דרושים Tc - Cs Iam Imp Iga Provisioning Analysts ב-Ey ב-India, Kochi

Attack & Penetration Testing - Senior

As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

Your key responsibilities

• Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
• Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Execute red team assessments to highlight gaps impacting organizations security postures.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Perform technical quality reviews and conduct technical conversations directly with clients.
• Keep uptodate with the latest techniques and concepts.
• Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
• Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
• Understanding and experience with Active Directory attacks.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
• Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
• Support SDLC and agile environments with application security testing and source code reviews.
• Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
• Provide technical expertise and guidance to clients on remediation strategies and security best practices.

Skills and attributes for success

• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
• Good to have knowledge in AI in pentest
• Understanding of TCP/IP network protocols.
• Understanding of network security and popular attacks vectors.
• Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
• Strong understanding of security principles, policies, and industry best practices
• Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
• Excellent communication and presentation skills, both written and verbal.
• Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
• Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.

To qualify for the role, you must have

• BE/ B.Tech/ MCA or equivalent
• Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
• One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• 3-9 years of work experience in Strategy and Operations projects
• Team management skills are preferred.
• Conduct technical discussions and perform technical Quality reviews.
• Familiarity with OWASP methodologies and application security vulnerabilities.
• Exceptional ability to educate and guide application developers in security best practices.
• Excellent communication, presentation, and interpersonal skills.
• Strong Word, Excel and PowerPoint skills.

Ideally, you’ll also have

• Project management skills
• Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.

What we look for

Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Requisition Id : 1646973

ASU - FAAS - Financial&AccountingAdv :

1) Ensuring their accounts comply with the requisite audit standards

2) Providing a robust and clear perspective to audit committees and

3) Providing critical information for stakeholders.

Our Service Offerings include External Audit, Financial Accounting Advisory Services (FAAS), IFRS & US GAAP conversion, IPO and other public offering, Corporate Treasury - IFRS 9 accounting & implementation support etc.

Your key responsibilities

Technical Excellence

CA with relevant experience

Skills and attributes

To qualify for the role you must have
Qualification

CA with relevant experience

CA with relevant experience

What we look for

People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain postivie energy, while being adaptable and creative in their approach.

What we offer

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Attack & Penetration Testing - Senior

As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

Your key responsibilities

• Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
• Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Execute red team assessments to highlight gaps impacting organizations security postures.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Perform technical quality reviews and conduct technical conversations directly with clients.
• Keep uptodate with the latest techniques and concepts.
• Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
• Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
• Understanding and experience with Active Directory attacks.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
• Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
• Support SDLC and agile environments with application security testing and source code reviews.
• Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
• Provide technical expertise and guidance to clients on remediation strategies and security best practices.

Skills and attributes for success

• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
• Good to have knowledge in AI in pentest
• Understanding of TCP/IP network protocols.
• Understanding of network security and popular attacks vectors.
• Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
• Strong understanding of security principles, policies, and industry best practices
• Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
• Excellent communication and presentation skills, both written and verbal.
• Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
• Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.

To qualify for the role, you must have

• BE/ B.Tech/ MCA or equivalent
• Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
• One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• 3-9 years of work experience in Strategy and Operations projects
• Team management skills are preferred.
• Conduct technical discussions and perform technical Quality reviews.
• Familiarity with OWASP methodologies and application security vulnerabilities.
• Exceptional ability to educate and guide application developers in security best practices.
• Excellent communication, presentation, and interpersonal skills.
• Strong Word, Excel and PowerPoint skills.

Ideally, you’ll also have

• Project management skills
• Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.

What we look for

Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Cyber Governance Risk and Compliance Consultant - Senior

This is a role where no two days are the same – so you’ll find yourself taking on plenty of new responsibilities as you go. You’ll work alongside clients and colleagues, balancing your time between developing security strategies, designing security and privacy controls, advising client stakeholders, facilitating workshops and supporting business development.

As a Cyber GRC Professional in our Cyber Security practice, you will be occupied in the following domains: a) Strategy, b) Risk, c) Compliance. As part of our team strategy you will be expected to take on responsibility and initiative early, providing you with real experience working with a wide range of major clients in EY. You will be taking responsibility for the quality of your work, while continually developing your personal and professional skills through formal training, hands-on experience and coaching.

To qualify for the role, you must have:

• Degree, or equivalent, in Information Security, Cyber Security, Information Technology, Informatics, or other similar and technical areas
• Evidence of self-motivation to continuously develop in the areas of cybersecurity
• Good organizational and time management skills with the ability to prioritize and complete multiple complex projects under tight deadlines
• Ability to translate security issues into business risks
• Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels
• Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies
• Experience, knowledge and strong interest in information and cyber security domains are essential for this role
• Experience on Cyber Governance, Risk & Compliance (GRC), Cyber risk assessments & management methodologies
• Experience on assessing, designing and implementing security strategies, governance frameworks over processes and controls, allowing organisations to optimally manage cyber security
• Experience on design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, such as ISO27001, NIST, SANS etc.
• Experience in data classification exercises and controls / mechanisms enforcement
• Working knowledge of control frameworks such as ISO 27001/27002, COBIT, NIST, ITIL, etc.
• Ability to conduct Security regulatory and compliance assessment independently
• Hands on with assessment report preparation and presenting to senior technical and business stakeholders
• Hand on knowledge of excel, PowerPoint and word
• Articulative and confident in presentation to senior stakeholders
• Ability to lead workstreams or dedicated portions of projects
• Cyber maturity assessments, recommendations, roadmap and strategy creation
• knowledge of use of and risks related to modern and emerging technologies
• Cybersecurity audit
• Ability to plan and deliver cyber security training and awareness

