דרושים Tc-cs-iam-imp-sailpoint ב-Ey ב-India, Pune

We are actively recruiting Audit professionals at the Audit Supervisor level to join our Audit team in Botswana. Our Auditor opportunities are offered on a flexible full-time basis. You’ll help our clients meet their reporting requirements by accurately reporting on financial statements and providing meaningful insights into accounting and reporting matters. In return, you can expect leading-edge learning and development tailored to your unique interests and motivations. You’ll be given all the skills, knowledge and opportunities to progress and become ready to build a better working world for our people, our clients and the communities that support us.

Your key responsibilities

• Leading fieldwork, managing performance, coaching and mentoring more junior team members and keeping engagement leaders updated on audit engagements
• Effectively managing Audit processes with appropriate consideration of audit risk issues and accounting technical matters, including revenue, financial instruments and income taxes
• Engaging clients and providing advice and professionalism throughout transactions, including identification of areas for improvement in clients’ business processes
• Constantly developing your understanding of current market trends and processes and sharing your knowledge to develop junior colleagues
• Understanding our clients’ unique ambitions and needs and referring them to colleagues in other teams and areas to broaden our business relationships where possible
• Expertise in accounting frameworks (IFRS) and in related financial reporting matters

Skills and attributes for success

To qualify for the role you must have

• Proven experience as an Auditor delivering external audit and assurance engagements
• Experience leading the planning, execution and reporting on audits
• Proven track record with developing and maintaining client relationships
• Excellent communication and negotiation skills and a collaborative approach to management

Qualifications

• A degree in Accounting, BICA/ACCA qualified, registered member of BICA;
• 4-5 years experience working as an External Auditor in a public accounting firm;
• Excellent project management skills;
• Advanced written and verbal communication skills;
• Sound business, client, team and personal leadership skills including verbal communication and presentation skills
• Expertise in accounting frameworks (IFRS) and in related financial reporting matters

What we offer

Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Continuous learning: personalised career development including coaching, experiences and formal learning so you’ll develop the mindset and skills you’ll need to thrive in the future. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

Enabled by data, AI and advanced technology,

All in to shape the future with confidence.

As a member of the Identity and Access Management (IAM) team this position will contribute towards execution of an IAM roadmap that meets security requirements, including but not limited to security for customer applications using policy driven security, SSO, authentication and authorization, user provisioning/de-provisioning, and federation focusing on multiple protocols (SAML2.0, OpenID, OAuth2.0, WS-FED).

Your key responsibilities

• Engage and contribute to the Identity & Access Management projects
• Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress
• Execute the engagement requirements, along with review of work by junior team members
• Help prepare reports and schedules that will be delivered to clients and other interested parties
• Develop and maintain productive working relationships with client personnel
• Build strong internal relationships within EY Consulting Services and with other services across the organization
• Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
• Contribute to people related initiatives including recruiting and retaining IAM professionals
• Maintain an educational program to continually develop personal skills
• Understand and follow workplace policies and procedures
• Manage the performance management for the direct reportees, as per the organization policies
• Foster teamwork and lead by example
• Training and mentoring of project resources
• Participating in the organization-wide people initiatives

