EY Advisory - Risk - Cyber Security - Manager/Senior Associate (OSCP, SIEM, Policy framework, Research, Cyber Analytics) in Hong Kong, China

Advisory - Risk - Cyber Security - Manager/Senior Associate (OSCP, SIEM, Policy framework, Research, Cyber Analytics)


Requisition # HON002PX

Post Date Jul 09, 2018

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As a cyber security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job Summary

As a Manager/Senior Consultant in the Cyber Security Team, you will contribute technically to client engagements and services development activities. An important part of your role will be to actively establish, maintain and strengthen client’s relationships. You will also identify potential business opportunities for EY within existing engagements, and escalate these as appropriate. Similarly, you will anticipate and identify risks within engagements and share any issues with senior members of the team.

In line with EY commitment to quality, you will confirm that work is of high quality and is reviewed by the next-level reviewer. As an influential member of the team, you will help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your key responsibilities

  • Participate in Cyber Securityengagements with a focus on Penetration Testing, Red Team Assessment andSecurity Testing

  • Work effectively as a team member,sharing responsibility, providing support, maintaining communication andupdating senior team members on progress

  • Help prepare reports and schedulesthat will be delivered to clients and other parties

  • Develop and maintain productiveworking relationships with client personnel

  • Build strong internal relationshipswithin EY Advisory Services and with other service lines across theorganization

To qualify for the role you must have

Technical skills requirements

  • A broadappreciation of business processes, data structures, IT applications andinfrastructure, IT processes, and governance and internal controlprinciples

  • InfrastructureInformation systems security assessment, design, architecture,implementation, management and reporting

  • Strongtechnical or security skills related to a broad range of operatingsystems, databases or security tools, e.g., UNIX, Linux, Windows 2000 andNT, firewalls and IDS systems

  • Experiencewith programming languages such as Java, C, C++, C#, asp, and .NET

  • Experienceof security testing methods and techniques including network, operatingand application system configuration review and internal/externalpenetration testing

  • Experienceof manual attack and penetration testing above and beyond the running ofautomated tools

  • Experiencein developing custom scripts or programs (used for port scanning andvulnerability identification)

  • Applications

  • Anunderstanding of web based application vulnerabilities and experience inapplication security review and testing

  • Anunderstanding of mobile application vulnerabilities and experience inmobile application security review and testing

  • Familiaritywith security standards reference such as OWASP, SANS, NIST

  • Understandingof secure development practice and framework

Ideally, you’ll also have


  • Bachelor'sDegree in Computer Science, Information Technology or related disciplines

  • Soundknowledge and experience in using different hacking tools to perform footprinting, enumeration and exploitation of system infrastructure, web andmobile applications.

  • Knowledgeand experience in web or mobile application programming and security codereview is desirable

  • Good commandof written and spoken English

  • Relatedqualifications and/or industry certifications such as GPEN, GXPN, OSCE,OSEE. GWAPT, OSWE and CCT

What working at EY offers

  • Support, coaching and feedback fromsome of the most engaging colleagues around

  • Opportunities to develop new skillsand progress your career

  • The freedom and flexibility to handleyour role in a way that’s right for you

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build abetterworking world. That starts with a culture that believes in giving you the training, opportunities andcreativefreedom to make things better.Whenever you join, however long you stay, theexceptionalEY experience lasts a lifetime.And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

If you can confidently demonstrate that you meet the criteria above,please contact us as soon as possible.

Join us in building a better working world.

Apply now.