EY GDS Consulting Cyber Security Senior Consultant 

Philippines, Taguig 

21875764

This role requires a strong understanding of cybersecurity concepts, cloud security best practices, and risk(CSPs) like Azure, AWS, and GCP, and possess knowledge in application security, network security, identity &
access management (IAM), DevSecOps, and security operations.
• Evaluate, design, and implement secure application architectures.
• Conduct threat modeling and security design reviews for new technologies.
• Collaborate with development teams to ensure secure coding practices (OWASP Top 10, API Security).
• Assist in vulnerability assessments and remediation guidance.
• Support DevSecOps integration into development pipelines.• Assist in architecting and implementing secure cloud solutions (AWS, Azure, GCP).
• Identify security risks in cloud environments and recommend mitigations.
• Monitor cloud systems for misconfigurations, threats, and vulnerabilities.
• Contribute to incident response and recovery processes in cloud environments.
• Exposure to Terraform and Infrastructure as Code (IaC) is a plus.• Support infrastructure security controls (firewalls, IDS/IPS, VPN, network segmentation).
• Help manage Identity & Access Management (IAM) policies (RBAC, MFA, SSO).
• Basic knowledge of Wireshark for packet analysis is beneficial.
• Participate in security evaluations of new solutions and products.
Threat Risk Assessments:
• Assist in identifying and assessing potential threats to systems and assets.
• Contribute to risk assessments using standard methodologies (DREAD, STRIDE, FAIR).
• Work with teams to develop risk mitigation strategies.
• Exposure to SCADA/OT security concepts is an advantage.• Work closely with security teams and stakeholders on cybersecurity initiatives.
• Support in creating security design documents and risk assessment reports.
• Maintain up-to-date documentation on security controls and IAM policies.
Qualifications:
Must-Have:
• Bachelor’s degree in Computer Science, Cybersecurity, IT, Engineering, or related field.
• Understanding of core cybersecurity principles, including authentication, access control, and risk
management.
• Familiarity with cloud security concepts (AWS, Azure, GCP).
• Basic networking knowledge (CISCO, firewalls, VPNs, network segmentation).
• Hands-on experience or coursework in security fundamentals (OWASP Top 10, SIEM basics, IAM, threat
modeling).
• Ability to work both independently and in a team environment.
• Strong communication skills to collaborate with stakeholders.
• 5+ years of experience with cybersecurity
• Willingness to work on graveyard shift.• Experience with DevSecOps, Terraform, or Infrastructure as Code (IaC).
• Familiarity with SIEM platforms (Sentinel, GuardDuty, Splunk).
• Understanding of IAM technologies (OAuth2, OpenID Connect, SAML 2.0).
• Exposure to risk assessment methodologies and frameworks (ISO 27001, NIST, CIS, etc.).
• Basic knowledge of SCADA/OT security and industrial protocols (Modbus, DNP3, Nozomi Networks).
• Scripting skills in Python, Java, SQL, Bash, PowerShell.
• Certifications such as CompTIA Security+, TOGAF, CCSP, AWS/Azure Architect/Security Specialty, CISSP
(preferred but not required).

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.