EY Jobs

Job Information

EY Risk_Cyber Security_NGSO TEM (AppSec / DevSecOps)_Manager in Trivandrum, India

RiskCyber SecurityNGSO TEM (AppSec / DevSecOps)_Manager


Requisition # TVM001CH

Post Date 4 days ago


Job Summary

As a Manager in the Cyber Security Team, you willcontribute technically to client engagements and services developmentactivities. An important part of your role will be to actively establish,maintain and strengthen client’s relationships. You will also identifypotential business opportunities for EY within existing engagements, andescalate these as appropriate.

You will be responsible for overall client servicequality delivery in accordance with EY quality guidelines & methodologies.You will need to manage accounts and relationships on a day-to-day basis andexplore new business opportunities for the firm. Establishing, strengtheningand nurturing relationships with clients (functional heads & keyinfluencers) and internally across service lines and proactively will also be apart of your day-to-day activities. You will assist in developing newmethodologies and internal initiatives, and help in creating a positive learningculture by coaching, counselling and developing junior team members. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, by reviewing the work provided by junior members.

Client responsibilities:

  • Provideguidance and share knowledge with team members and participate in performingprocedures focusing on complex, judgmental and/or specialized issues. Work withthe team and the client to create plans for accomplishing engagement objectivesand a strategy that complies with professional standards and addresses therisks inherent in the engagement.

  • Briefthe engagement team on the client's environment and industry trends. Maintainrelationships with client management to manage expectations of service,including work products, timing, and deliverables. Demonstrate a thoroughunderstanding of complex information systems and apply it to client situations.

  • Useextensive knowledge of the client's business/industry to identify technologicaldevelopments and evaluate impacts on the client's business. Demonstrateexcellent project management skills, inspire teamwork and responsibility withengagement team members, and use current technology/tools to enhance theeffectiveness of deliverables and services. Understand EY and its service linesand actively assess what the firm can deliver to serve clients.

  • AssistPartners & Senior Managers in driving the business development process onexisting client engagements by gathering appropriate resources, gaining accessto key contacts & supervising proposal preparation.

  • Createinnovative insights for clients, adapts methods & practices to fitoperational team needs & contributes to thought leadership documents.

  • Practicesecondment for developing new methodologies.

  • Facilitatediscussions / knowledge sharing with key client personnel and contribute to EYthought leadership.

  • Plan& schedule client engagements. Determine and deploy the right team withadequate skill sets for executing engagements and periodically review status ofengagements and work products.

  • Demonstratestrong project management skills

  • Maintaina strong client focus by effectively serving client needs and developingproductive working relationships with client personnel. Stay abreast of currentbusiness and economic developments and new pronouncements/standards relevant tothe client's business.

  • Demonstrateindustry expertise (deep understanding of the industry, emerging trends,issues/challenges, key players & leading practices)

  • Reviewstatus updates and prepare management presentations

  • Activelycontribute to improving operational efficiency on projects & internalinitiatives.


  • Identifybuyers, influencers & stakeholders in existing client engagements and buildstrong relationships.

  • Displayteamwork, integrity and leadership. Work with team members to set goals andresponsibilities for specific engagements. Foster teamwork and innovation.

  • Driveperformance management for self and team.

  • Drivingthe quality culture agenda at GTH

  • Managethe performance management for the direct reports, as per the organizationpolicies

  • Trainingand mentoring of project resources

  • Participatingin the organization-wide people initiatives

Key Responsibilities:

  • Perform penetration testing whichincludes internet, intranet, wireless, web application, social engineering andphysical penetration testing.

  • Review the SAST – Fortify SCA, Check marx, DAST – Acunetix,optimization and the review of the tool reports.

  • Executered team scenarios to highlight gaps impacting organizations securitypostures.

  • Abilityto work both independently as well as lead a team of technical testers onpenetration testing and red team engagements.

  • Drive the app sec program betweenthe business and the app sec team.

  • Providetechnical leadership and advise to junior team members on attack andpenetration test engagements.

  • Identifyand exploit security vulnerabilities in a wide array of systems in avariety of situations.

  • Performin-depth analysis of penetration testing results and create report thatdescribes findings, exploitation procedures, risks and recommendations.

  • Executepenetration testing projects using the established methodology, tools andrules of engagements.

  • Conveycomplex technical security concepts to technical and non-technicalaudiences including executives.

  • Develop and maintain productiveworking relationships with client personnel

  • Build strong internalrelationships within EY Advisory Services and with other service linesacross the organization

To qualify, candidates must have:

  • Graduates /BE / M Sc (Stats, Maths, Computer Science) / MBA with background in computer science and programming /MCA with minimum 8 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.

  • Any two of the following certifications: CISSP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.

  • Knowledge of Windows, Linux, UNIX, any other major operating systems.

  • Deep understanding of TCP/IP network protocols.

  • Deep understanding and experience with various Active Directory attack techniques.

  • Understanding of network security and popular attacks vectors.

  • An understanding of web-based application vulnerabilities (OWASP Top 10).

  • Experience with manual attack and penetration testing.

  • Experience with scripting / programming skills (e.g., Python, Power Shell, Java, Perl etc.).Updated and familiarized with the latest exploits and security trends.

  • Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.

  • Familiarity to perform network penetration testing in stealth manner.