Application Security Consultant/Senior Consultant (Secure Code Review) – Advanced Security Centre - Melbourne | Expression of Interest


At EY we have fantastic opportunities for you to work with market leading specialists and collaborate with our clients to manage engagements, lead teams or perform penetration testing. We've built a team of technically focused consultants in our global network of Advanced Security Centres (ASCs) and as we continue to grow we are seeking cybersecurity professionals at all levels of seniority. ASC professionals typically operate in a red team capacity executing with advanced cybersecurity tools and techniques.

Our Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that is designed to help our clients protect the confidentiality, integrity and availability of their information. We work with some of Asia Pacific’s biggest clients and are one of Australia’s largest penetration testing teams that has been consistently working together for more than 8 years.

The ASC provides the following services to our clients:

  • Web, mobile and thick client penetration testing
  • Source code reviews
  • Infrastructure security assessments
  • Internal/external network penetration testing
  • Vulnerability assessments
  • Security configuration reviews
  • Wireless assessments
  • Social engineering/red team assessments

The opportunity

In your role as an Application Security Consultant/Senior Consultant in the Advanced Security Centre team, you will:

  • Identify security vulnerabilities within application source code, using automated static application security testing (SAST) tools and via manual review
  • Consult with development teams to risk assess vulnerabilities
  • Assist and train development teams with remediation activities and secure coding practices
  • Drive improvements in our clients’ development practices by integrating security source code reviews into the CI/CD pipeline.

We’re looking for people with the following experience:

  • Demonstrated professional experience in a development or application security role in at least two or more of the following languages – Java, C#, C/C++, JavaScript (node.js), Ruby, Python, PHP
  • Working knowledge of one or more SAST tools - e.g. Fortify, Checkmarx, Veracode
  • Working knowledge of one or more continuous integration tools – e.g. Jenkins, Bamboo, Travis CI, VSTS
  • Experience managing client stakeholders and expectations
  • Advanced written and verbal communication skills and presentation skills
  • The ability to translate technical jargon to non-technical stakeholders

The following skills will be advantageous:

  • Working knowledge of one or more DAST tools – e.g. Burp Suite, Acunetix, WebInspect, AppScan
  • Working knowledge of one or more dependency analysis tools – e.g. BlackDuck, Sonatype Nexus
  • A methodical approach to attack and penetration testing (above running automated tools)
  • Application security testing experience (in particular ASP.NET and Java technologies)
  • Mobile application security testing/development experience
  • Infrastructure security testing experience
  • Wireless security testing experience
  • Reverse engineering or malware analysis experience
  • Threat Intelligence experience
  • Operational Technology/Industrial Control Systems experience
  • Technical security operations experience
  • Working knowledge of network protocols
  • Network security: firewalls/routers/switches/VLANs
  • Administration experience in any of the following
    • Windows Active Directory Administration
    • Linux/Unix Administration
    • Database Administration
  • Systems security skills in assessment, design, architecture, management and reporting

To qualify

  • A minimum of 2 years in a software/web development or application security role
  • Strong project management, negotiation and interpersonal skills would be viewed favourably
  • Have a commitment to build and grow your technical cybersecurity career to the next level

You may also have a Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major.

What we look for

We’re interested in individuals with a genuine creative vision and the confidence to make it happen. You can expect plenty of autonomy, so you’ll also need the ability to take initiative and seek out opportunities to improve our current relationships and processes. If you’re serious about cybersecurity and ready to take on some of our clients’ most complex issues, a role with EY is for you.  
 

What working at EY offers

We offer competitive remuneration packages where you’ll be rewarded based on your performance and the value you bring. Our Total Rewards package includes support for flexible working, career development, and an extensive range of wellbeing and benefit offerings. We are happy to consider formal and informal flexible working arrangements. To find out how some of our people are using these arrangements to help them achieve a lifestyle balance, please click here.
 

Who we are

EY is an inclusive and equal opportunity employer offering a vast range of internal networks including Unity, our LGBTI network and our Aboriginal and Torres Strait Islander network. These provide our people with the opportunity to connect across offices and allow us all to embrace and value the diverse society we live within.  We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive work environment. If you have any support or access requirements, we encourage you to advise us at the time of application.
 
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, knowledge and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. 



Start a conversation with us now.

 

The preferred applicant will be subject to employment screening by EY or by their external third party provider. The preferred applicant will be subject to employment screening by Ernst & Young or by their external third party provider. Regarding these opportunities, the minimum salary for more junior positions is $70,000 including 9.5% superannuation. 


 
The preferred applicant will be subject to employment screening by Ernst & Young or by their external third party provider.
 
