EY Jobs

Job Information

EY Cyber Security team - Multiple Opportunities in Poland

Cyber Security team - Multiple Opportunities

Consulting

Requisition # POL001SE

Post Date Feb 25, 2021

Cyber Security team - Multiple Opportunities

EY GDS (Global Delivery Services) means 40.000 specialists providing globally IT, project management and strategic business services to EY member firms. In addition we deliver support and solutions to clients from all over the world.  

The opportunity:

We are looking for a top-notch technology savvy specialists willing to move our projects on the new track! You will use the most advanced technology stack and have an opportunity to develop and implement new solutions while working  with top leaders in their industries. As a part of our global team you will participate in international projects.

Right now, we are looking for multiple roles to join Cyber Security team within EY GDS Consulting:

Pentester

The Pentester is responsible to deliver Attack & Penetration Testing projects and various other security projects including application code review, social engineering, Red Team Assessments, Purple Team Assessments, Threat Modeling and Security Architecture reviews.

  • Minimum 2 years of experience in conducting penetration tests,

  • Knowledge of security issues at the technical level,

  • Knowledge of solutions and recommendations to prevent or mitigate security vulnerabilities,

  • Knowledge of the application security verification standards,

  • Understanding of how information’s technology systems work:

  • networking architecture,

  • networking protocols

  • operating systems.

  • Understanding of how web applications work, starting from backend, ending with frontend

DevSecOps and Cloud Engineer

The DevSecOps Specialist is responsible for designing and implementing of Continuous Integration and Deployment/Delivery solutions. Cloud engineer with understanding of Cloud delivery, security and deployment models for IaaS, PaaS, SaaS offerings provided by at least one of popular Cloud vendors, AWS, Azure, GCP.

  • DevOps with experience in deployment security in SDLC and CI/CD. Provisioning automation tools e.g. Docker, Kubernetes, Openshift, CI/CD

  • Developing infrastructure as code (PowerShell/Ansible) Familiarity with technologies is an advantage: Maven, Jenkins, SonarQube, Harbour, Nexus, Git, Istio, Prometheus, Fluentd, Kafka, Hashicorp

  • Basics in test automation AND/OR DAST/SAST is a plus.

  • Cloud engineer with understanding of Cloud delivery, security and deployment models for IaaS, PaaS, SaaS offerings provided by at least one of: Amazon Web Services (AWS), Microsoft Azure and Google Cloud platforms

  • Cloud platforms. Working knowledge of key cloud security standards e.g. NIST, CIS, NCSC, ISO, CSA STAR

  • Excellent technical architecture skills, incl. tiered security architecture design​

  • Ability to implement security into cloud services and evaluate cloud configuration to optimize it

Information Security Consultant

As an Information Security Consultant within Strategy, Risk, Compliance & Resilience (SRCR) competency, you will help EY Clients to evaluate the effectiveness and efficiencies of their cybersecurity and resiliency programs in the context of the business growth and operations strategies.

  • Associate with analytical and problem-solving skills, ability to work effectively as a team member, observant with an eye for detail.

  • Strong Project Management and Audit skills

  • Certificates in: CISA, CISSP, CISM, ISO27001 Lead Auditor or Lead Implementer will be a value

  • Awareness of any of the Information Security-related norms and standards such as: ISO27001, NIST, TISAX or any other ISMS governance systems, IT Controls such as: IT General Controls (ITGC), IT Application Controls (ITAC), IT SOX Compliance, SSAE16, business cycle controls (BCCs) review, general computer controls (GCCs), Segregation of duties analysis, etc​.

  • Performing audits or reviews of ISMS systems and/or IT general controls. support clients with implementation of their ISMS, write documents, set controls frameworks etc.

  • IT Controls such as: IT General Controls (ITGC), IT Application Controls (ITAC), IT SOX Compliance, SSAE16, business cycle controls (BCCs) review, general computer controls (GCCs), Segregation of duties analysis, etc​.

Data Protection Consultant

The Data Protection Consultant is responsible for data identification and protection in organization and apply policies to deliver given.

  • Experience in supporting Data Security Technology:

  • Information Security concepts related to Governance, Risk & Compliance

  • DLP/Data Classification/CASB/DAM, Encryption, PKI, CLM Technology support and Event Handling

  • Experience in administration of the DLP, O365 (DLP, AIP, RMS, MCAS), PKI (MS PKI, HSM, CLM), CASB, DAM tools which includes configuring policies, upgrading and patching.

  • Technical/Vendor CASB (Netskope, Prisma, Symantec), DLP (, Forcepoint, McAfee, Symantec), Data Classification (Titus, Boldon James), DAM (IBM Guardium, Imperva) certification will be added advantage.

IAM Consultant and IAM Architect

As an IAM Consultant you will be responsible for designing and implementing optimizing processes related to IAM in our clients’ landscape and business implementation of identity management systems. Architect will lead a technical team of engineers providing the technical design and engineering of IAM platforms. This role will be a key role in defining the plan for business transformation working in conjunction with Identity Access Management teams, vendors and other infrastructure/ application technical teams of EYs Client.

  • Strong understanding of identity governance and lifecycle.

  • Use case design, Solution Requirements Specification and mapping business requirements to technical requirements

  • Hands-on development experience on Provisioning Workflows, triggers, rules and customizing the tool as per the requirements.

  • Strong understanding of Identity Access Management concepts.

  • Experience in design and configuration of SailPoint or Saviynt - architecture, design, development, configuration, testing, integration, and deployment.

  • Experience in any other IDM suite (OIM, IBM, Sun, CA, Microfocus / NetIQ) is an added advantage.

  • Experience in creation of SailPoint or Saviynt solutions in presales phase for selling opportunities (RFP, RFI) for our clients. Hands-on experience on SailPoint or Saviynt Migration projects.

Threat Detection & Response Consultant/Architect

The TDR Senior Consultant is responsible for creation of solutions/architectures and/or participation in the projects as a Subject Matter Expert. Knowledge of the following topics:

  • SIEM,

  • Security Operations Center (SOC),

  • Cyber Threat Intelligence,

  • Vulnerability Assessment / Management,

  • Creation of architectures

  • RFP (Request for Proposal) solutioning

Application Testing and Vulnerability Assessment Consultant

The Application Testing Consultant is responsible for assessment application and controls. The Application Testing Consultant is responsible for application testing to identify vulnerabilities which can be leveraged by rogue party

  • Excellent technical architecture skills, incl. tiered security architecture design

  • Ability to implement security into cloud services and evaluate cloud configuration to optimize it

  • Ability to introduce Security Test Tools in to the SDLC (SAST, SCA, DAST in Dev, DAST etc.)

  • Hands on in introducing Security Standards (ASVS for Web) and (MASVS for Mobile Applications) in to SDLC

  • Experience with Implementation of security Test tools in to the application pipeline: SonarQube (DAST), Dependency Checker (SCA), Black Duck (SCA), ZAP (Dast in Dev)

What working at EY offers:

  • Opportunity to develop technical and non-technical skills in a truly global environment

  • Variety of platforms for upskilling including but not limited to Udemy, on-site trainings, language classes

  • Flexible full time working hours with respect to your work life balance

  • Modern and well located office in  or 

  • Non-wage benefits: private health care for you and your family, life insurance, MultiSport card, theatre and cinema tickets, shopping vouchers etc.

  • Interesting top technology transformation projects with global impact   

DirectEmployers