Risk_cyber Security_ngso - Tem_staff Job in Ernst & Young Global Limited

EY-Cyber Security-TEM StaffConsulting- Risk

As part of our EY-cyber security team, you shall performpenetration testing which includes internet, intranet, wireless, webapplication, social engineering and physical penetration testing. You shallalso perform in-depth analysis of penetration testing results and create reportthat describes findings, exploitation procedures, risks and recommendations.

The opportunity

Were looking for Security Analyst with expertise in penetrationtesting. This is a fantastic opportunity to be part of a leading firm whilstbeing instrumental in the growth of a new service offering.

Your key responsibilities

• Perform penetration testing whichincludes internet, intranet, web application, wireless, social engineering,physical penetration testing.

• Execute red teamassessments to highlight gaps impacting organizations security postures.

• Identify and exploitsecurity vulnerabilities in a wide array of systems in a variety of situations.

• Perform in-depthanalysis of penetration testing results and create report that describesfindings, exploitation procedures, risks and recommendations.

• Execute penetrationtesting projects using the established methodology, tools and rules of engagements.

• Convey complextechnical security concepts to technical and non-technical audiences includingexecutives.

• Strong knowledge ofOWASP Top 10 web and the ability to effectively communicate methodologies andtechniques with development teams

• Ability to automateDAST/SAST solutions and reporting

• Support SDLC andagile environments with application security testing and source code reviews.

• Provide technicalleadership and advise to junior team members on attack and penetration testengagements.

• Develop automatedsolutions that mitigate risks throughout the organization.

• Understanding andexperience with Active Directory attacks.

• Understanding of TCP/IP networkprotocols.

Skills and attributes for success

• Experience with automation through solutionssuch as Chef, Puppet, Jenkins, and Ansible.

• Experience withscripting / programming skills (e.g., Python, PowerShell, Java, Perl etc.)updated and familiarized with the latest exploits and security trends.

• Familiarity withdynamic web application vulnerability scanning tools and services (Acunetix, HPWebInspect, IBM AppScan, BurpSuite, IBM AppScan)

• Familiarity withstatic code analysis tools and services (CheckMarx, Fortify Static CodeAnalysis tool, Veracode, Coverity, IBM AppScan Source)

• Familiarity withSecure DevOps Integration.

• Understanding andexperience with Active Directory attacks.

• Understanding ofTCP/IP network protocols.

• Understanding ofnetwork security and popular attacks vectors.

• Understanding ofweb-based application vulnerabilities (OWASP Top 10).

• Experience with scripting / programmingskills (e.g., Python or PowerShell or Java or Perl etc.).

To qualify for the role, you must have

• BE/ B.Tech/ MCA.

• Minimum of 1 yearof work experience in penetration testing which may include at least three ofthe following: internet, intranet, web application penetration tests, wireless,social engineering, physical and Red Team assessments.

• One of thefollowing certifications: OSCP, OSWP, GPEN, GWAPT.

• Knowledge of Windows, Linux, UNIX, any other major operating systems.

• 2-4 years of work experience in Strategy and Operations projects

• Strong Excel and PowerPoint skills.

Ideally, youll also have

• Project management skills

• Certifications: OSCP, OSWP, GPEN, GWAPT.

  What we look for

• Whocan perform penetration testing which includes internet, intranet, wireless,web application, social engineering and physical penetration testing andprovide analysis for the testing results.