You will work with your project team and the client to execute engagements which help the client to measure the effectiveness of its cybersecurity programs, assess the cybersecurity risk of a client; evaluate the maturity of a security program, test the effectiveness of cyber controls, assist the client in complying with the various cyber policies and regulations, and help implement new cyber control processes and tools to perform more effective cyber risk management.
The Operation Technology Team provides cybersecurity services to clients who run operational technology environments and/or critical information infrastructures.
As an OT Cybersecurity Consultant, you will be part of an elite and dynamic team performing a myriad of cybersecurity services to help the clients identify any vulnerabilities or weaknesses, design and implement processes and solutions for the clients to better protect their systems, monitor and detect any cybersecurity attacks, respond to and recover from these attacks.
Attack and Penetration (A&P)
Our A&P services provide technical cyber assessments that aim to assist clients gain insight and context to their cyber threats and assessing, improving, and building security operations in order to mitigate these threats.
As an A&P team member, you will be responsible for performing web application/mobile penetration testing, network penetration testing, source code review and red team assessment. You will also be involved in conducting social engineering exercises and respond to incidents for clients suffering from security breach/cyberattack.
Solution and Architecture
As a member of Solution and Architecture team, you will be involved in analyzing the client’s cybersecurity requirements, design a suitable solution, test that the solution is built to specifications, deploy the solution to the client’s live environment and continuously enhance and optimize the solution to improve the client’s cybersecurity posture. You can become the cybersecurity architect in the domain you choose.
Internally within EY, we have a well-established Technology Career Framework that aims to assist individuals to pursue their dreams and align themselves to the opportunities and roles within the Cybersecurity & Privacy Discipline:
Conducts tests simulating cyber-attacks to find exploitable weaknesses and define remediation plans; simulates a threat actor attempting to gain unauthorized physical or logical access to an environment. Identifies security vulnerabilities during software development lifecycle to ensure security by design and default. Develops and executes cybersecurity test plans, ensuring test quality and managing resource planning and the resolution of issues that may impede the test effort.
Cybersecurity Assurance Professional
Provides security assessments related to network, infrastructure and application risks and vulnerabilities. Audits, assesses and advises on privacy frameworks, security policies, processes and governance for conformance against security standards, industry practices and regulatory obligations. Conducts information risk assessments (e.g., Crown Jewel identification and Risk Classification) and proposes appropriate mitigation strategies.
Cybersecurity Response & Investigations Professional
Addresses new and emerging threats that are either pro-actively detected by internal teams or external sources such as law enforcement, government agencies or other organizations. Conducts root cause analysis of any vulnerabilities as well as full-blown cyber breach/incident investigation using cutting-edge digital forensics toolkits, makes recommendations for future mitigation strategies and collates information and forensic artefacts for use in compliance and law enforcement activities.
Designs security architecture to address business requirements; defines the security infrastructure for the design and integration of new and existing systems (hardware, software, connectivity, and messaging). Acts as an intermediary between the business and technical community to understand business requirements, define the security architecture required and support the development and engineering teams with implementation.
Designs, develops, and delivers cybersecurity solutions, tools and processes through system development and integration; designs security infrastructure systems for monitoring, investigating and protecting sensitive data and systems from intrusions, compromise and security breaches. Collaborates with other departments across the business to ensure cybersecurity designs meet the security, business and technical requirements.
Leads cyber transformations to enhance the organization's security posture. Identifies opportunities to improve organizational cybersecurity strategy, policy and governance. Performs current state security assessments and supports target operating model definition. Manages discussions and proposes approaches in aligning cybersecurity initiatives to strategic business objectives.
Cybersecurity Operations Professional
Monitors and protects sensitive data and systems from intrusions and security breaches. Identifies, prioritizes and responds to security threats with appropriate containment approaches and develops, executes and continuously improves operational protocols and processes. Evaluates, utilizes, deploys and matures security controls used in cyber defense across an enterprise, and conducts normal operational maintenance of security systems.