EY Consultants Technical Security in Spain

Consultants Technical Security


Requisition # SPA001ON

Post Date Jan 09, 2018

About EY Financial Services

EY is the only major professional services firm with a dedicated financial services practice integrated in the EMEIA Region. An international team of over 12.000 professionals works across borders for clients in banking, insurance and asset management. EY has a strong presence in Advisory, Assurance, Tax and Transactions services.

In response to strong market demand, EY has set up an EMEIA wide Cyber Hub, with a young team passionate about their work and proud to be part of a leading global professional services firm.

The team is multinational and dynamic, with the common goal of being the company’s ultimate experts in cyber security. There are various areas of expertise amongst which are threat intelligence, incident response and other, but yours will be attack & penetration and you will play a critical role in making our services a success.

The opportunity

We are, over the coming months, substantially growing our European Cyber Security capability and we are seeking people with technical security knowledge in various domains. Your home base will be Madrid, Spain, but your area of delivery will be continental Europe, the UK, and occasionally beyond. You will join an international team that operates as a virtual HUB, and you will have a high degree of flexibility in how, when and where you work, but will also be asked to travel as necessary.

Your role will be almost exclusively focused on delivery, team management and technical expertise; there is no sales pressure or sales target for you to achieve.

About the role

We are looking for people with various ranges of experience in different technical security domains. You will focus on technical delivery and the operational execution of work, which translates troughly into people with 1 to 6 years of experience.

As a Cyber Hub Consultant, you will be performing one or several of the types described below.

We do not expect you to be experienced in all of these tasks; we will assess your capabilities and place you in a team that matches your skills as well as yourself.

• [Attack & Penetration profile]

Perform vulnerability assessments, source code reviews, penetration tests, red team and phishing exercises, security architecture configuration reviews, and technical security compliance reviews.

• [Threat Intelligence profile]

Gather and analyse threat intelligence using an EY-developed methodology and tooling.

• [Programmer with cyber affinity profile]

Maintain and improve EY’s threat intelligence methodology and tooling.

• [Generic technical profile]

Roll out and apply EY’s threat intelligence methodology and tooling with our clients, oversee and participate in the implementation process, and in some cases perform threat monitoring on the client-side in the mid- to long run.

Implement threat management processes and train client staff in executing them.

Translate the output of our threat management solutions into presentations, reports and client interactions for technical as well as non-technical audiences, including C-suite.

• [Cyber innovation profile]

Help innovate existing services the team delivers, and help design new solutions depending on market demand.

• Develop rapport with others by demonstrating an understanding of their concerns, needs and issues, and focusing on developing a network of relationships that can provide advice and support.

• Work with international stakeholders responsible for the successful delivery of a project.

• Share your knowledge with your peers.

• Understand the broader team’s strategy

We want you to have the following skills and experience:

We do not expect you to have experience with all of the below, but we do expect you to strongly identify with one or several of them. We will commit to assess your skills together with you, and place you in a team that aligns with who you are and what you can do.

• Solid foundations to good experience in various types of vulnerability assessments (mobile, web application, infrastructure, red team testing, phishing campaigns, wifi, et cetera) described above.

• Good understanding of security standards, frameworks and methodologies: OWASP, CVSS are some examples. Understanding how A&P fits in bigger security frameworks such as ISO27001 or NIST is definitely a plus.

• Experience with various operating systems, network security technologies, web application development technologies, languages and frameworks such as .Net, PHP, Angular JS, NodeJS et cetera.

• Development and scripting languages such as Python, C/C++, Java/JavaScript.

• Knowledge of various intelligence collection disciplines including but not restricted to SIGINT, HUMINT and OSINT.

• An understanding of emerging threat characterization frameworks such as OpenIOC, STiX, CybOX and MAEC.

• Experience using open-source and commercial information gathering and intelligence tools.

• Experience with EnCase, FTK, or Sleuthkit is a plus.

• Hands-on experience leading or contributing to the design, development and deployment of cyber security software.

• Experience with software development and Agile/iterative methodologies.

• Interest in developing thought leadership, conducting and publishing research, speaking at technical conferences, conducting technical trainings, or even better: all of the above.

• Certifications in various technical domains are a strong asset.

• Impeccable English is a must. Knowledge of several other languages is a plus.

• Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge.

• Outstanding communication and presentation skills, with experience in the creation and design of marketing and thought leadership material, trainings or publications in the general press.

• Experience with balancing various stakeholders and reporting into a non-technical audience, including C-suite.

• Background in law, technical marketing, computational linguistics, communications, criminology or psychology, with a strong interest in and affinity with IT.