© 2018 Ernst & Young Australia. All Rights Reserved.


At EY we have fantastic opportunities for you to work with market leading specialists and collaborate with our clients to manage engagements, lead teams or perform penetration testing. We've built a team of technically focused consultants in our global network of Advanced Security Centres (ASCs) and as we continue to grow we are seeking cybersecurity professionals at all levels of seniority. ASC professionals typically operate in a red team capacity executing with advanced cybersecurity tools and techniques.

Our Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that is designed to help our clients protect the confidentiality, integrity and availability of their information. We work with some of Asia Pacific’s biggest clients and are one of Australia’s largest penetration testing teams that has been consistently working together for more than 8 years.

The ASC provides the following services to our clients:

  • Web, mobile and thick client penetration testing
  • Source code reviews
  • Infrastructure security assessments
  • Internal/external network penetration testing
  • Vulnerability assessments
  • Security configuration reviews
  • Wireless assessments
  • Social engineering/red team assessments

The opportunity

In your role as an Application Security Consultant/Senior Consultant in the Advanced Security Centre team, you will:

  • Identify security vulnerabilities within application source code, using automated static application security testing (SAST) tools and via manual review
  • Consult with development teams to risk assess vulnerabilities
  • Assist and train development teams with remediation activities and secure coding practices
  • Drive improvements in our clients’ development practices by integrating security source code reviews into the CI/CD pipeline.

We’re looking for people with the following experience:

  • Demonstrated professional experience in a development or application security role in at least two or more of the following languages – Java, C#, C/C++, JavaScript (node.js), Ruby, Python, PHP
  • Working knowledge of one or more SAST tools - e.g. Fortify, Checkmarx, Veracode
  • Working knowledge of one or more continuous integration tools – e.g. Jenkins, Bamboo, Travis CI, VSTS
  • Experience managing client stakeholders and expectations
  • Advanced written and verbal communication skills and presentation skills
  • The ability to translate technical jargon to non-technical stakeholders

The following skills will be advantageous:

  • Working knowledge of one or more DAST tools – e.g. Burp Suite, Acunetix, WebInspect, AppScan
  • Working knowledge of one or more dependency analysis tools – e.g. BlackDuck, Sonatype Nexus
  • A methodical approach to attack and penetration testing (above running automated tools)
  • Application security testing experience (in particular ASP.NET and Java technologies)
  • Mobile application security testing/development experience
  • Infrastructure security testing experience
  • Wireless security testing experience
  • Reverse engineering or malware analysis experience
  • Threat Intelligence experience
  • Operational Technology/Industrial Control Systems experience
  • Technical security operations experience
  • Working knowledge of network protocols
  • Network security: firewalls/routers/switches/VLANs
  • Administration experience in any of the following
    • Windows Active Directory Administration
    • Linux/Unix Administration
    • Database Administration
  • Systems security skills in assessment, design, architecture, management and reporting

To qualify

  • A minimum of 2 years in a software/web development or application security role
  • Strong project management, negotiation and interpersonal skills would be viewed favourably
  • Have a commitment to build and grow your technical cybersecurity career to the next level

You may also have a Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major.

What we look for

We’re interested in individuals with a genuine creative vision and the confidence to make it happen. You can expect plenty of autonomy, so you’ll also need the ability to take initiative and seek out opportunities to improve our current relationships and processes. If you’re serious about cybersecurity and ready to take on some of our clients’ most complex issues, a role with EY is for you.  
 

What working at EY offers

We offer competitive remuneration packages where you’ll be rewarded based on your performance and the value you bring. Our Total Rewards package includes support for flexible working, career development, and an extensive range of wellbeing and benefit offerings. We are happy to consider formal and informal flexible working arrangements. To find out how some of our people are using these arrangements to help them achieve a lifestyle balance, please click here.
 

Who we are

EY is an inclusive and equal opportunity employer offering a vast range of internal networks including Unity, our LGBTI network and our Aboriginal and Torres Strait Islander network. These provide our people with the opportunity to connect across offices and allow us all to embrace and value the diverse society we live within.  We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and supportive work environment. If you have any support or access requirements, we encourage you to advise us at the time of application.
 
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, knowledge and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. 



Start a conversation with us now.

 

The preferred applicant will be subject to employment screening by EY or by their external third party provider. The preferred applicant will be subject to employment screening by Ernst & Young or by their external third party provider. Regarding these opportunities, the minimum salary for more junior positions is $70,000 including 9.5% superannuation. 


 
The preferred applicant will be subject to employment screening by Ernst & Young or by their external third party provider.
 
© 2018 Ernst & Young Australia. All Rights Reserved.

Are you viewing this job on LinkedIn? Click here to apply