Here at EY you’ll work with a team of amazing technologists who are always growing, learning, and adapting, in and out of the office. Technology is changing the world, and we’re at the centre of it all. With a team list that reads like a who's who in tech, and a highly disruptive business model, we’re advancing the art of team collaboration. Driven by honest values, an amazing culture, we’re out to unleash the potential of every team. From Sydney and Melbourne to Sydney and Canberra and across the ditch, we’re looking for people like you who are powered by passion and eager to do the best work of their lives in a highly autonomous yet collaborative environment.
What you’ll do:
Our security engineers assist and lead in the implementation of innovative cybersecurity solutions for our clients, as well as work with software, systems, and data engineers to ensure that security is implemented throughout projects from both low and high levels. They belong to an internationally connected team of specialists who assist clients with their most complex technical information security needs. This involves implementing technical security controls across a wide range of environments, from scripting, software development, to making use of security appliances.
On your first day, we'd love for you to have:
Expert level security knowledge in technical IT domains - operating systems, networks, databases, mobile, cloud or solution development etc.
Experience implementing controls in a wide range of environments, from microsystem, IoT, cloud, appliance, workstation, and servers.
Expert level knowledge of coding languages and frameworks such as ReactJS, Angular JS, Python, Java, C#, NodeJS, Ruby and other full stack frameworks.
Hands on knowledge of devops and automation tools and services such as AzureDevops, Jenkins, Puppet, docker, GIT.
Knowledge of integration of security and devops toolkits into the devops and CI/CD pipeline
Understanding of cyber security regulations such as APRA-CPS234, GDPR, IRAP, PCI-DSS etc. While not all regulations are required on day one, it is imperative to have knowledge of some or one so you can apply that to other regulatory requirements.
Hands on exposure to at least one or more cloud environments. This can be Microsoft Azure, Amazon AWS, Google Cloud etc. With one environment understood it is possible to map those skills onto other environments.
Knowledge of Application Security vulnerabilities and automation of security checks using technologies such as DAST, SAST, IAST and Open Source Vulnerability scanning methods. Exposure to Security Test Automation using abuse cases and leveraging frameworks such as Selenium, NightWatch, Cucumber, BDD-Security
Experience in practical security vulnerability identification, remediation and prevention.
It's great, but not required, if you have:
A Computer Science or Software engineering degree or equivalent
Industry related certification preferred (e.g. CISSP, CISA, CISM, SABSA, PRINCE2, TOGAF, ITIL and AWS, Azure or GCP certifications)
Solution and Infrastructure Level Certifications such as CCNA/P, Microsoft technologies, various cloud certifications etc. will be advantageous
Knowledge of containers and container security requirements, such as Docker or Kubernetes.
EY is a global professional services organisation providing consulting, assurance, tax and strategy and transaction services. We are committed to doing our part in building a better working world, to help create wider economic and social benefits today, and a strong legacy for a better tomorrow.
Across every part of EY, we dig deeper in pursuit of better working. Does better begin with you? Click apply online to find out. The preferred applicant will be subject to employment screening by Ernst & Young or by their external third-party provider.
© 2020 Ernst & Young Australia. All Rights Reserved.