Government and Public Sector - Cybersecurity - Defense Responder - Manager

From strategy to the Government & Public Sector practice (GPS) of Ernst & Young provides a full range of consulting and audit services to help our Federal State Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse highperforming teams quality work at the highest professional standards operational knowhow from across our global organization and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government shape the future with confidence.

The opportunity

Our cybersecurity professionals possess diverse industry knowledge along with unique technical expertise and specialized skills. The team works together in planning pursuing delivering and managing engagements to assess improve build and in some cases operate integrated security operations for our clients.

We will support you with careerlong training and coaching to develop your skills. As EY is a global leading service provider in this space you will be working with the best of the best in a collaborative environment.Sowhenever you join however long you stay the exceptional EY experience lasts a lifetime.

Your key responsibilities

Our security professionals possess diverse industry knowledge unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities attending and speaking at top security conferences and sharing knowledge with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communication channels including conference presentations white papers and blogs.

As part of our Blue Team you will focus on proactive cyber defense threat detection security monitoring and intelligencedriven defense to protect enterprise environments. Your work will include realtime security event analysis security automation incident response support forensic investigations and adversary simulation collaboration with Red and Purple Teams. You will also leverage cyber threat intelligence (CTI) to improve detection engineering threat hunting methodologies and defense strategies.

Our professionals work together in planning executing and managing engagements to assess improve build and in some cases operate integrated security operations for our clients.

Skills and attributes for success

• Conduct realtime security monitoring log analysis and threat detection using SIEM tools such as Splunk Elastic Microsoft Sentinel CrowdStrike NGSIEM and Palo Alto Cortex.
• Perform threat hunting and anomaly detection by analyzing security event data and network traffic for malicious activity.
• Integrate cyber threat intelligence (CTI) into detection methodologies correlating indicators of compromise (IOCs) and tactics techniques and procedures (TTPs) to strengthen defenses.
• Respond to cybersecurity incidents conduct forensic investigations and provide mitigation recommendations.
• Develop and finetune detection rules alerts and use cases for monitoring tools to improve incident detection and response.
• Conduct malware analysis reverse engineering and threat intelligence correlation to improve defensive strategies.
• Work closely with Red and Purple Teams to simulate adversary tactics improve detection efficacy and test security defenses in adversary emulation exercises.
• Provide guidance on security best practices hardening techniques and zerotrust architectures.
• Automate security operations and develop playbooks using SOAR platforms to improve response efficiency.
• Conduct security assessments and assist with compliance efforts for industry standards such as MITRE ATT&CK NIST 80053 ISO 27001 and CIS Benchmarks.

To qualify for theroleyou musthave

• Bachelors degree in Computer Science Information Systems Engineering Business or a related field and a minimum of 5 years of related work experience; or a Masters degree and 4 years of related work experience in security operations threat detection or incident response.
• Any one or more of the following certifications:
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CISA (Certified Information Systems Auditor)
  • OSCP (Offensive Security Certified Professional)
  • SANS GIAC certifications such as:
    • GSE (GIAC Security Expert)
    • GCFA (Forensic Analyst)
    • GNFA (Network Forensic Analyst)
    • GDAT (Defending Advanced Threats)
    • GMON (Continuous Monitoring and Security Operations)
    • GCIH (Incident Handler)
    • GREM (Reverse Engineering Malware)
    • GSOC (Security Operations Center)
    • GCIA (Intrusion Analyst)
    • GCED (Enterprise Defender)
• Handson experience with SIEM SOAR EDR NDR email security and security monitoring platforms.
• Strong understanding of network security cloud security (AWS Azure GCP) and endpoint protection strategies.
• Experience with log analysis network traffic analysis and behavioral analytics for identifying suspicious activity.
• Strong scripting and automation skills in Python PowerShell or Bash to streamline security operations.
• Experience with MITRE ATT&CK framework adversary emulation and threat intelligence integration.
• Must havean active TS/SCI clearance with eligibility for a polygraph and able to maintain it.
• Must be willing to work onsite as needed by the client in the greater Washington DC area

Due to the nature of our work in the Government and Public Sector work may be required to be completed at client EY and/or contractor sites. Our goal is to assign professionals to projects within a commutable distance of their work location office. In certain circumstances travel may be required beyond your work location based on client and project needs. Candidates should be willing to travel 20 30 or more.

Ideally youll also have

Prior consulting experience.

• Experience developing custom threat detection analytics and behavioral anomaly detection rules.
• Familiarity with cloudnative security monitoring tools (AWS GuardDuty Azure Security Center Google Chronicle).
• Experience with deception technologies honeypots and adversary engagement techniques.
• Deep understanding of Active Directory security Kerberos attacks and lateral movement techniques.
• Experience working in Cloud/Container environments.
• Penetration Testing experience.
• Application Security experience.
• Attack Surface Management experience.

What we look for

Were interested in intellectually curious people with a genuine passion for cybersecurity. With your expertise well turn to you to speak up with innovative ideas that could make a lasting difference not only to us but also to the industry. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here this is the role for you.

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

What we offer

We offer a competitive compensation package where youll be rewarded based on your performance and recognized for the value you bring to our business. In addition our Total Rewards package includes medical and dental coverage pension and 401(k) plans and a wide range of paid time off options. Under our flexible vacation policy youll decide how much vacation time you need based on your own personal circumstances. Youll also be granted time off for designated EY Paid Holidays Winter/Summer breaks Personal/Family Care and other leaves of absence when needed to support your physical financial and emotional wellbeing.

Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way.
Transformative leadership: Well give you the insights coaching and confidence to be the leader the world needs.

• Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way.
• Transformative leadership: Well give you the insights coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs.