Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

The opportunity

DevSecOps is one of the competencies within EY GDS Cyber Security AEET (Architecture, Engineering and Emerging Technologies) practice with the following key offerings:

• Developing security capabilities.
• Leveraging DevSecOps principles, design and implement Security solutions.
• Continuous Integration & Continuous Deployment with Security mindset and focus.
• Assessment and Strategy Planning.
• Develop capabilities used to deploy large-scale cyber countermeasure capabilities to detect and prevent sophisticated threats and vulnerabilities on enterprise networks.
• Ensure compliance to enterprise architecture, security policies and operational procedure.

Your key responsibilities

• Performing security architecture reviews of applications in design and production phases.
• Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment.
• Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques.
• Integrating application security tools and process in automated pipelines.
• Work with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment.
• Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for our clients and support the clients in their desire to protect their business.
• Participate in market facing activities. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.
• Maintain long term client relationships and networks. Cultivate business development opportunities.
• Resolve and review resolution of security vulnerabilities as needed.
• Improve secure coding practices, application security requirements, automation, training and metrics.
• Maintain an active understanding of industry practices for secure software development.
• Works with application development teams to refactor or create security solutions.
• Monitoring & Logging and Site Reliability.

Skills and attributes for success

• Understanding of or experience in Agile Development Environment
• Problem solving and troubleshooting with eye for details
• Good communication and presentation skills
• Ability to work in both collaborative and independent work environments
• Proven ability to work as DevSecOps on projects
• Excellent command over English (written and spoken)

To qualify for the role, you must have

• Work experience performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools.
• Performing security architecture/threat modeling reviews on a wide range of applications and determining the appropriate security controls. Must be able to demonstrate experience by describing the types of applications that have been reviewed, the methodology followed as part of the review, the security controls evaluated as part of the review, sample findings that have been discovered and sample remediation guidance that has been provided.
• Evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes.
• Evaluating DevSecOps programs to determine how to embed security activities and working with clients to evolve their development programs to embed application security tooling and processes.
• Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
• Minimum 3 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
  • Containers (Docker, Kubernetes, etc.)
  • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, etc.)
  • Continuous integration (Jenkins, Bamboo, Hudson, etc.)
  • Integration of Security testing tools into pipeline
  • Defect tracking (Jira, Bugzilla, ServiceNow etc.)
  • Source code management (GitLab, GitHub, BitBucket, etc.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)
  • Familiarity with Metholodies and Standards like OWASP, NIST, OSSTMM, PTES, ISAAF
  • Developing enterprise applications or scripts for security testing (security as code)
  • Cloud environment (AWS, Azure, GCP) and various Unix-like distributions
• Must have experience in the following:
  • Certifications relevant to the role;
  • Knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus;
  • Solid experience with IDS/IPS/DLP/SIEM/NBAD tools and construction of customized signatures for complex microservices.
  • Experience in programming or scripting languages;
  • Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems;
  • Knowledge of security monitoring, prevention and control systems including anti-virus, web proxies and security software;
  • Understanding of security considerations around RESTful APIs.

Ideally, you’ll also have

• Diploma or Degree in Computer Science, Software Engineering or related discipline with 3+ years’ of overall experience
• Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common Cloud authentication patterns
• Cloud/DevOps Certification (MS Azure/AWS/GCP)

What we look for

As we are a dynamic team of passionate specialists, and we work in international teams all over the world, we will look for the same business acumen. Facing with customers, we are "out of box thinking" professionals. Our top performers have a team player attitude and they cope with challenges on the daily basis. If it all sounds familiar to you - we are looking forward to seeing you on board.

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.