EY GDS Risk Advisory - Cyber Threat Management Senior Consultant in All, Philippines

Title: GDS Risk Advisory - Cyber Threat Management Senior Consultant

Location: PH-All-Taguig City

Job Number: TAG00024

Information Security Consultants would be expected to work in one or more of IT Risk and Assurance services which includes Threat and Vulnerability Management, Information security, IT audits and compliance, IT Infrastructure security services and IT risk management. Candidates expected to work actively on customer projects which involves wide range of activities in the areas mentioned above.

  • Good understanding in penetration testing and vulnerability assessments

  • Good knowledge of OWASP and Secure SDLC standards

  • Ability to use scanning tools and exploits.

  • Should have performed vulnerability assessment/ penetration testing of web applications, client server applications, mobile applications etc.

  • Knowledge of encryption technologies

  • Experience in performing security code reviews and log analysis.

  • Scripting skills and ability to develop exploits

  • In- depth Knowledge of Linux administration, TCP/IP, Network Security.

  • Experience in performing security configuration reviews OS, Databases, Network devices, security devices, applications etc.

  • Good understanding of networking protocols and application communications

  • Preferred certifications : OSCP, GPEN, CEH, RHCE, CCNA, CCNP, MCS

  • Assess the security risk of identified events and alert.

  • Analysis of the Patches released by the vendors.

  • Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events

  • Raising incident tickets in the incident tracker tool.

  • Exposure to Service organization controls audits (SAS 70/ SSAE 16/ ISAE 3402).

  • Experience in maintenance and improvement of Information Security Management System (ISMS).

  • Proficiency in preparing and reviewing process documents: Security Policies and procedures

  • Experience in conducting Configuration Audits

  • Knowledge of application risks and controls

Experience in information security risk assessments and gap analysis.

Qualifications:

Required Skills:

  • Network Security, Architecture review, Application Security Review,

  • Attack and Penetration testing,

  • Configuration reviews

  • Experience in penetration testing of Web Applications (Java, J2EE, .NET,IIS, PHP, ASP),

  • Vulnerability Assessment and Exploits,

  • Secure Programming, Application Code Review,

  • Scripting Languages (Perl,Javascript,Php),

  • Mobile applications security assessment

  • OWASPMethodologies

  • Database technologies (SQL, Oracle)

  • Database Architecture review and vulnerability assessments

  • Database exploits (database dump,)

  • Assess the security risk of identified events and alert.

  • Analysis of the Patches released by the vendors.

  • Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events

  • Raising incident tickets in the incident tracker tool.

  • Implementation of SIEM tools and platforms

  • Configure and fine tune various configuration parameters for SIEM tool

  • ISO 27001 readiness and implementation for different clients

  • Perform information security risk assessments

  • Plan and execute Application controls and IT General controls review

  • Conduct SOX (Sarbanes Oxley Act)–ITGC audits

  • Develop and review security policies, standards and procedures

  • Advisory offerings on Business continuity and Disaster recovery

In-depth knowledge and proven experience in web applications, secure programming, code review, vulnerability assessment web exploit, OWASP, Database architecture and vulnerability assessment. Proven experience with client facing projects and customer interaction. SIEM Tool Monitoring. Monitor sites for regular security news and updates. Issue alerts on critical security updates to respective teams. Investigate and report violations to the centre's information security policies and compliance standards. Generate daily and weekly reports on applicable virus definition, updates, patches etc

Certifications:

  • OSCP – Offensive Security Certified Professional

  • GPEN – GIAC Certified Penetration Tester

  • CEH – Certified Ethical Hacker

Qualifications:

  • Bachelor's Degree; MCA/BTech /Bsc ( Comp Science/Electronics and communication, or equivalent)

  • Willing to work in Ortigas and/or McKinley, Taguig City