EY Advisory Manager – Cybersecurity – Attack & Penetration Testing in United States

Advisory Manager – Cybersecurity – Attack & Penetration Testing

Advisory

Requisition # UNI00BV9

Post Date Jul 22, 2018

Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Job Summary:

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.

Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

Key Responsibilities:

  • Effectively lead and motivate client engagement teams and provide technical leadership in the assessment, design, and implementation of security and IT risk solutions.

  • Define technical and business requirements for threat & vulnerability management solutions as well as business processes and policies related to controlling access to systems and applications.

  • Develop cyber threat & vulnerability management strategies relating to application penetration testing and application source code review. Perform vulnerability assessments and penetration tests in internet, intranet, and wireless environments.

  • Perform scanning and discovery for open ports and services. Apply appropriate exploits to gain access and expand access as appropriate. Produce reports documenting discoveries during the engagement.

  • Generate new business opportunities by participating in market facing activities and developing thought leadership materials. Understand EY and its service lines. Actively encourage team members to contribute ideas and identify opportunities to introduce EY services.

  • Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services.

  • Foster an innovative and inclusive team- oriented work environment. Play an active role in counseling and mentoring junior consultants within the firm. Participate in research and provide recommendations for continuous improvement.

  • Consistently deliver quality client services. Drive high- quality work products within expected timeframes and on budget. Monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes.

  • Use knowledge of the current IT environment and industry trends to identify engagement and client service issues, and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business.

  • Foster relationships with client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and technology levels.

To qualify, candidates must have:

  • A bachelor's degree and a minimum of 5 years of related work experience, or a Master’s degree and approximately 4 years of related work experience in the fields of computer science, information systems, engineering, or a related major preferred.

  • Approximately 4- 5 years of experience preferred in one or more of the following areas: attack and penetration testing; security testing of web- based applications; application security source code assessments.

  • Strong Unix, NT, networking and wireless security skills and a deep understanding of TCP/IP networking.

  • Strong technical skills related to a broad range of operating systems and databases; experience with programming languages such as Java, C, C++, C#, asp, and .NET.

  • Manual attack and penetration testing experience above and beyond running automated tools is a plus; understanding of web- based application vulnerabilities.

  • Experience developing custom scripts or programs (used for port scanning and vulnerability identification) as well as application development is a plus.

  • Prior military/government background is a plus.

  • Excellent leadership, presentation, and client service with advanced written and verbal communication and presentation skills.

  • Able to work collaboratively in a team environment.

  • Prior Big 4 or other relevant consulting experiences a plus.

  • A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required.

  • One security- related certification such as the CISSP, CISA, CISM, GIAC or other relevant certification desired; non- certified hires are required to become certified within 1 year from the date of hire.Ernst & Young LLP, an equal employment opportunity employer (Females/Minorities/Protected Veterans/Disabled), values the diversity of our workforce and the knowledge of our people.