Ideally, you’ll also have:

• Security-related qualifications / certifications such as CISSP, SSCP, CISM, ISO27001 lead implementer or auditor, CompTIA Security+, are desirable
• Experience in Third Party Risk Management (TPRM) and / or vendor risk assessment engagements
• Experience in design and implementation of Information Security Management Systems (i.e. security policies, procedures and guidelines) according to leading International Standards
• Security-related vendor / technology certifications are desirable

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

And we achieve this by assuring our work and client information are safe from increasingly sophisticated threats.

You will be building highly modular, scalable, and robust applications, both on-premises and on the cloud, typically Azure. You will be working with teams to propagate best practices and formalizing processes to ensure they are followed.

Your key responsibilities

• Lead the 50+ member development team working on various technologies such as .Net, Angular, SharePoint, AI, ML and Advanced Analytics.
• Leads the solution delivery for a large or more complex project / program, using strong technical capabilities and outstanding hands-on experience.
• Handles the most complex of technical development concepts, latest software tools and technologies, strong database concepts and designing techniques.
• Solves problems in coding, testing and deployment in different programming languages.
• Takes accountability for the design, development, delivery and maintenance of solutions or infrastructure, driving compliance with and contributing to the development of relevant standards
• Fully understands business and user requirements and ensures design specifications meet the requirements from a business and technical perspective
• Solves complex and escalated aspects of a project, performing coding, debugging, testing, and troubleshooting throughout the development process
• Provides advanced technical expertise to maximize efficiency, reliability and value from current solutions, infrastructure and emerging technologies, showing technical leadership, and identifying and implementing continuous improvement plans
• Develops strong working relationships with peers across Development & Engineering and Architecture teams, collaborating to develop and engineer leading solutions

To qualify for the role, you must have

• B.E/ B.Tech/ MCA/ MS or equivalent degree preferably in Computer Science discipline.
• Minimum 12 – 15 years of experience in software development and architecture

Ideally, you’ll also have

• Technical Skills
  • Angular 6+, Typescript, Patterns, Best Practices
  • JavaScript, HTML, CSS
  • C#
  • TSQL
  • Azure Portal
  • Azure App Services, SQL Server, Blob Storage, Service Bus, SignalR, WebJobs, Functions
  • Azure Data Analytics
  • Azure Cognitive Services
  • Power Platform
  • SharePoint
  • Agile Development
  • Azure DevOps
  • GIT
• Experience in large scale technical implementation and digital transformation projects
• Experience / Exposure in Data Science, Machine Learning and Deep Learning
• Experience / Exposure in IoT, AR/VR is good to have
• Note: any other skillsets they can bring to the table that may benefit the project will also be considered.

What we look for

• A self-starter, independent-thinker, curious and creative person with ambition and passion.

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland & the UK – and with teams from all EY service lines, geographies & sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills & insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Information Security Project Manager

Project Manager is responsible for delivering Information Security IT projects to schedule, budget and quality. The role requires technical knowledge of project management inter-related process stages i.e. initiate, plan, execute, monitor and control and close, and the supporting processes e.g. scope, cost, time, issue, risk, resource, communication, stakeholder management. Experience in related processes such as portfolio management, program management, methods and tools and quality assurance is preferred. The Project Manager should have stakeholder relationship management experience to successfully support the project team and project stakeholders, and have expertise recognized and requested by customers.

Your key responsibilities

The Project Manager may work under the guidance of a Senior Project Manager (or Service Delivery Manager) in the following areas:

Project Planning and Control

Maintain very close visibility into and active control over projects to agreed schedule, budget and scope

Conduct stage gates at least at the end of plan and before deployment to production

Resource Management

Demonstrate control over the project resource plan

Ensure actual work matches the planned effort

Forecasting and Financial Control

Maintain accurate project financial forecasts

Deliverable Quality

Ensure project deliverables are fit for purpose

Risk and Issue Management

Proactively recognize risks or issues, and do not wait to respond to them

Skills and attributes for success

• Experience with project management methodology, tools and templates (includes project planning, schedule development, scope management and cost management)
• Track record of customer focus, based on openness, trust, and delivering on promises
• IT background with experience across the systems development life cycle with experience in all project phases – plan, initiate, elaborate, design, build, test, implement.
• Strong team working skills across matrixed client, supplier and globally dispersed virtual teams
• Excellent written and verbal communication skills – must be able to communicate fluently in English both verbally and in writing

To qualify for the role, you must have

• 3 to 5 years in a corporate IT environment
• 1 to 3 years of experience in project management
• 1 to 3 years of experience with IAM technologies, such as credential vaulting, bastion administrative forests, etc.

