Consultant - Forensics - National d

Job Description

Cyber Security is one of the most important risks facing businesses today. Systems and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth. Our clients are overwhelmingly turning to EY for help and guidance on how to protect their assets, minimize business disruption and improve security as they continue to exploit technology and the Internet of things.The opportunityAt EY we have ambitious plans to expand our already market leading Cybersecurity practice. We need excellent people, across all grades, to join us and to be part of our exciting growth strategy. As a Consultant in our Cybersecurity practice you will be working within IT Risk and Security and will have exposure to cyber security assessments and work in teams to deliver security implementations or remediation programs.Your key responsibilities Define technical and business requirements for information security solutions. Review and build business, privacy and security policies. Review / assess IT and information security related technology products. Review, assess, benchmark and develop observations and remediation action plans for all aspects of information security programs and technologies. Perform Security assessments based on the various standards and Security frameworks Evolve in preparation of the final work products to confirm the work is performed with the highest quality standards. Experience in developing, implementing or architecting information security systems Strong understanding of information security regulatory requirements and compliance issues Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, threat hunting architectures and governance Understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell) Experience in process definition, workflow design and process mapping Demonstrated ability to contribute to the development of client deliverables and technical content Good written and verbal communications skills Excellent leadership and teaming skills Demonstrated integrity within a professional environment Ability to travel at least 75% of time. Capability and experience in the following areas: o Cyber Strategy & Maturity Review Assessment o Attack & Penetration Testing / Ethical Hacking o Threat Intelligence o Red Teaming o Security Monitoring o Cyber Incident ResponseSkills and attributes for success Strong knowledge of networking fundamentals (all OSI layers) Strong knowledge of the Windows and *NIX operating systems and command line tools Familiarity with or knowledge of cybersecurity in Industrial Control Systems and Operational Technology an asset. Demonstrated leadership abilities, willingness and drive to build a national penetration testing/red teaming service line Strong knowledge of software exploitation on modern operating systems Knowledge of malware packing and obfuscation techniques Knowledge of cloud technologies and cloud hosting Ability to automate tasks using scripting languages Ability to develop advanced tools using coding languagesAbility to perform targeted penetration tests without use of automated tools Ability to work independently Strong team work and collaboration skills Understanding of Forensic collections of volatile and non-volatile data for legal proceedingsTo qualify for the role you must have An undergraduate or post graduate degree preferably in Information Security, Information Systems, Computer Science, Engineering, and other related areas 1 - 3 years of relevant post qualification work experience in Cyber Security 2 - 3 years of experience with Cyber Red Team operations Hands-on experience with key components of Cybersecurity including Penetration Testing, Red teaming, Vulnerability management, Network & Infrastructure security, Threat analysis, managed detection and response. Expert knowledge and practical experience with common frameworks, standards and methodologies used such as MITRE, OWASP, NIST Cybersecurity, IS 27001/2. Practical experience with conducting penetration tests and executing red team engagements. Experience with NetFlow or PCAP analysis peferred Relevant security certification like OSCP, OSCE, GXPN, CISSP, CISA CISM, OSCP, GPEN, GWAPT, etc will be preferredIdeally you ll also haveStrong written and verbal communication, interpersonal, facilitation, relationship-B.E./B.Tech, MBA with 3+ yrs. of post grad-qualification relevant work exp. Additional relevant Security related Certifications is required such as CEH, ISO 27001:2013, PCI DSS etc Need strong communication, facilitation, relationship-building, presentation skills. Be highly flexible, adaptable, and creative. Comfortable interacting with senior executives (within the firm and at the client) Understanding Cloud Technologies Experience with NetFlow or PCAP analysis Ability to work independently Strong teamwork and collaboration skills Log Review and Analysis,

Keyskills :
pci dssit riskred teamred teamingcyber securitysecurity policythreat analysiscomputer sciencebusiness strategystatements of work sow