EY GDS Risk Advisory - Cyber Threat Management Senior Consultant in All, Philippines

Title: GDS Risk Advisory - Cyber Threat Management Senior Consultant

Location: PH-All-Taguig City

Job Number: TAG00024

As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when.

For EY Advisory a better working world means solving big, complex industry issues and capitalizing on opportunities to help deliver outcomes that grow, optimize and protect our clients' businesses.

Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organization and threats change, and anticipate attacks that may be coming.

Together, we help you deliver better outcomes and long-lasting results, from strategy to execution.

The Opportunity

As organizations look to leverage the advantage IT offers, we’ll work with you to develop the consultancy and analytical skills that you’ll need in today’s environment. Working on projects that cross borders and sectors, the experiences you gain here will be more valuable than anywhere else. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

By joining our Cybersecurity Team, you will help us deliver world-class service and work as part of diverse talent pools across borders in a way that strengthens us globally and empowers us locally.

Your key responsibilities

Cyber Threat Management Consultants would be expected to work in one or more of IT Risk and Assurance services which includes Threat and Vulnerability Management, Information security, IT audits and compliance, IT Infrastructure security services and IT risk management. Candidates expected to work actively on customer projects which involves wide range of activities in the areas mentioned above.

Skills and attributes for success

  • Good understanding in penetration testing and vulnerability assessments and good knowledge of OWASP and Secure SDLC standards

  • Ability to use scanning tools and exploits. Should have performed vulnerability assessment/ penetration testing of web applications, client server applications, mobile applications etc.

  • Knowledge of encryption technologies and experience in performing security code reviews and log analysis. Scripting skills and ability to develop exploits and in- depth Knowledge of Linux administration, TCP/IP, Network Security. Experience in performing security configuration reviews OS, Databases, Network devices, security devices, applications etc.

  • Good understanding of networking protocols and application communications. Assess the security risk of identified events and alert. Analysis of the Patches released by the vendors. Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events

  • Exposure to Service organization controls audits (SAS 70/ SSAE 16/ ISAE 3402)

  • Experience in maintenance and improvement of Information Security Management System (ISMS). Proficiency in preparing and reviewing process documents such as Security Policies and Procedures

  • Knowledge of application risks and controls, and ex perience in information security risk assessments and gap analysis


To qualify for the role, you must have background in:

  • Network Security, Architecture review, Application Security Review, Attack and Penetration testing, Configuration reviews

  • Experience in penetration testing of Web Applications (Java, J2EE, .NET,IIS, PHP, ASP), Vulnerability Assessment and Exploits, Secure Programming, Application Code Review, Scripting Languages (Perl, Javascript, Php)

  • Mobile applications security assessment, OWASP Methodologies, and Database technologies (SQL, Oracle), Database Architecture review and vulnerability assessments, and Database exploits (database dump)

  • Assessing the security risk of identified events and alert as well as analysis of the Patches released by the vendors

  • Reviewing operational logs and event console activity to determine cause of security-related events or to identify potential security related events. Raising incident tickets in the incident tracker tool.

  • Implementation of SIEM tools and platforms. Configuration and fine tuning various configuration parameters for SIEM tool

  • ISO 27001 readiness and implementation for different clients and p erforming information security risk assessments. Planning and executing application controls and IT General controls review. Conducting SOX (Sarbanes Oxley Act) – ITGC audits, developing and reviewing security policies, standards and procedures


  • OSCP – Offensive Security Certified Professional

  • GPEN – GIAC Certified Penetration Tester

  • CEH – Certified Ethical Hacker

Other qualifications:

  • Must have a Bachelor's Degree; MCA/BTech /Bsc (Comp Science/Electronics and communication, or equivalent)

  • Willing to work in Ortigas and/or McKinley, Taguig City

What working at EY offers

We offer a competitive compensation & benefits package and different rewards program like travel opportunities, awards & recognitions, loyalty awards.

EY is committed to doing its part in building a better working world, thus, the organization promotes continuous learning and development opportunities by providing in-house technical and supplemental training related to each role, as well as promoting developmental programs, such as mentoring activities, projects, and the like, which will aide in our employees’ succession planning and career advancement.

Talk to anyone at EY and they’ll tell you what a rewarding place it is to work. As you collaborate with colleagues in our high-performing teams, you gain exposure to some of the most complex and stimulating situations in the business world.

Every experience and insight is something you can take with you as your career progresses. In fact, we believe that it genuinely lasts a lifetime. We attract people from different backgrounds and cultures who — like you — bring a unique point of view and unique business skills. You’ll work with great people and will be exposed to a range of perspectives.

Everyone’s opinion is valued. After all, diversity of thought and ideas enables us to provide better services to our clients. In return for your input and ideas, we’re committed to giving you the experiences you need to progress and develop as well as the learning and coaching to help you to excel.

For us, it’s vital you share our goals — so we can work together to achieve success.

About EY

EY is a global leader in assurance, tax, transaction and advisory services.

EY Global Delivery Services (GDS) consists of various service delivery centers from which our Client Service and Enablement Services teams operate to deliver strategic support to our EY member firms. GDS spans all geographies, practices, services lines, sectors and competencies within EY to deliver deeply-integrated services that result in efficient and world-class solutions.

Today, the GDS team is 24,000 strong across five countries and plays an important role in EY’s growth strategy by providing efficient and effective support to our service lines and enablement functions. GDS is a vibrant organization that is constantly growing and expanding its base, services and competencies.

With our clear vision for the future and commitment to developing outstanding leaders, EY is the place to grow your career. You will feel at home from the start, and will receive the training, support and guidance you need to do great work with exciting clients.

Along the way, you will meet people and gain important knowledge and insights that will stay with you throughout your career. In fact, whenever you join us — and however long you choose to stay — you will have valuable experiences that will last a lifetime.

Join us in building a better working world.

Apply now.