Security Consultant Job at Ernst and Young in Cleveland

Overview

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

You are seeking a position that allows you to demonstrate your information security skills, experience and ability to solve complex problems. This position is an opportunity to embed information security in a strategic investment by the EY Tax practice that is intended to enable innovation and disruptive new services.

Responsibilities

• Lead and consult on designing, developing and implementing all aspects of security for complex global applications based on Microsoft Azure technology and the Microsoft technology stack.
• Act as an individual contributor capable of supporting multiple project teams; participate in the design, implementation and certification of security controls across multiple projects/applications.
• Apply knowledge of IT system architecture, cloud technology, IAM, network security, firewalls, user account management, audit and logging, and other security concepts aligned with ISO27001, OWASP and related security standards.
• Assess 3rd party security assessments and applicability of SOC1 and SOC2 reports; address vendor risk management concepts.
• Work remotely using EY collaboration tools such as Teams, SharePoint, and AzureDevOps.

Skills and attributes for success

• Significant working security experience in the design, implementation and operation of security controls within Agile, DevOps or related environments.
• Application Security: design of security controls for multi-tier solutions including application-level access and entitlement management, data tenancy and isolation, encryption, and logging; familiarity with REST API and microservices.
• Security scanning tools: experience with SAST/DAST, network sniffers, BurpSuite; collaborate with internal pentesting teams to identify vulnerabilities and align with security controls.
• Cloud Security: understanding of virtualization, cloud infrastructure and cross-cloud offerings; experience designing security configurations in cloud-based solutions (Azure, Google Cloud, AWS, and others).
• Infrastructure Security: integrate security technologies into architectures, including IAM, IDS/IPS, security monitoring, and data encryption solutions.
• Identity and Access Management: AD-based IAM and authorization design with IDaaS and Federation.

To qualify for the role, you must have 5 years of experience in

• Extensive experience implementing and advising on security configurations across complex IT architectures including cloud and on-premises solutions from multiple vendors.
• Deep knowledge of IT system architecture concepts, cloud technologies, IAM, network security, firewalls, software development best practices, auditing, hardening, and standards such as ISO27001 and OWASP.
• Ability to interpret security reports (SAST/DAST) and advise on corrections and security measures based on policies and non-functional requirements.
• Knowledge of GRC tools to work with Compliance on remediation plans for security issues.
• A degree in Computer Science or a related field.
• Security certifications.
• Excellent communication skills in English and the ability to collaborate with developers, architects, business leaders and EY clients.

Ideally, you’ll also have

Additional working security experience in one or more of the following areas:

• Operational Security: defining operational models and procedures for business solutions including operation and maintenance of security controls.
• Information Security Standards: knowledge of ISO 27001/27002, NIST CSF, FEDRAMP, CSA and CIS Controls.
• Cloud security certifications such as AZ-300 Azure Architect Technologies, CISSP or related certifications.
• Product Management: collaborating with a broader business team on security from concept to design to implementation and operational support.

What we look for

We are looking for individuals with a passion for information security and the ability to apply knowledge to new and emerging technologies that support EY’s growth strategy.

What we offer you

• We provide a comprehensive compensation and benefits package; base salary ranges vary by location and experience. EY’s Total Rewards includes medical/dental coverage, pension/401(k) and paid time off.
• Hybrid work model: most client-serving roles require collaboration in person 40-60% of the time over engagements, projects or a year.
• Flexible vacation policy and time off for holidays, personal/family care, and other leaves to support well-being.

Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an ongoing basis.

For those living in California, additional information is available.

EY focuses on high ethical standards and integrity and expects all candidates to demonstrate these qualities.

About EY

EY | Building a better working world. EY helps clients shape the future with confidence using data, AI and advanced technology across assurance, consulting, tax, strategy and transactions, in more than 150 countries.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to reasonable accommodation for qualified individuals with disabilities, including veterans. If you need assistance applying online or an accommodation during the application process, please contact EY’s Talent Shared Services.