EY Risk _ VAPT, Senior in Trivandrum, India

Risk _ VAPT, Senior


Requisition # IND00BFA

Post Date 6 days ago

About the team :

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Skills Required

  • Network Security, Architecture review, Application Security Review,

  • Attack and Penetration testing,

  • Configuration reviews

  • Experience in penetration testing of Web Applications (Java, J2EE, .NET,IIS, PHP, ASP),

  • Vulnerability Assessment and Exploits,

  • Secure Programming, Application Code Review,

  • Scripting Languages (Perl,Javascript,Php),

  • Mobile applications security assessment

  • OWASP Methodologies

  • Database technologies (SQL, Oracle)

  • Database Architecture review and vulnerability assessments

  • Database exploits (database dump,)

  • Assess the security risk of identified events and alert.

  • Analysis of the Patches released by the vendors.

  • Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events

  • Raising incident tickets in the incident tracker tool.

  • Implementation of SIEM tools and platforms

  • Configure and fine tune various configuration parameters for SIEM tool

  • ISO 27001 readiness and implementation for different clients

  • Perform information security risk assessments

  • Plan and execute Application controls and IT General controls review

  • Conduct SOX (Sarbanes Oxley Act)–ITGC audits

  • Develop and review security policies, standards and procedures

  • Advisory offerings on Business continuity and Disaster recovery