At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better. Join us and build an exceptional experience for yourself, and a better working world for all.

The exceptional EY experience. It's yours to build.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

Advisory Senior Consultant – Cybersecurity – SOAR Engineers

 

In today's fast-evolving cybersecurity landscape, businesses across all sectors rely on us to provide reliable solutions to their growingly intricate risks and vulnerabilities. As part of our Cyber Threat and Vulnerability Management (TVM) team you will play a pivotal role in achieving this objective. You will assist our clients in understanding and contextualizing their cybersecurity threats, as well as in evaluating, enhancing, and developing their security operations to counter these threats effectively. Leveraging both your technical expertise and business acumen, you will contribute significantly to our mission, making a global impact on cybersecurity.

 

The opportunity

Cybersecurity threats, the proliferation of social media, extensive data storage demands, stringent privacy laws, and the necessity for uninterrupted business operations all mandate robust information security strategies. In the role of an information security specialist, you will spearhead the deployment of cutting-edge security solutions for our clients, aiding them in safeguarding their enterprises. You will be an integral part of a globally interconnected team of experts dedicated to addressing our clients' most challenging information security issues, thereby enhancing their organizational resilience. Collaborating with our Advanced Security Centers, you will have access to the most advanced tools to combat cybercrime effectively.

 

EY commits to your professional growth through comprehensive, ongoing training and coaching, ensuring the development of your skills throughout your career. As a leading global service provider in this field, you will collaborate with top-tier professionals in a supportive environment. Joining EY means embarking on a journey where, regardless of how long you're with us, the exceptional EY experience will enrich your professional life forever.

 

What to expect

Cyber Orchestration Engineers are needed to review procedures relating to current threat management and response processes as well as design automated actions to accelerate the triage, validation, containment, eradication and remediation of security incidents. You must be familiar with leading security tools and industry standard scripting languages. Automation and Orchestration engineers will create, maintain and manage a library of automated playbooks for common information security threats and customize these plans for client specific environments.
 

Your key responsibilities

  • Perform regular updates of existing Playbooks based on requirements provided by operations teams for changes in the Threat Landscape or a client’s security controls
  • Drive continuous improvement of existing playbooks to address new threats and tactics employed by attackers
  • Manage an inventory of integrations that enable broader playbook creation
  • Produce new playbooks as threats change and new security tools and controls emerge in the market place based in requirements from operations teams
  • Perform regular reporting on the usage of playbooks and the effectiveness of a playbook to conclusion
  • Develop logic that bridges connectors, tasks and human input to accelerate the response to escalated security incidents
  • Develop connectors that collect enrich and leverage data from third party and proprietary services
  • Participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

To qualify for the role you must have

  • Bachelor's degree with a minimum of 4 years of related work experience, or a Master’s degree with approximately 3 years of related work experience in Computer Science, Information Systems, Engineering, Business, or a related field.
  • At least 1 year of related work experience with information security systems, including hands-on SOAR technical infrastructure and implementation experience with Microsoft Sentinel, LogicApps, CrowdStrike Falcon Fusion, or Google Chronicle SOAR. A solid understanding of SIEM systems and the incident response process is also required.
  • Knowledge and experience with security orchestration and automation tools such as XSOAR, Falcon Fusion, LogicApps, Splunk SOAR/Phantom, Tines, and ServiceNow SecOps.
  • 3+ years of experience in scripting with one or more of the following languages: JavaScript, Python, PowerShell, and various shell scripting, and a proven background in creating automation tools and automating web-based services.
  • Understanding of REST API best practices and usage.
  • Excellent analytical and problem-solving abilities, with a strong understanding of leveraging SIEM for enhanced security monitoring and incident response.
  • A valid US driver's license and passport are required, with willingness and ability to travel domestically and internationally to meet client needs; estimated travel of 25% - 50% is required.

 

Ideally, you’ll also have

 

  • Experience working with AI security tools.
  • Experience with Microsoft Sentinel, CrowdStrike NextGen SIEM, and Google Chronicle.
  • Familiarity with Unix-based command-line tools.
  • Proficiency in programming with Python, JavaScript, and/or Bash shell scripting.
  • Familiarity with security technologies including Cloud, DLP, firewalls, IDS/IPS, EDR, etc., as well as other SIEM products like Splunk, CrowdStrike Logscale, Google Chronicle, Microsoft Sentinel
  • Familiarity with common open-source research frameworks.
  • Possession of or desire to obtain relevant certifications such as CISSP, CISM, CISA, CIPT, CIPM, CRISC, or others.

 

What we look for

We’re interested in intellectually curious people with a genuine passion for cyber security. With your broad exposure across Cyber Threat Management, we’ll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us – but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

Technical Skills
Other
Is a Remote Job?
Hybrid (Remote with required office time)
Employment Type
Full time

At EY, our purpose is Building a better working world. The insights and quality services we provide help build trust and confidence in the capital markets and in economies the world over. We develop...

Apply Now