Job Description

Overview At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. You are seeking a position that allows you to demonstrate your information security skills, experience and ability to solve complex problems. This position is an opportunity to embed information security in a strategic investment by the EY Tax practice that is intended to enable innovation and disruptive new services. Responsibilities Your key responsibilities This position is a leading and consulting role in designing, developing and implementing all aspects of security for complex global applications based on Microsoft Azure technology and generally the Microsoft technology stack. The role is an individual contributor capable of supporting multiple project teams; it is not a program management or oversight role, but requires detailed participation in the design, implementation and certification of security controls across multiple projects/applications. Requires knowledge of IT system architecture and cloud technology, supporting technologies such as IAM, network security, firewalls, user account management, audit and logging, and other security concepts as outlined in ISO27001, OWASP and related security standards. Knowledge of 3rd party security assessments and applicability of SOC1 and SOC2 reports and concepts of vendor risk management. The position requires the ability to work remotely and will leverage EY’s collaboration tools such as Teams, SharePoint, and AzureDevOps. Skills and attributes Skills and attributes for success Significant working security experience in design, implementation and operation of security controls in one of the following areas: Agile & DevOps Methodologies – Experience as a contributing member of a balanced team within an Agile development or DevOps environment. Application Security - Design of security controls for multi-tier solutions including application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Familiarity with REST API and microservices. Security scanning tools – Experience with SAST & DAST, network sniffers, Burp Suite. Work with internal PEN testing team to identify vulnerabilities and align with security controls. Cloud Security – Understanding of virtualization, cloud infrastructure, and public cloud offerings; experience designing security configuration and controls in cloud-based solutions (Microsoft Azure, Google GCP, AWS, and others). Infrastructure Security – Integration of security technologies into architectures including IAM, IDS/IPS, security monitoring, and data encryption solutions. Identity and Access Management - Active Directory-based IAM and Authorization design, integration with IDaaS and Federation technologies. Qualifications To qualify for the role, you must have 5 years of experience in: Extensive experience implementing, advising on, and consulting about security configurations across complex IT architectures, including cloud environments (primarily Microsoft), and on-premises solutions. In-depth knowledge of IT system architecture concepts and cloud technologies, with IAM, network security, firewalls, software development best practices, auditing, hardening, and standards (ISO27001, OWASP, etc.). Proficiency in interpreting security reports (SAST/DAST) and testing outcomes, advising on corrections and security measures based on policies and non-functional requirements. Knowledge of GRC tools to work with Compliance on remediation plans. A degree in Computer Science or a related field. Security certifications. Excellent communication skills and the ability to collaborate with stakeholders from developers to business leaders and EY clients. Ideally, you’ll also have Operational Security – Defining operational models and procedures for business solutions including maintenance of security controls. Information Security Standards – ISO 27001/27002, NIST CSF, FEDRAMP, CSA and CIS Controls. Cloud security certifications such as AZ-300, CISSP or related certifications. Product Management – Collaborating with broader teams on security aspects across concept to design to implementation and operation. What we look for What we look for We are looking for individuals with a passion for information security and the ability to apply knowledge to new technologies supporting EY’s growth. What we offer you Compensation and benefits The base salary ranges for the US are $76,400 to $138,600, with higher ranges for New York City Metro Area, Washington State and California. Salaries depend on education, experience, knowledge, skills and geography. Total Rewards include medical and dental coverage, pension and 401(k) plans, and paid time off. Hybrid work model: most client-facing roles require 40-60% in-person work over engagements, projects or year. Flexible vacation policy and designated EY holidays, winter/summer breaks, personal/family care, and other leaves of absence as needed. How to apply Are you ready to shape your future with confidence? Apply today. EY accepts applications on an ongoing basis. For California residents, additional information is available. EY is an equal opportunity employer and complies with applicable law. EY provides reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or an accommodation during the application process, contact EY’s Talent Shared Services Team. About EY EY focuses on high-ethical standards and integrity. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY helps clients shape the future with confidence using data, AI and advanced technology. EY teams work across assurance, consulting, tax, strategy and transactions in more than 150 countries. EY is an equal employment opportunity employer. EY does not discriminate based on race, color, religion, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis. EY provides reasonable accommodations for qualified individuals with disabilities and those needing accommodation during the application process. For assistance, contact EY’s Talent Shared Services Team. #J-18808-Ljbffr Ernst and Young

Job Tags

Similar Jobs