Job Description

Overview At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. You are seeking a position that allows you to demonstrate your information security skills, experience and ability to solve complex problems. This position is an opportunity to embed information security in a strategic investment by the EY Tax practice that is intended to enable innovation and disruptive new services. Responsibilities This position is a leading and consulting role in designing, developing and implementing all aspects of security for complex global applications based on Microsoft Azure technology and generally the Microsoft technology stack. The role is an individual contributor capable of supporting multiple project teams. It is not a program management or oversight role, but requires detailed participation in the design, implementation and certification of security controls across multiple projects/applications. Requires knowledge of IT system architecture and cloud technology, supporting technologies such as IAM, network security, firewalls, user account management, audit and logging, and other security concepts aligned with ISO 27001, OWASP and related standards. Knowledge of third-party security assessments and applicability of SOC 1 and SOC 2 reports and vendor risk management concepts. The position requires being able to work remotely and will leverage EY’s collaboration tools (Teams, SharePoint, AzureDevOps). Skills and attributes for success Significant working security experience and knowledge in the design, implementation and operation of security controls in one or more areas: Agile & DevOps methodologies – contributing member of a balanced team within an Agile development or DevOps environment. Application security – design of security controls for multi‑tier business solutions including application-level access/entitlement management, data tenancy and isolation, encryption, logging; familiarity with REST API and microservices. Security scanning tools – experience with SAST & DAST, network sniffers, Burp Suite; collaborate with internal pentesting team to identify vulnerabilities and align findings with security controls. Cloud security – understanding of virtualization, cloud infrastructure, and public cloud offerings; experience designing security configuration and controls in Microsoft Azure, Google GCP, AWS and other vendors. Infrastructure security – integrating common infrastructure security technologies into architectures, including IAM, intrusion detection and prevention, security monitoring, and data encryption. Identity and access management – Active Directory-based IAM and authorization design, integration with IDaaS and federation technologies. To qualify for the role, you must have 5 years of experience in Extensive experience implementing, advising on, and consulting about security configurations across complex IT architectures, including cloud environments (primarily Microsoft) and on‑premises solutions, across IaaS, PaaS and SaaS offerings from multiple vendors. In-depth knowledge of IT system architecture and cloud technologies, with IAM, network security, firewalls, software development best practices, auditing, hardening, and related standards (ISO27001, OWASP, etc.). Proficiency in interpreting security reports (SAST and DAST) and testing outcomes, advising on corrections and security measures per policies and non-functional requirements. Knowledge of GRC tools to work with Compliance on remediation plans for security issues. A degree in Computer Science or a related field. Security certifications. Excellent communication skills and ability to collaborate with stakeholders from developers and architects to business leaders and EY clients. Ideally, you’ll also have Operational security – experience defining operational models and procedures for business solutions, including operation and maintenance of security controls. Information security standards – knowledge of ISO 27001/27002, NIST CSF, FEDRAMP, CSA and CIS Controls. Cloud security certifications such as AZ-300, CISSP or other security certifications. Product management – experience working with a broader business team on security aspects from concept to design to implementation and operations. What we look for We are looking for individuals with a passion for information security and the ability to apply knowledge to new and emerging technologies supporting EY’s growth strategy. What we offer you The compensation ranges shown comply with US pay transparency laws. Other geographies will follow local salary guidelines. EY offers future-focused skills development and world-class experiences in a flexible, diverse and inclusive culture of globally connected teams. We offer a comprehensive compensation and benefits package with base salary ranges: US overall range $76,400–$138,600; New York City Metro, Washington State and California ranges $91,700–$157,500. Salaries depend on education, experience, knowledge, skills and geography, plus a Total Rewards package including medical and dental coverage, pension and 401(k). Hybrid model: most client-serving work is expected to be in person 40–60% of the time. Flexible vacation policy with paid holidays and other leaves to support well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For those living in California, please click for additional information. EY is an equal opportunity employer and prohibits discrimination in all its employment practices. EY | Building a better working world. #J-18808-Ljbffr Ernst and Young

Job Tags

Similar Jobs