Application Security Consultant

Application Security Consultant (FOR POOLING)TA2 Senior Associate - Experienced Hires at SGV & Co. | EY Philippines

Pooling for Application Security Consultants. Hiring will be April 2024.

At SGV, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help SGV become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

We're looking for an Application Security Consultant to help ensure and validate that client services, applications, platforms, and infrastructure are designed and implemented based on leading security standards.

As a part of the Cybersecurity team, you will be working alongside our client's project teams and be responsible for identifying security risks and providing security requirements and ensuring compliance with security policies and procedures.

You will act as the security liaison between client projects (development and operations teams) and information security teams for security concerns. You are expected to help embed security from the design phase until deployment to production. With this, you will conduct threat modeling, recommend secure design, discover security risks, coordinate with security testing & assurance teams, and assist in resolving or accepting security risks.

Application Security Consultants foster constructive dialogue and seek resolution when confronted with opposing design principles. You are expected to participate fully in the design, testing, and deployment of inflight products and platforms for our clients.

You will be expected to be strong in multiple security domains and recommend solutions to complex technical problems and apply the appropriate technologies while following security best practices.

Your Key Responsibilities

You will work on various Application Security Design Consulting and Assurance projects for our clients or internal projects.

· As a team member or individual contributor, execute security design consulting and assurance projects based on defined approach. Activities may include:

o Application and infrastructure security design review

o Perform and document threat modeling/risk analysis

o Review of third-party services (e.g., SaaS services)

o Coordination with project teams and security teams such as vulnerability management, third party security and security operations for assessment and remediation

o Project and research work as needed

o Develop and deliver security artifacts and security requirements to project teams

o Security training and outreach to internal development teams

o Document and communicated security implementation plan or security guidance

· Coordinate and support teammates to execute security design and assurance projects

· Prepare reports, documents and schedules that will be delivered to clients and other parties

· Conduct research to provide value adding advice to the client

· Contribute ideas with the team to complete and improve project output

· Develop positive relationship with client personnel, peers and management

· Join internal and external training, learning and certification opportunities

· Participate in organization-wide people initiatives including thought leadership and recruitment activities

Skills and attributes for success

A successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of diverse tasks which include threat modeling, vulnerability assessments, and project work.

· Technical knowledge. Able to demonstrate and apply security concepts; knowledge of system and application security threats and vulnerabilities; current and emerging threats / threat vectors; principles used to manage risks related to the use, processing, storage and transmission of information or data; incident response and handling methodologies; methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities; the risk associated with new and emerging information technology (IT) and cybersecurity technologies

· Teaming. Able to build relationships across business and promoting a collaborative culture across teams

· Client relationship. Able to build deep relationship with clients to understand their challenges better and align the right solutions

· Innovative and transformative mindset. Able to understand complex problems and respond with innovative and transformative solutions

· Communication and presentation skills. Able to deliver high quality deliverables articulated in written reports and communicated during presentations to both IT and business audiences.

To qualify for the role, you must have:

· A bachelor's degree in IT, computer science, computer engineering, management, business administration, or any related field

· At least one (1) year of relevant experience in security design, architecture or operations covering any of the following: application security, infrastructure security, solution design, security architecture, software engineering, identity and access management

· Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development

· Good understanding of cloud security and modern architecture (microservices, serverless and automated delivery)

· Familiarity with threat models and frameworks such as STRIDE, MITRE ATT&CK, CVSS, OCTAVE, OWASP Top 10

· Excellent written and verbal technical communication skills

· Desire to learn new techniques, frameworks and technologies

· Willingness to take cybersecurity certifications and external trainings

Optionally, you also have

· Relevant professional certification such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor or Lead Implementer

· Ability to juggle many tasks and projects in a fast-moving environment

· Experience with IAM concepts & technologies such as authentication, authorization, federation, administration, governance

· Experience in working in consulting roles, interacting with clients, third parties or security vendors

· Good understanding of cryptography as applied in security such as SSL and key management

· Good understanding of web services, distributed systems or mobile applications

· Good understanding of secure software development lifecycle, DevSecOps, agile method

· Good understanding of cloud security and modern architecture

· Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)

What's in it for you

We offer a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers, and promotions.

Plus, we offer:

· Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.

· Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.

· Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.

· Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Consulting, Information Technology

Security Testing Consultant (Vulnerability Management)Neksjob Need Legal Cyber Security SpecialistGDS Consulting - Cyber Security | Data Privacy Senior Consultant
#J-18808-Ljbffr

---