Skills and attributes for success

• Strong understanding of Identity Access Management solutions
• Hands-on experience on Azure Active Directory end-to-end implementation involving designing, implementation and customization
• Completed at least 3-5 implementations
• Understanding and experience in different technology of Azure Active Directory, B2E, B2B and B2C
• Implementation experience in ADFS, Azure AD Connect, Azure AD Application Proxy, Conditional Access Policy, LDAP, Active Directory, Application Integrations for SSO and multi-factor authentication
• Working experience in application integration with header-based, SAML2.0, OIDC, OAuth2.0, WS-Fed protocols
• Experienced in managing external identities and consumers in Azure AD B2B and B2C tenants
• Onboarding and offboarding applications on AAD B2B and B2C platforms
• Implementing custom policy using Identity Experience Framework for AAD B2C
• Experience in social login and 3rd party identity provider integration with AAD B2C
• Should have experience in assisting application team to use Microsoft libraries like MSAL
• Experience in integrating mobile application with AAD B2C
• Experience in integrating Azure AD with API management solution
• Should have knowledge on different component of Azure being used for Azure AD solution such as tenant creation, subscription, resource group.
• Should have knowledge in Identity management and Privileged Identity Management concepts
• Experienced in renew, update and troubleshoot certificate related issues
• Should have knowledge of different integration and architecture in customer’s IAM environment such as WAF, Load Balancer, network components
• Understanding of latest technology such as Zero trust framework, Fine-grained authorization, Password less authentication, CIAM
• Experience and exposure of using/exposing REST APIs including Azure AD graph APIs.
• Hands-on knowledge of any programming language Java or Python with good understanding of PowerShell.
• Should be familiar with application servers such as Tomcat and IIS.
• Ability to develop documentation such as business requirement document, high and low level design document, training and user procedures document.
• Deployment of web application & basic troubleshooting of web application issues.
• Should be flexible to work on new technologies in IAM domain.
• Should have had direct client experience, including working with client teams in an on-site or offshore mode.
• Need to liaise with Business stakeholders and seek requirement clarification. Should be able to map business requirements to technical specifications.
• Use case design, Solution Requirements Specification and mapping business requirements to technical requirements (Traceability Matrix).
• Involvement in a successful pursuit of a potential client by being part of the RFP response team.
• Architecture Design for overall IAM solution in customer environment (optimising the resources made available – servers and load sharing etc.).

To qualify for the role, you must have

• B. Tech./ B.E. with sound technical skills
• Strong command on verbal and written English language.
• Relevant experience in Azure Active Directory.
• Strong interpersonal and presentation skills.
• 5 – 8 Years’ Work Experience

Certification:

• Desirable to have certifications in security domain, such as CISSP and CISA or any IAM product specific certifications
• Desirable to have certifications in Azure Security Domain

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Attack & Penetration Testing - Staff

As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, mobile application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

Your key responsibilities

• Perform penetration testing which includes internet, intranet, web application, Mobile app (Android & iOS), APIs, wireless, Cloud Security, social engineering, physical penetration testing.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Execute red team assessments to highlight gaps impacting organizations security postures.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, Metasploit and Nessus for effective vulnerability assessment and penetration testing.
• Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams
• Understanding of TCP/IP network protocols.
• Develop automated solutions that mitigate risks throughout the organization.
• Provide technical leadership and advise to junior team members on attack and penetration test engagements.

Skills and attributes for success

• Understanding of web-based application vulnerabilities (OWASP Top 10).
• Understanding of TCP/IP network protocols.
• Understanding of network security and popular attacks vectors.
• Ability to communicate detailed technical information to a non-technical audience clearly
• Good to have experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory penetration testing
• Strong understanding of security principles, policies, and industry best practices
• Demonstrable flair for technical writing, including engagement reports, presentations and operating procedures

To qualify for the role, you must have

• BE/ B.Tech/ MCA or equivalent
• Minimum of 2 years of work experience in penetration testing which may include at least three of the following: internet, intranet, web app, APIs, Mobile App, wireless, Cloud Security, social engineering, physical and Red Team assessments.
• One of the following certifications: OSCP, OSCE, CRTP, CRTO, eCPTX, ejpt or eWPTX
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• 2+ years of work experience in performing Penetration testing.
• Good to have Strong Excel, Word and PowerPoint skills.

Ideally, you’ll also have

Certifications: ejpt, OSCP, CRTP, ECSA.

