דרושים Tc-cs-ngso Tem-pen Testing-manager ב-Ey ב-India, Thiruvananthapuram

Working in our practice, you will have the opportunity to work with clients to provide practical risk management, internal audit solutions and gaining valuable experience in a variety of clients.

Your key responsibilities

The current role requires leading internal audit and other risk consulting engagements for Real Estate construction companies. As part of the role, the candidate is expected to:

• Responsible for leading and executing client engagements and meeting the expectations of the client and the onsite team within the MENA region.
• Ability to interact with all levels of management, including C-Suite management
• Possess in-depth sector knowledge and practical experience in at least one of the following industries: Real Estate & Construction, Airport, or Aviation.
• Have thorough knowledge and understanding of Internal Audit methodology and IIA requirements.
• Deliver / manage engagements to time, cost and high quality.
• Identify key areas of improvement in the client's business processes and add value by preparing insightful recommendations.
• Contribute to business development activities such as preparing proposals, lead identification
• Always comply with the firm’s quality and risk management policies
• Manage multiple assignments and related project teams.
• Maintain excellent rapport and proactive communication with the client
• Mentor and coach junior team members, enabling them to meet their performance goals and successfully grow their careers
• Manage the engagement budgets and support superiors in developing marketing collaterals, business proposals and new solution / methodology development

Skills and attributes for success

• Exceptional command on spoken and written English
• Globally mobile and flexible to travel to onsite locations at a short notice
• Highly analytical, organised and meticulous consulting skills
• Demonstrating and applying strong project management skills, inspiring teamwork and responsibility with engagement team members
• Ability to multi-task, work well under pressure with commitment to deliver under tight deadline
• Strong organizational skills with ability to prioritize effectively
• Attention to detail and quality assurance
• Proficient in MS-Office Suite, data analysis & validation

To qualify for the role, you must have

• Bachelor’s degree in Engineering or relevant professional qualification such as CA, ACCA,CIA
• Experience in Internal Audit /Risk Management with Real Estate and Construction sector focus
• A minimum of 11 years of relevant work experience
• A valid passport for travel.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

Key Responsibilities:

• Design, develop, and maintain scalable web applications using .NET (C#) and React/Angular.
• Write clean, maintainable, and efficient code following best practices.
• Collaborate with cross-functional teams to define, design, and ship new features.
• Develop and maintain VSCode extensions to enhance developer productivity.
• Optimize application performance and ensure responsiveness across platforms.
• Participate in code reviews, testing, and debugging.
• Stay up-to-date with emerging technologies and frameworks.

Required Skills & Qualifications:

• 5+ years of professional experience in software development.
• Strong proficiency in .NET (C#) and ASP.NET Core.
• Hands-on experience with React.js or Angular.
• Solid understanding and practical experience with TypeScript.
• Exposure to VSCode extension development (e.g., using Node.js, TypeScript, and the VSCode API).
• Experience with RESTful APIs, Web Services, and Microservices architecture.
• Familiarity with Git, CI/CD pipelines, and Agile methodologies.
• Excellent problem-solving and communication skills.

Preferred Qualifications:

• Experience with cloud platforms GCP preferred.
• Knowledge of containerization tools like Docker and Kubernetes.
• Familiarity with unit testing frameworks and automated testing tools.
• Contributions to open-source projects or personal GitHub portfolio.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Your key responsibilities

• Evaluate key cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Identity and Access Management (IAM), Cloud Access Security Brokers (CASB), Web Application Firewalls (WAF), Cloud encryption and key management services, Security Information and Event Management (SIEM), and security automation tools with respect to hybrid cloud security posture (AWS, Azure, GCP, and on-premises).
• Evaluate the effectiveness of the implementation and operations of vulnerability management and patching programs, including timely identification, prioritization, and remediation of cloud and on-premises vulnerabilities
• Evaluate security hardening standards and secure cloud configuration best practices across all environments.
• Evaluate DevSecOps implementation to embed security into CI/CD pipelines and cloud deployments.
• Evaluate the current practice followed of cloud security monitoring and incident management
• Conducting risk assessments and vulnerability analyses in cloud environments and propose mitigation strategies
• Support larger Internal Audit and Cyber security audits engagements especially on domains related to cloud security
• Develop cloud security policies/procedures to protect data in the cloud and prevent unauthorized access.
• Good understanding of cloud security standards/regulations globally and within the MENA region (KSA, UAE, Qatar)
• Communicate cloud security risks, strategies, and remediation plans clearly to technical teams and senior management
• Ability to translate complex technical details into clear, business-understandable language for effective communication with stakeholders/business users
• Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks.
• Build a team under you focused on cloud security and mentor junior resources
• Facilitate knowledge sharing and cross-team collaboration to enhance cloud security skills within the group
• Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise

