EY Cybersecurity Manager - Application Security - DevSecOps - Open Location in Rochester, New York
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
In a rapidly changing IT environment, clients from all industries look to us for trusted solutions for their increasingly complex risks and vulnerabilities. As a member of our Cybersecurity team, you’ll be right at the heart of that goal, helping clients gain insight and context to their cyber threats and assessing, improving, and building security operations in order to mitigate these threats. You’ll get to use your technical and business skills in order to help us drive this mission and have an impact on cyber security at a global level.
Your key responsibilities
You’ll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It’s a highly specialized area, where you’ll learn highly sought-after technical skills, all while developing your relationship management abilities – often by working directly on-site with our clients.
Skills and attributes for success
Provide technical leadership with respect to the development and execution of our key application security service offerings, including: conducting assessments of applications (web, cloud, mobile) using range of manual and automated source code review techniques; performing security architecture reviews of applications in design and production phases; identifying potential threats and attacks to applications systems through threat modeling; identifying security recommendations and aligning them to appropriate risk ranking systems; integrating application security tools and process in pipeline; agile penetration testing; evaluating, developing, enhancing and/or running application security programs for our clients; conducting the above with a specific focus on DevSecOps.
Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment. Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for our clients and support the clients in their desire to protect their business.
Participate in market facing activities and developing thought leadership materials. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.
Provide leadership to employees and manage and motivate teams with diverse skills and backgrounds. Consistently deliver quality client services by monitoring progress. Demonstrate in depth technical capabilities and professional knowledge. Maintain long term client relationships and networks. Cultivate business development opportunities.
To qualify for the role, you must have
Bachelor’s degree in Computer Science, Information Systems, Engineering, or related field and 5 years of related work experience, or a Master’s degree in Computer Science, Information Systems, Engineering, or a related field and 4 years of related work experience.
Must have 4 years of work experience performing of at least one of the following services in an independent manner:
Conducting application security vulnerability assessment using either manual penetration testing and source code techniques; or automated commercial SAST/DAST/IAST tools;
Performing security architecture/threat modeling reviews on a wide range of applications and determining the appropriate security controls. Must be able to demonstrate experience by describing the types of applications that have been reviewed; the methodology followed as part of the review; the security controls evaluated as part of the review; sample findings that have been discovered; and sample remediation guidance that has been provided.
Evaluating application security programs for clients and developing key elements of the program as part of the enhancement process, and developing internal vulnerability assessment and management processes;
Evaluating DevSecOps programs to determine how to embed security activities and working with clients to evolve their development programs to embed application security tooling and processes.
Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
Must have 3 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
Containers (Docker, Kubernetes, etc.)
Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, etc.)
Continuous integration (Jenkins, Bamboo, Hudson, etc.)
Integration of Security testing tools into pipeline
Defect tracking (Jira, Bugzilla, ServiceNow etc.)
Source code management (GitLab, GitHub, BitBucket, etc.)
QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)
Application security testing tools (SAST, DAST, IAST, OSA, etc.)
Various *nix distributions
Cloud environment (AWS, Azure etc)
Must have 2 years of experience in all of the following:
Developing enterprise applications or scripts for security testing (security as code)
Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed
Performing manual application penetration testing
Performing manual security code reviews
For candidates with work experience aligned to conducting security architecture reviews the candidate must have 1 year of experience with cloud technologies and services, including at least 1 of the following:
Amazon Web Services (AWS)
Pivotal Cloud Foundry
Ideally, you’ll also have
Valid US driver’s licence: willingness and ability to travel as needed to meet client needs
What we look for
We’re interested in intellectually curious people with a genuine passion for cybersecurity. With your broad exposure across Cyber Transformation, we’ll turn to you to speak up with innovative ideas that could make a lasting difference not only to us – but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you. CyberFY22 DevSecOps22
What we offer
We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.
- EY Jobs