What we look for

Who can perform penetration testing which includes Network, wireless, web application, mobile application, social engineering and physical penetration testing and provide analysis for the testing results.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Assist in remote and on-site gap assessment of the SIEM solution.
• Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
• Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
• Asist in evaluating SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
• Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
• Experience in parsing and masking of data prior to ingestion in SIEM
• Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
• Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
• Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
• Experience in SIEM content development which includes :
• Hands-on experience in development and customization of Splunk Apps & Add-Ons
• Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
• Build and integrate contextual data into notable events
• Experience in creating use cases under Cyber kill chain and MITRE attack framework
• Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
• Sound knowledge in configuration of Alerts and Reports.
• Good exposure in automatic lookup, data models and creating complex SPL queries.
• Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
• Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

• Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies
• Experience in SOC as L1/L2 Analyst will be an added advantage
• Strong oral, written and listening skills are an essential component to effective consulting.
• Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting
• Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Your key responsibilities

• Engage and contribute to the Identity & Access Management projects.
• Work effectively as a team member, sharing responsibility, providing support, maintaining communication and updating senior team members on progress
• Execute the engagement requirements, along with review of work by junior team members
• Help prepare reports and schedules that will be delivered to clients and other interested parties
• Develop and maintain productive working relationships with client personnel
• Build strong internal relationships within EY Consulting Services and with other services across the organization
• Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
• Contribute to people related initiatives including recruiting and retaining IAM professionals
• Maintain an educational program to continually develop personal skills
• Understand and follow workplace policies and procedures
• Building a quality culture at GTH
• Manage the performance management for the direct reportees, as per the organization policies
• Foster teamwork and lead by example
• Training and mentoring of project resources
• Participating in the organization-wide people initiatives

Skills and attributes for success

• Hands-on experience on end to end implementation of Identity and Access Management tool.
• Completed at least 2-5 implementations.
• Good understanding of Identity Access Management solutions.
• Hands-on Java development and debugging experience.
• Strong Understanding of Java API’s, libraries, methods and good understanding of XML.
• Should be capable of dissecting large problems and designing modular, scalable solutions.
• Familiarity with any Java Framework (Struts/ Spring) is an additional advantage.
• Should be familiar with application servers such as Tomcat and WebLogic.
• Should have good understanding of RDMS and SQL queries.
• Hands-on experience in setting up the Identity and Access Management environment in standalone and cluster environment.
• Hands-on Development experience on Provisioning Workflows, triggers, Rules and customizing the tool as per the requirements.
• Strong understanding of LDAP (Lightweight Directory Access Protocol).
• Capability of understanding the business requirements and converting that into design.
• Good knowledge of information security, standards and regulations.
• Should be flexible to work on new technologies in IAM domain.
• Worked in capacity of techno-functional role of Identity and Access Management Implementation.
• Worked in client facing role.
• Need to be thorough in their respective tool with hands-on experience involving configuration, implementation & customization.
• Deployment of web application & basic troubleshooting of web application issues.
• Need to liaise with Business stakeholders and seek requirement clarification. Should be able to map business requirements to technical specifications.
• Use case design, Solution Requirements Specification and mapping business requirements to technical requirements (Traceability Matrix).
• Architecture Design (optimising the resources made available – servers and load sharing etc.).
• Involvement in a successful pursuit of a potential client by being part of the RFP response team.

To qualify for the role, you must have

• Bachelor or master’s degree in related field or equivalent work experience
• Strong command on verbal and written English language.
• Experience in HTML, JSP and JavaScript.
• Strong interpersonal and presentation skills.
• 5-7 Years’ Work Experience
  