Skills and attributes for success

• Strong technical knowledge of AWS, Azure, GCP, OCI and on-premises security architectures and controls.
• Proven ability to evaluate cloud security technologies, policies and processes.
• Experience conducting cloud risk assessments against global/MENA specific standards/regulations
• Experience managing cloud security metrics, reporting, and audit readiness.
• Excellent communication and stakeholder management skills.
• Experience in incident management and response in cloud environments.
• Familiarity with DevSecOps and secure CI/CD practices in Cloud

To qualify for the role, you must have

• 7–14 years of experience in cloud security, with hands-on expertise in hybrid and multi-cloud environments.
• Excellent communication skills with consulting experience preferred

Ideally, you’ll also have

• A bachelor's or master's degree in B. TECH/B. E, MS, MBA in accounting or a related discipline.
• CCSP (Certified Cloud Security Professional)
• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate
• Google Cloud Professional Cloud Security Engineer)

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

Attack & Penetration Testing - Senior

As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.

Your key responsibilities

• Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
• Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Execute red team assessments to highlight gaps impacting organizations security postures.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Perform technical quality reviews and conduct technical conversations directly with clients.
• Keep uptodate with the latest techniques and concepts.
• Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
• Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
• Understanding and experience with Active Directory attacks.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
• Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
• Support SDLC and agile environments with application security testing and source code reviews.
• Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
• Provide technical expertise and guidance to clients on remediation strategies and security best practices.

Skills and attributes for success

• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
• Good to have knowledge in AI in pentest
• Understanding of TCP/IP network protocols.
• Understanding of network security and popular attacks vectors.
• Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
• Strong understanding of security principles, policies, and industry best practices
• Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
• Excellent communication and presentation skills, both written and verbal.
• Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
• Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.

To qualify for the role, you must have

• BE/ B.Tech/ MCA or equivalent
• Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
• One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• 3-9 years of work experience in Strategy and Operations projects
• Team management skills are preferred.
• Conduct technical discussions and perform technical Quality reviews.
• Familiarity with OWASP methodologies and application security vulnerabilities.
• Exceptional ability to educate and guide application developers in security best practices.
• Excellent communication, presentation, and interpersonal skills.
• Strong Word, Excel and PowerPoint skills.

Ideally, you’ll also have

• Project management skills
• Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.

What we look for

• Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

This is a role where no two days are the same – so you’ll find yourself taking on plenty of new responsibilities as you go. You’ll work alongside clients and colleagues, balancing your time between developing security strategies, designing security and privacy controls, advising client stakeholders, facilitating workshops and supporting business development.

As a Cyber GRC Professional in our Cyber Security practice, you will be occupied in the following domains: a) Strategy, b) Risk, c) Compliance. As part of our team strategy you will be expected to take on responsibility and initiative early, providing you with real experience working with a wide range of major clients in EY. You will be taking responsibility for the quality of your work, while continually developing your personal and professional skills through formal training, hands-on experience and coaching.

