Cyber Risk Assessor- E

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. And were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following:

• Experience with infrastructure penetration testing and vulnerability assessments
• Good knowledge of OWASP and Secure SDLC standards
• Should have performed web/mobile/API penetration testing.
• Good knowledge of encryption technologies & MiTM attacks
• Experience in performing security code reviews and log analysis.
• Knowledge of Linux administration TCP/IP DNS Network protocols and OSI model
• Good understanding of MITRE ATT&CK framework and how to leverage it.
• Good understanding of AD administration different authentication mechanisms trust boundaries etc.
• Experience in performing security configuration reviews for OS Databases Network & Security devices applications etc.
• Should have good understanding of the cloud services (AWS Azure and GCP) its architecture potential attack vectors and mitigation plans
• Should have good understanding of the Container services Kubernetes auditing and LLM security
• Experience in performing architecture design review for network and applications
• Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF NCA NIST NESA Qatar Cybersecurity Framework etc.
• Support in conducting technical reviews as part of IT/CS audits
• Should hold atleast 1 of the certifications or its equivalent : OSCP GPEN OSWE OSWP CRTP LPT ECSA ISO27001 CEH
• Hands on experience will security testing tools/frameworks like Burp Suite Nessus Qualys etc.
• Hands on experience with programming using Python/Perl/PowerShell/C#
• Hands on experience with setting-up phishing and performing social engineering assessments
• Experience with AV/NAC evasion obfuscation bypass windows ASR/device guard network security controls emails gateway filtering etc.
• Experience with Active directory assessments
• Experience with different stages of cyber kill chain
• Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events
• Analysis of the patches released by the vendors
• Good in report writing and convey the observations to the top management in laymans language emphasizing on the business risks.
• Experience with mentoring junior resources or managing stakeholders/client

Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise

Skills

Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication or equivalent)

Qualification preferred-

EY Building a better working world

EY exists to build a better working world helping to create long-term value for clients people and society and build trust in the capital markets.

Enabled by data and technology diverse EY teams in over 150 countries provide trust through assurance and help clients grow transform and operate.

Working across assurance consulting law strategy tax and transactions EY teams ask better questions to find new answers for the complex issues facing our world today.