EY Jobs

Job Information

EY Cybersecurity Application Security - Manager - Consulting - Location OPEN in San Francisco, California

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

EY’s Cybersecurity practice functions as a center of excellence to assist our National Consulting practices in planning, pursuing, delivering, and managing large, complex full lifecycle initiatives along with providing expertise in leading practices, methods, and resources in the space of Cybersecurity. The Attack Surface Management capability within the Cybersecurity practice is a critical competency that supports our clients across all industry sectors.

The opportunity

We currently are seeking a highly motivated Manager to lead client engagement teams, work with a wide variety of clients to deliver professional services, and support business development activities on strategic and global priority accounts.

In a rapidly changing IT environment, clients from all industries look to us for trusted solutions for their increasingly complex risks and vulnerabilities. As a member of our Cybersecurity team, you’ll be right at the heart of that goal, helping clients gain insight and context to their cyber threats and assessing, improving, and building security operations to mitigate these threats. You’ll get to use your technical and business skills to help us drive this mission and have an impact on cybersecurity at a global level.

Your key responsibilities

As a Manager on our Application Security team, you will oversee teams as they help EY’s clients define technical and business requirements for application security solutions as well as develop business processes and policies related to controlling access to products and applications. You will show demonstrated experience in managing developing DevSecOps strategies as well as implementing solutions to provide application security and integrity.

You’ll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It’s a highly specialized area, where you’ll learn highly sought-after technical skills, all while developing your relationship management abilities – often by working directly on-site with our clients.

Skills and attributes for success

  • Provide technical guidance with respect to the development and execution of our key application security service offerings, including: conducting assessments of applications (web, cloud, mobile) using range of manual and automated source code review techniques; performing security architecture reviews of applications in design and production phases; identifying potential threats and attacks to applications systems through threat modeling; identifying security recommendations and aligning them to appropriate risk ranking systems; integrating application security tools and process in pipeline; agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients; conducting the above with a specific focus on DevSecOps.

  • Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment. Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for our clients and support the clients in their desire to protect their business.

  • Participate in market facing activities and developing thought leadership materials. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.

  • Provide leadership to employees and manage and motivate teams with diverse skills and backgrounds. Consistently deliver quality client services by monitoring progress. Demonstrate in depth technical capabilities and professional knowledge. Maintain long term client relationships and networks. Cultivate business development opportunities.

To qualify for the role, you must have

  • Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field and 5 years of related work experience, or a Master’s degree in Computer Science, Information Systems, Engineering, or a related field and 4 years of related work experience.

  • Must have 4 years of work experience performing of at least one of the following services in an independent manner:

  • Conducting application security vulnerability assessment using either manual penetration testing and source code techniques; or automated commercial SAST/DAST/IAST tools;

  • Performing security architecture/threat modeling reviews on a wide range of applications and determining the appropriate security controls. Must be able to demonstrate experience by describing the types of applications that have been reviewed; the methodology followed as part of the review; the security controls evaluated as part of the review; sample findings that have been discovered; and sample remediation guidance that has been provided.

  • Evaluating application security programs for clients and developing key elements of the program as part of the enhancement process, and developing internal vulnerability assessment and management processes;

  • Evaluating DevSecOps programs to determine how to embed security activities and working with clients to evolve their development programs to embed application security tooling and processes.

  • Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed

  • Must have 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:

  • Containers (Docker, Kubernetes, etc.)

  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, etc.)

  • Continuous integration (Jenkins, Bamboo, Hudson, etc.)

  • Integration of Security testing tools into pipeline

  • Defect tracking (Jira, Bugzilla, ServiceNow etc.)

  • Source code management (GitLab, GitHub, BitBucket, etc.)

  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)

  • Application security testing tools (SAST, DAST, IAST, OSA, etc.)

  • Various *nix distributions

  • Cloud environment (AWS, Azure etc)

  • Must have 2 years of experience in all the following:

  • Developing enterprise applications or scripts for security testing (security as code)

  • Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed

  • Performing manual application penetration testing

  • Performing manual security code reviews

  • For candidates with work experience aligned to conducting security architecture reviews the candidate must have 1 year of experience with cloud technologies and services, including at least 1 of the following:

  • Amazon Web Services (AWS)

  • Pivotal Cloud Foundry

  • Microsoft Azure

Ideally, you’ll also have

  • Project management of information security projects including development of project charters and plans; management of project execution and successful implementation of the planned solution

  • Experience in process definition, workflow design and process mapping

  • Excellent leadership and teaming skills with advanced written and verbal communication skills

  • A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs

What we look for

We’re interested in intellectually curious people with a genuine passion for cybersecurity. With your broad exposure across Cybersecurity, we’ll turn to you to speak up with innovative ideas that could make a lasting difference not only to us – but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you. CyberFY23

What we offer

We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The salary range for this job in most geographic locations in the US is $136,700 to $250,700. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $164,000 to $284,900. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at ssc.customersupport@ey.com .