To qualify for the role, you must have:

• Degree, or equivalent, in Information Security, Cyber Security, Information Technology, Informatics, or other similar and technical areas
• Evidence of self-motivation to continuously develop in the areas of cybersecurity
• Good organizational and time management skills with the ability to prioritize and complete multiple complex projects under tight deadlines
• Ability to translate security issues into business risks
• Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels
• Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies
• Experience, knowledge and strong interest in information and cyber security domains are essential for this role
• Experience on Cyber Governance, Risk & Compliance (GRC), Cyber risk assessments & management methodologies
• Experience on assessing, designing and implementing security strategies, governance frameworks over processes and controls, allowing organisations to optimally manage cyber security
• Experience on design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, such as ISO27001, NIST, SANS etc.
• Experience in data classification exercises and controls / mechanisms enforcement
• Working knowledge of control frameworks such as ISO 27001/27002, COBIT, NIST, ITIL, etc.
• Ability to conduct Security regulatory and compliance assessment independently
• Hands on with assessment report preparation and presenting to senior technical and business stakeholders
• Hand on knowledge of excel, PowerPoint and word
• Articulative and confident in presentation to senior stakeholders
• Ability to lead workstreams or dedicated portions of projects
• Cyber maturity assessments, recommendations, roadmap and strategy creation
• knowledge of use of and risks related to modern and emerging technologies
• Cybersecurity audit
• Ability to plan and deliver cyber security training and awareness

Ideally, you’ll also have:

• Security-related qualifications / certifications such as CISSP, SSCP, CISM, ISO27001 lead implementer or auditor, CompTIA Security+, are desirable
• Experience in Third Party Risk Management (TPRM) and / or vendor risk assessment engagements
• Experience in design and implementation of Information Security Management Systems (i.e. security policies, procedures and guidelines) according to leading International Standards
• Security-related vendor / technology certifications are desirable

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Key Responsibilities:

• Design, develop, and maintain robust data pipelines using GCP services such as BigQuery, Dataflow, Pub/Sub, CloudSQL, Cloud Composer (Airflow).
• Build and manage Airflow DAGs for orchestrating complex workflows.
• Write efficient and reusable Python scripts for data processing and automation.
• Develop solutions to move and transform data across GCP projects securely and efficiently.
• Collaborate with data scientists, analysts, and other engineers to ensure data availability and quality.
• Optimize data workflows for performance, scalability, and cost-efficiency.

Required Skills & Qualifications:

• Minimum 4 years of experience in data engineering, with at least 2+ years on GCP.
• Strong expertise in BigQuery, Dataflow, Pub/Sub, CloudSQL, Composer/Airflow.
• Proficient in Python for scripting and automation.
• Experience in designing and implementing data pipelines across GCP projects.
• Familiarity with CI/CD practices and version control (e.g., Git).
• Excellent problem-solving and communication skills.

Nice to Have:

• Experience with Terraform or other IaC tools.
• Knowledge of data governance and security best practices on GCP.
• Exposure to real-time data processing and streaming architectures.

What we look for :People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain positive energy, while being adaptable and creative in their approach.

Key Responsibilities

• Craft and update Market Conduct risk management policies and procedures for clients, ensuring the effective governance of Market Conduct risks.
• Ensure that regulated entities comply with all applicable market conduct regulations and consumer protection laws.
• Review and analyse new regulations to determine their impact on business operations.
• Identify key market conduct and consumer protection risks across various jurisdictions for a range of clients
• Conduct or participate in examinations of insurance companies, banks, or other financial institutions to assess compliance with market conduct standards.
• Investigate consumer complaints to identify potential violations of market conduct rules.
• Work with other departments to resolve consumer complaints and issues in a timely and fair manner.
• Prepare reports detailing findings from examinations and audits.
• Develop key risk indicators for consumer compliance and continuously monitor metrics associated with principal market conduct risks
• Analyse and report on client risk frameworks to enhance market conduct and compliance management
• Stay updated with industry and regulatory developments, especially concerning consumer protection enforcement actions and new regulations, to provide informed advisory services to clients.

Required skills and experience:

• MBA/PGDM/Legal qualification with a focus on Finance
• 6+ years of experience in Compliance/Legal roles within the financial services industry
• Proficient in interpreting banking CBUAE regulations, understanding their impact on consumer business processes, and identifying consumer compliance and market conduct risks.
• Strong relationship management skills, capable of fostering trust and collaboration with clients.
• Extensive knowledge of banking products and services, with the ability to advise clients on best practices.
  

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.