Ability to perform targeted penetration tests without use of automated tools
- Ability to work independently
- Strong team work and collaboration skills
- Understanding of Forensic collections of volatile and non-volatile data for legal proceedings
To qualify for the role you must have
- An undergraduate or post graduate degree preferably in Information Security, Information Systems, Computer Science, Engineering, and other related areas
- 1 - 3 years of relevant post qualification work experience in Cyber Security
- 2 - 3 years of experience with Cyber Red Team operations
- Hands-on experience with key components of Cybersecurity including Penetration Testing, Red teaming, Vulnerability management, Network & Infrastructure security, Threat analysis, managed detection and response.
- Expert knowledge and practical experience with common frameworks, standards and methodologies used such as MITRE, OWASP, NIST Cybersecurity, IS 27001/2.
- Practical experience with conducting penetration tests and executing red team engagements.
- Experience with NetFlow or PCAP analysis peferred
- Relevant security certification like OSCP, OSCE, GXPN, CISSP, CISA CISM, OSCP, GPEN, GWAPT, etc will be preferred
Ideally you’ll also have
- Strong written and verbal communication, interpersonal, facilitation, relationship-B.E./B.Tech, MBA with 3+ yrs. of post grad-qualification relevant work exp.
- Additional relevant Security related Certifications is required such as CEH, ISO 27001:2013, PCI DSS etc
- Need strong communication, facilitation, relationship-building, presentation skills.
- Be highly flexible, adaptable, and creative.
- Comfortable interacting with senior executives (within the firm and at the client)
- Understanding Cloud Technologies
- Experience with NetFlow or PCAP analysis
- Ability to work independently
- Strong teamwork and collaboration skills
- Log Review and Analysis
What we look for
Highly motivated, you will be a good communicator with the ability to contribute confidently to technical security discussions with peers and management. You will be a team player who is not only looking to enhance their own career, but recognises the value in working well with others and the value of teamwork.
What working at EY offers
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.