Saviynt-Senior Security Consultant– IAM

• 6 years of experience in the field of IT services with over 2 years of experience in Identity and access management Saviynt Implementation experience for various Projects.
• Engineer, develop and maintain enterprise IAM solutions using Saviynt IGA tool
• Develop and Build new application Integration, Account and Entitlement Connectors and perform periodic certification reviews in the Saviynt Platform.
• Design and Develop new access request form in Saviynt based on Business needs.
• Enhance review definitions, generation of review for quarterly audit Support during New Application onboarding with Saviynt Security Manager (SSM).
• Experience in development phase for one or more of the Saviynt components - Build Warehouse, Access Request System (ARS), Rule Management, User Provisioning, Access Certification, Identity analytics, Segregation of Duties
• Possess good knowledge on one or more of the following modules in Saviynt IGA tool: Application Onboarding (Provisioning/De-provisioning), Birth right Provisioning, Application Workflows, Analytics-Reporting Services and Delegation.
• Good knowledge in the configuring of workflows in Saviynt IGA tool. Good knowledge of configuring birthright rules for the user onboarding workflows. Have involved in creation of XML jobs in Saviynt IGA tool.
• Verify and ensure users entitlement in an application/platform is appropriate based on an individual’s business role and job function.
• Remediate access of the users if it is no longer required.
• Collaborate with other IAM engineers and architects on major initiatives.
• Be a strong individual contributor who improves IAM service offerings.
• Develop and maintain IAM technical documentation, code repositories, and development environments.
• Provide guidance to IAM operations team and serve as escalation point for resolving operational incidents.
• Operate as a technical subject matter expert and advise project teams regarding integration with IAM technologies.

Skills Expertise

• Saviynt IGA v5.0 or later
• Knowledge on MySQL.
• Scripting knowledge like Shell, PowerShell, Perl etc.
• Good soft skills i.e. verbal & written communication, technical document writing etc.
• Exposure to global security standards e.g. PCI, SOX, HIPAA etc.
• Experience in managing small to large sized organization.
• Prior experience working in remote teams on global scale.
• Customer orientation skills.
  

Certification:

• Saviynt L100,L200 Certification (Good to have)
• ITIL or equivalent (Good to have)
  

Work Requirements:

• Willingness to travel as required
• Willingness to be on call support engineer and work occasional overtime as required
• Willingness to work in shifts as require
  

What we look for

• Who has hands on experience in setting up the Identity and Access Management environment in standalone and cluster environment.
• Who has hands-on Development experience on Provisioning Workflows, triggers, Rules and customizing the tool as per the requirements.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Perform remote and on-site gap assessment of the SIEM solution.
  • Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
  • Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
  • Evaluate SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
  • Understand customer requirements and recommend best practices for SIEM solutions.
  • Offer consultative advice in security principles and best practices related to SIEM operations
  • Design and document a SIEM solution to meet the customer needs
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
  • Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
  • Experience in parsing and masking of data prior to ingestion in SIEM
  • Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
  • Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
  • Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM
  • Experience in handling big data integration via Splunk
• Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
  • Hands-on experience in development and customization of Splunk Apps & Add-Ons
  • Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
  • Build and integrate contextual data into notable events
  • Experience in creating use cases under Cyber kill chain and MITRE attack framework
  • Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
  • Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
  • Sound knowledge in configuration of Alerts and Reports.
  • Good exposure in automatic lookup, data models and creating complex SPL queries.
  • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
  • Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations
  • Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

• Minimum of 3 to 6 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.
• Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
  • Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
  • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues
• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

IDN JD :-

• Ability to drive IGA projects including project management, team management, client management.
• Should have experience in implementing at least one complete IAM SDLC engagements projects. This must include activities such as requirements gathering, analysis, design, development, testing, deployment and application support
• Must have experience in SailPoint IDN architecture, design, development, configuration, testing, integration, and deployment.
• Must have experience in source/ Identity profile configuration, transform/rule development, workflow configuration, JML process and certification, Password sync.
• Must have experience in onboarding AD, JDBC and web service applications to IDN
• Must have experience in deployment of virtual appliance, understanding different VA architecture, deploy rules in cloud/VA, High availability/DR configuration
• Configuration and deployment of IQService in cloud and on-prem environments
• Professional IT certifications are a plus.
• Excellent verbal and written communication skills.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.