EY Advisory Senior Consultant – Cybersecurity – Attack & Penetration Testing in United States
Advisory Senior Consultant – Cybersecurity – Attack & Penetration Testing
Requisition # UNI00A5I
Post Date Feb 26, 2018
Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As an information security specialist, you will lead the implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience. You will be working with our Advanced Security Centers to access the most sophisticated tools available to fight against cybercrime.
We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging. Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
Gathering and analyzing threat intelligence.
Participating in cyber breach investigations including forensic and malware analysis.
Assisting with the design, build, and delivery of client Security Operation Center services.
Performing penetration assessments in internet, intranet and wireless environments including discovery of network devices and running service and vulnerability scanning, and exploits of identified vulnerabilities to gain or expand access as appropriate.
Participating in activities involving web- based application penetration testing and application source code reviews.
Listening attentively and actively and asking pertinent questions in order to deliver facts, opinions, and analyses in a way that keeps the listener’s attention.
Taking full responsibility for tasks including consistently reviewing own work to identify and improve own approach for producing quality work products. Completing work in a timely manner and take responsibility for all work outputs.
Developing rapport with others by demonstrating an understanding of their concerns, needs and issues, and focusing on developing an internal network of relationships that can provide advice and support.
Providing feedback to the team about new or emerging client needs and demonstrating an understanding of EY's key competitive capabilities and value propositions for relevant clients. Seeking, developing, and presenting ideas to apply EY's services.
Utilizing technology and tools to continually learn and innovate, sharing knowledge with team members and enhancing service delivery.
Applying root cause analysis to identify and assess problems and key drivers of success. Developing potential conclusions from data with limited complexity.
To qualify, candidates must have:
Bachelor’s degree and a minimum of 2 years of related work experience; or a Master’s degree and approximately 1- 2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major.
Strong Unix, Windows, networking and wireless security skills.
A deep understanding of TCP/IP networking.
Strong technical skills related to a broad range of operating systems and databases.
An understanding of web- based application vulnerabilities.
Experience with programming languages such as Java, C, C++, C#, asp, and .NET is a plus.
Experience with attack and penetration assessments is a plus.
Experience with security testing of web based applications is a plus.
Experience with application security source code assessments is a plus.
Knowledge of various intelligence collection disciplines including SIGINT, HUMINT, and OSINT is a plus.
An understanding of emerging threat characterization frameworks such as OpenIOC, STiX, CybOX, and MAEC is a plus.
Demonstrated understanding of network intrusion methods, incident response, and host and network- based forensic investigations is a plus.
Experience using open- source and commercial information gathering and intelligence tools is a plus.
Experience with EnCase, FTK, or Sleuthkit is a plus.
The ability to perform basic static and dynamic malware analysis is a plus.
Familiarity with Windows in an enterprise environment is a plus.
Demonstrated characteristics of a forward thinker and self- motivator who thrives on new challenges and adapts to learning new knowledge.
Strong analytical and problem- solving skills.
A military/government background is a plus..
Able to work collaboratively in a team environment.
A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required.
The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP or equivalent.
Ernst & Young LLP, an equal employment opportunity employer (Females/Minorities/Protected Veterans/Disabled), values the diversity of our workforce and the knowledge of our people.f our people.