Ideally, you’ll also have

• Project management certification is highly preferred (PMI/CAPM or PMP, PRINCE2)
• Familiarity with ITIL v2 or 3 would be advantageous
• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) certifications or other Information Security related a plus
• Experience in EY IT Infrastructure deployments
• Specific experience in EY Information Security Service Delivery (and specifically IAM domain) highly preferred

What we look for

• Acting with a sense of ownership and urgency
• Assuming personal accountability for success
• Always looking for solutions to getting things done, rather than reasons why they can’t be done

Identity and Access Management (IAM) organization, a part of Information Security which, enables over 330,000 individuals across 140+ countries to access systems and information securely. As a member of the Identity and Access Management (IAM) team this position will contribute towards execution of an IAM roadmap that meets security requirements, including but not limited to security for, a complex Active Directory (AD) environment, hybrid cloud deployment, mobile computing, policy driven security, SSO, identity lifecycle management, and federation focusing on multiple protocols.

Your key responsibilities

• Manage L3 Incidents, Service Requests and problems related to affected services
• Manage and maintain Public Key Infrastructure Document PKI and certificate management guidance for the company
• Responsible for infrastructure design and the planning and implementation of changes within the environment
• Sponsor changes to the infrastructure needed to support new and evolving services, technologies, and applications
• KPI analysis to identify patterns and trends and drive performance improvement
• Benchmarking, productivity, and quality control
• Ownership of process engineering and operational improvement initiatives including automation tooling
• Provide first line support to internal clients and member organization on EKMS.
• Support EKMS onboarding and offboarding processes for both cloud and on-premises applications
• Provide operational support and triage on HSM and EKMS during incident response.
• Support Azure Managed HSM (MHSM) onboarding operations as it relates to applications requiring TLS offloading.
• Under the supervision of EKMS Engineering, support the Firm’s day-to-day operations as it relates to on-premises applications requiring TLS offloading.
• Implement operational improvements as it relates to enterprise key management and HSM support.
• Maintain and update the enterprise key management documentation to support new business requirements.
• Support HSMs operations as it relates to Nginx and Windows Internet Information Services.
• Provide Level 1 and 2 support to end user related on key management which has a direct impact of the Recovery Time Objective (RTO).
• Escalate advance key management issues which has a direct impact on service delivery to EKMS Engineers or Vendors where necessary
• Maintain the operations runbook for HSM and EKMS deployments.
• Root cause analysis and service improvement solutions
• Provide cost-efficient, stable operations for the platforms and services in scope
• Align risk and control processes into day to day responsibilities to monitor and mitigate risk; escalates appropriately
• Produce accurate, brief and clearly written documents tailored to audience needs and expectations
• Flexibility to work in a 24*7 support structure.

Skills and attributes for success

• Excellent problem-solving skills
• Strong verbal and written skills to interact with global teams and customers
• Keep up on current technologies and maintain awareness of industry trends and threats, focusing on PKI technologies.
• Tangible, relevant, and demonstrable experience with PKI and specifically Microsoft PKI technology, integration with platforms and applications, and working with clients.
• Perform analysis of metrics for the purpose of making decisions around staffing, capacity, and processes.
• Experience in Key Management Operations related to Key Generation, Storage, Distribution, Rotation, Revocation and Destruction.
• Experience with at least one enterprise key management systems as well as cloud-based key management services.
• Operational experience working with two or more of the following protocols: TLS, PKI, HSMs, KMIP, Digital Certificate Management, Azure Key Vault, or transparent database encryption.
• Basic experience with FIPS 140-2 Level 3 compliance requirements and implementation.

To qualify for the role, you must have

• Degree in Computer Science or related field or equivalent work experience
• Fluent in English language – written and verbal
• Minimum of 5 years of experience with Public Key Infrastructure (PKI)
• Experience with key PKI technologies such as Microsoft Active Directory Certificate Services including Certificate Authority, NDES, and OCSP and HSMs
• 2 years’ experience in enterprise key management, HSM configuration, application layer encryption, and transparent data encryption.
• Understanding of digital certificate lifecycle management functions
• Broad understanding of the available PKI vendors and technologies offering technical solutions in the market
• Experience with case management tool, ideally ServiceNow

Ideally, you’ll also have

• Ability to plan, estimate, and deliver work independently.
• Solid understanding of change management processes and software suites
• Knowledge of enterprise authentication and web security

What we offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learnin g: You will develop the mindset and skills to navigate whatever comes next.
• Success as defined by yo u: We will provide the tools and flexibility, so you can make a significant impact, your way.
• Transformative leadership : We will give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture : You will be accepted for who you are and empowered to use your voice to help others find theirs.