EY GDS Consulting Cyber Security - Application 

Philippines, Taguig 

485595394

• Serve as the primary security consultant for client engagements, providing expert guidance on application security best practices.
• Plan, execute, and document vulnerability & penetration tests on web, mobile, and cloud-based applications.
• Identify and exploit vulnerabilities using both manual techniques and automated tools.
• Ensure testing methodologies align with OWASP Top 10, NIST SP 800-115, and other relevant frameworks.
• Collaborate with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
• Provide detailed findings and actionable remediation guidance to engineering teams.
• Lead threat modeling sessions and risk assessments for client applications and architectures.
• Advocate for secure coding and security-by-design practices and assist in implementing security controls.
• Evaluate and recommend security tools and technologies to enhance testing capabilities.
• Participate in code reviews and architecture assessments to identify potential security flaws.
• Develop and maintain documentation related to testing procedures, findings, and remediation tracking.
• Prepare reports on application security posture, vulnerabilities, and mitigation progress for stakeholders.
• Assist in incident response and forensic analysis related to application-level breaches.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Recommend and implement continuous improvement initiatives to enhance application security.
• Support incident response efforts and forensic investigations for client-reported application security incidents.
• Maintain documentation of testing methodologies, client interactions and remediation tracking.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field or;
• Minimum of 5 years of experience in application security, vulnerability management, penetration testing, or ethical hacking.
• Hands-on experience with tools such as Burp Suite, OWASP ZAP, Metasploit, custom scripts, etc.
• Familiarity with secure coding practices and common development frameworks (e.g., Java, .NET, Python, JavaScript).
• Relevant certifications such as Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), or Certified Ethical Hacker (CEH) are a huge plus.
• Strong understanding of application architectures, APIs, authentication mechanisms, and encryption protocols.
• Proficiency in vulnerability management platforms and SIEM tools.
• Excellent communication and interpersonal skills, with the ability to translate technical findings into business impact.
• Detail-oriented with a strong commitment to quality, security, and compliance.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.