EY - Cyber Security Professional

Application Security :

- Risk Assessment & Consultancy group is responsible for ensuring that the organization's applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of applications. The person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy.

- The role will focus on reviewing application security mechanisms inbuilt into the applications, by carrying out Security reviews i.e. Secure Design Review and Threat Modeling. The job involves working closely with development groups, Enterprise Architecture so that the applications are compliant with company's Information Security Standards.

- The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology and problem solving, will display good interpersonal skills and show confidence and ability to interact professionally with people at all levels.

Key Accountabilities :

- Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Secure Design review, Threat Modelling.

- Liaison with Developers, Architects, Project Managers to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.

- Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.

- Be "hands on" with technology and to contribute to the design, development and support of projects with the Security recommendations.

- Review design and development artefacts to ensure security quality in the products being developed.

- Protect company's information assets by promoting the understanding and acceptance of Information Security Policy and Standards.

- Contribute to Enterprise Architecture in definition of the technology stack and various standards and guidelines for development teams

Skills and Experience :

- Experience of providing application security services with exposure to application lifecycle security.

- Strong understanding of attack vectors from OWASP, WASC and mitigation of the same.

- Strong understanding of general security concepts and principles and application specific security concepts and principles.

- Strong understanding of Software Development Life Cycle (SDLC) with a focus on security.

- Strong understanding of protocols (HTTP, HTTPS, SSL, TLS)

- Strong understanding of Threat Modeling, assessment of impact and likelihood of threat scenarios

- Strong understanding of applications design and architecture

- Strong understanding of Encryption (both Symmetric and Asymmetric), hash algorithm its principles and proper applicability.

- Strong understanding of Public Key Infrastructure, SSL/TLS Protocols and digital signature principles.

- Strong understanding in common web technologies, including browsers, HTML, XML, HTML5, Ajax, JASON, WebServices, JavaScript and WebServers, database

- Understanding and knowledge on other security domains including Network, IAM, Data & Compute

- Capable of understanding end user requirements from security perspective.

- Understanding of emerging technologies and corresponding security threats

- Sound business and technical acumen

- Problem-solving and critical-thinking skills.

- Focused and versatile team player

- Self-motivated, flexible

- Professional Qualification : CISSP/CSSLP will be an added advantage