EY Risk Consulting - Protect Tech Senior Application Security 

India, Karnataka, Bengaluru 

920044300

Key responsibilities

The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you should have following skills added below.

• Perform comprehensive security assessments and collaborate with developers to mitigate vulnerabilities.
• Evaluate software architectures to detect potential threats, craft threat models to illustrate possible attack paths, and prioritize security measures.
• Scrutinize developer-written code for security weaknesses, compliance with coding standards, and alignment with best practices, integrating security throughout the development process.
• Execute a suite of security tests, including static (SAST), dynamic (DAST), and interactive (IAST) analyses, to discover and address application vulnerabilities.
• In critical security incidents, you'll be instrumental in the investigation, containment, and resolution efforts, working alongside incident response teams.
• Guide application onboarding and support developers through the review process, ensuring a smooth integration into our security framework.
• Develop and refine roadmaps and priorities for our Assurance program, focusing on the security of tools and services.
• Partner with engineering teams and tool owners to proactively embed the Assurance function earlier in the development cycle.
• Innovate and enhance the Application Risk Assessment program, ensuring continuous improvement.
• Evaluate tools and technologies to identify gaps in data protection and compliance, ensuring adherence to regulatory standards.

To qualify for the role, you must have

• A bachelor’s degree in information technology, Cybersecurity, or Business Management with at least 3 years of experience in product/technical program management, data analysis, or product development, or an equivalent combination of education and experience.
• At least 3 years of work experience in technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering.
• Proficiency in coordinating complex process reviews, interpreting results, and clearly articulating findings.
• Good to have at least one relevant industry certification, such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, among others.
• Prior experience working on an application or service development team is advantageous.
• A self-starter who is motivated to work autonomously with minimal supervision.
• Strong analytical skills with the capacity to think creatively, communicate recommendations, influence change, and introduce process and structure in a dynamic environment.
• A comprehensive understanding of various technologies, including cloud computing, networking, cloud application design, development tools/processes, and common cloud-based application architectures.
• Knowledge of data security concepts, such as Application Security Testing, Vulnerability Assessment, or Information Systems Audit.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.