🌎
This job posting isn't available in all website languages
📁
Advisory
📅
UNI00DV6 Requisition #
Thanks for your interest in the Advisory Senior Consultant – Cybersecurity – Application Security-DevOps position. Unfortunately, the link which you have accessed is no longer active. Please CLICK HERE to return to the EY Global careers site and use keywords to search for this job as it still might be active, or you can also review our similar listings and apply.

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.
 
Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
 
Key Responsibilities:
  • Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the client's current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels.
  • Perform detailed Quality Assurance (QA) review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels.
  • Complete the draft and final reports and other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately.
  • Act as a subject matter resource in specific programming languages and web application environments. Propose vulnerability risk level and estimated level of remediation effort. Propose code fix or architectural strategies to remediate identified vulnerabilities. Confirm appropriateness of a proposed remediation approach or propose viable alternatives and perform the actual remediation.
  • Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. Ensure high-quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.
  • Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues. Communicate appropriately with the engagement team and client management through written correspondence and verbal presentations.
  • Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
To qualify, candidates must have:
  • Bachelor’s degree and a minimum of 2 years of related work experience; or a Master’s degree and approximately 1-2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major.
  • Experience conducting application security vulnerability assessments and attacks including creation of proof-of-concept exploits.
  • Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP.
  • Demonstrated experience with enterprise application development in one or more of the common development platforms: Java/J2EE, .NET/C#, C/C++, PHP, Python, or Flash.
  • Demonstrated experience in Information Security strategic planning, architecture migration strategies or security engineering strategy.
  • Knowledge of networking and system-level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture.
  • Demonstrated experience in key Cybersecurity domains such as identity, access management, and cryptography.
  • Enterprise experience with application development for mobile platforms such as iOS, or usage of mobile frameworks such as Kony or PhoneGap is a plus.
  • Understanding of best practice methodologies in application security including OWASP and mobile.
  • Understanding of development methodologies such as waterfall, agile, continuous integration.
  • Demonstrated experience in writing enterprise security standards, policies, coding guidelines.
  • Ability to examine issues both strategically and analytically.
  • Proficiency in the English language, including the ability to listen, understand, read, and communicate effectively both written and verbally in a professional environment.
  • Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge.
  • Strong analytical and problem-solving skills.
  • A military/government background is a plus.
  • Prior Big 4 or other relevant consulting experiences a plus.
  • A strong work ethic.
  • Able to work collaboratively in a team environment.
  • A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required.
  • The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect, or CEH certification.
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Looking for a job outside the US?

Click here for global opportunities

Need help finding a job?

Watson Candidate Assistant can answer questions and help you find a job at EY

EY Talent Hub

Not ready to apply? Join our online EY Talent Hub to keep in touch with us and receive periodic EY careers news and industry insights.

Interested in a gig?

GigNow is the place to search for, learn about and apply to contract gigs at EY.

We accept online applications only from direct applicants. Online application submissions by third parties/agencies are prohibited. Ernst & Young LLP works only with third parties/agencies with which the firm has a formal business relationship.


Our Labor Condition Applications are also viewable, in response to U.S. Department of Labor regulations.

Ernst & Young LLP (EY) is an equal opportunity and affirmative action employer. We value the diversity of our work force and the knowledge of our people. Read our Board Diversity Statement at ey.com/us/diversity.


EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.


EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at ssc.customersupport@ey.com.

Similar Listings

United States

📁 Advisory

Requisition #: UNI00FEA

United States

📁 Advisory

Requisition #: UNI00FE0

United States

📁 Advisory

Requisition #: UNI00FEM