Consulting - Financial Services, Technology Consulting, Cyber Security, Staff Associate - Hong Kong
Ernst & Young
Type: Full Time
Internal Number: 12867981
Diversity is a core value at EY. We are passionate about building and sustaining an inclusive and equitable working environment for all of our people. We believe every member in our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions. The opportunity Do you like to create and innovate? Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing regulatory landscape are some of the challenges that customers face. EY teams are seeking people to join the fast growing EY businesses in helping our clients implement provable security at scale to combat these challenges. In particular, EY teams need people with proven experience and passion in penetration testing to help clients secure their application and infrastructure. If this is you, you will also have the opportunity to innovate on new ideas, technologies and explore new challenges.
Your key responsibilities ??? Perform vulnerability scanning and penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc. ??? Prepare testing reports and findings tracker sheets based on the provided template ??? Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities ??? Research the latest security best practices and stay abreast of new threats and vulnerabilities ??? Support Red Teaming exercise ??? Coach / mentor junior team members on VSPT related knowledge and skills ??? Participate in a fast-paced delivery in challenging projects of other cyber security domains ??? Involve in customer relationship management, project management and team management
Requirements: To qualify for the role you must have:
Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)
Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
Proficiency in written and oral English communication skills. Cantonese is an advantage
Experience in static and dynamic secure code review will be an added advantage
Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent
Skills and attributes for success
College degree or equivalent with minimum 2 years' related work experience in penetration testing
Thorough understanding of the following items: Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
Risk Rating Standards like DREAD, CVSS etc.
Application architecture and Secure development life cycle (SDLC)
Threat modelling and risk analysis
Strong organizational, team-work, multi-tasking and time-management skills
What working at EY offers
Exposures to working with industry leading organizations in Financial industry
Opportunities to develop new skills and progress your career
Support, coaching and feedback from some of the most engaging colleagues around
The freedom and flexibility to handle your role in a way that's right for you
About EY As a global leader in assurance, tax, strategy and transactions and consulting services, we're using the finance products, knowledge and systems we've developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we'll make our ambition to be the best employer by 2021 a reality.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world.