Cybersecurity - Senior Consultant - Application Security - DevSecOps
Ernst & Young Global
 Caney, KS

Job Description

Work with clients to analyze, evaluate, and enhance the effectiveness of their application security posture at procedural and technological levels. Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for our clients and support the clients in their desire to protect their business.

Provide technical leadership with respect to the development and execution of our key application security service offerings, including: conducting assessments of applications (web, cloud, mobile) using range of manual and automated penetration testing and source code review techniques; performing security architecture reviews of applications in design and production phases; identifying potential threats and attacks to applications systems through threat modeling; identifying security recommendations and aligning them to appropriate risk ranking systems; evaluating, developing, enhancing and/or running application security programs for our clients; conducting the above with a specific focus on DevSecOps.

Participate in market facing activities and developing thought leadership materials. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.

Requirements

Bachelorâs degree in Computer Science, Information Systems, Engineering, or related field and 5 years of related work experience, or a Masterâs degree in Computer Science, Information Systems, Engineering, or a related field and 4 years of related work experience.

Must have 4 years of work experience evaluating DevSecOps programs to determine how to embed security activities within, and working with clients to evolve their development programs to embed application security tooling and processes.

Must have 3 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:

  • Containers (Docker, Kubernetes, or similar)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
  • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
  • Integration of Security testing tools into pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow , or similar.)
  • Source code management (GitLab, GitHub, BitBucket, or similar.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
  • Application security testing tools (SAST, DAST, IAST, OSA, or similar.)
  • Various *nix distributions
  • Cloud environment (AWS, Azure,or similar)

Must have 2 years of experience in all of the following:

· Developing enterprise applications or scripts (writing code)

· Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed

· Performing manual application penetration testing

· Performing manual security code reviews

Must have 3 years of experience leading small projects teams on individual engagements.

Must have 2 years of experience supporting recruiting and onboarding new team members.

Must have 1 year of experience managing a large-scale project or program.

Must have 1 year of experience contributing to the development of new business, defining solutions or clients and/or leading pursuits.

Must hold or obtain within one year of hire or promotion one of the following certifications: CISM, GIAC, Open Group Certified Architect, CEH, CISSP.

Requires international and domestic travel up to 80% of the time to meet client needs.

What we look for

Weâre interested in intellectually curious people with a genuine passion for cybersecurity. With your broad exposure across Cyber Transformation, weâll turn to you to speak up with innovative ideas that could make a lasting difference not only to us â but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

What working at EY offers

We offer a competitive compensation package where youâll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, both pension and 401(k) plans, a minimum of three weeks of vacation plus 10 observed holidays and three paid personal days, and a range of programs and benefits designed to support your physical, financial and social wellbeing.

Plus, we offer

  • Support, coaching and feedback from some of the most engaging colleagues around
  • Opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way thatâs right for you
  • A rewards package tailored to your unique needs

About EY

As a global leader in assurance, tax, transaction and advisory services, weâre using the finance products, expertise and systems weâve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, weâll make our ambition to be the best employer by 2020 a reality.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world. Apply today.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.