Cybersecurity Threat Management - Manager - CTMOT - Location OPEN

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.  At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.  

​In a rapidly changing cybersecurity threat landscape, clients from all industries look to us for trusted solutions for increasingly complex threats and risks. As a member of our Cyber Threat Resilience team, you'll be right at the heart of that goal, helping clients gain insight and context to their cyber threats - assessing, improving, and building security operations to mitigate these threats. You'll get to use your technical and business skills to help us drive this mission and have an impact on cybersecurity at a global level. 

 

The opportunity

You'll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It's a highly specialized area, where you'll learn highly sought-after technical skills, all while developing your relationship management abilities – often by working directly on-site with our clients. 

 

Your key responsibilities

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by servicing our client's unique and challenging needs, attending and speaking at top security conferences around the world, sharing knowledge on a variety of topics with key industry groups, and taking best-in-industry training. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.

As part of our Cybersecurity Consulting practice, you'll assist clients in identifying potential threats, vulnerabilities, and deficiencies in their environments and aid them by bolstering their cybersecurity maturity and resilience. 

 

Skills and attributes for success

• Execute security assessments to identify potential threats, vulnerabilities, and deficiencies in client environments.
• Conduct research, develop, and implement solutions to protect our clients against new attack techniques and threats.
• Solve challenging technical problems and devise creative solutions.
• Perform in-depth analysis of testing results, create reports that articulate findings, and develop risk mitigation recommendations.
• Manage engagement execution and ensure project timelines remain on track.
• Manage multiple competing priorities, thrive in a matrixed organization and work independently as well as part of diverse teams as the situation requires.
• Coach and provide technical leadership/advice to junior team members and encourage them to take ownership of their engagements and development.
• Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Ensure high-quality client service by directing daily progress of assigned workstreams, informing engagement leadership status, and managing staff performance.
• Foster relationships with clients to analyze, evaluate, and enhance information systems to develop and improve security at procedural and technology levels.
• Generate new business opportunities by participating in market facing activities and developing thought leadership materials. Understand EY and its service lines. Actively encourage team members to contribute ideas and identify opportunities to introduce EY services. 

 

To qualify for the role you must have

• Bachelor's Degree in Computer Science, Computer Engineering, Cybersecurity, Management Information Systems or related field
• A minimum of 5-7 years of work experience in cybersecurity
• Familiarity and understanding with one or more of the below:
  • Proficiency with one or more Endpoint Detection and Response Tools (Tanium, CrowdStrike, Carbon Black, Wazuh, OSQuery, etc.).
    • Strong preference to candidates with Tanium and/or CrowdStrike experience beyond their core EDR functionalities.
  • Experience with threat actor simulation tools, such as AttackIQ, XMCyber, or MSV/Verodin.
  • Experience with the implementation and/or operation of industry leading SEIM/SOAR tools such as Splunk, QRadar, LogRythm, Cortex XSOAR, Phantom, Siemplify, etc.
• Experience with at least one of the following:
  • Performing incident response efforts against advanced threat actors or having been a part of a formal incident response team.
  • The collection, processing, and analysis of host, log, and network-based evidence in an effort to triage systems for malicious activity or develop an incident narrative for a compromised host.
  • Compromise, vulnerability assessment and/or penetration testing of commercial, consumer, and industrial environments.
  • Experience and the capability to analyse, disassemble, and reverse engineer malware.
  • Having participated in internal or external red teaming, blue teaming, or purple teaming exercises.
  • Performing incident post-mortem efforts and developing solutions to protect People, Process, and Technology addressing security risks and ensuring timely escalation of future incidents.
  • Contribution to a cyber intelligence capability to identify potential threats, delivering strategic reports, and strategies to minimize the impact of the threat.
  • Development of security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing estimates.
• Experience with one or more scripting language, e.g., PowerShell, Python, PHP, Ruby, etc.
• Experience effectively and efficiently managing projects from start to finish.
• Deep understanding of Windows, Linux, Unix, MacOS and other major operating systems.
• Knowledge and familiarity of common security technologies such as EDR, SIEM, Vulnerability Management, IDS/IPS, DLP, and other solutions.
• Strong written and verbal communication skills with the ability to interact with senior management, technical teams, and key client stake holders to convey complex technical security concepts to both technical and non-technical audiences.
• Excellent interpersonal and organization skills including ability to influence and communicate within all levels of the organization; ability to mentor and coach others; and ability to work on multiple, simultaneous initiatives
• Willingness and ability to travel domestically and internationally to meet client needs; estimated 50% travel required annually, after travel restrictions have been lifted and the safety of team and the client are not at risk.

 

Ideally, you'll also have

• Experience evaluating the technical and non-technical aspects of mature cybersecurity programs from security operations, legal and regulatory requirements, business enablement, governance, risk management, and identity and access management.
• Experience and familiarity with cloud-based environments and hosting.
• Experience with automation of repeatable tasks.
• Experience developing and implementing a remediation strategy based on identified gaps in a client environment.
• Deep understanding of SOC operations, design, technology, and management proficiency with domain administration, network architecture and design, and navigating change control procedures.
• Understanding of hardware, firmware, network and application security.
• Understanding of common attack vectors against devices, applications, and operating systems.
• Experience with design and operation of modern network technologies and security, including IP, Ethernet, fiber/optical, and mobile (5G/FWA) networking 
• Understanding of networked product security including firmware, hardware, and management control plan threat-modeling and testing 
• Knowledge and familiarity of common security technologies such as EDR, SIEM, Vulnerability Management, IDS/IPS, UBA, DLP, Firewalls, WAPs, 
• Proficiency with consulting engagement methodologies and approach, understanding how to apply a technical skill or ability to a client need.
• Familiarity with the latest events, threat actors, vulnerabilities, security trends, and mitigations in cybersecurity.
• Familiarity with cybersecurity frameworks and published documentation MITRE ATT&CK, CIS Top 20, OWASP Top 10, NIST 800-53, ISO 27001, etc.
• An industry leading certification: CISSP, CISM, GMON, GFCE, GPEN, GREM, GNFA, etc. 

 

What we look for

We're interested in intellectually curious people with a genuine passion for cybersecurity. With your expertise, we'll turn to you to speak up with innovative ideas that could make a lasting difference not only to us – but also to the industry. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

  What we offer   We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.  The salary range for this job in most geographic locations in the US is $136,700 to $250,700. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $164,000 to $284,900.  Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography.  In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.  

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

  If you can demonstrate that you meet the criteria above, please contact us as soon as possible.   The exceptional EY experience. It’s yours to build. EY | Building a better working world   EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.   Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.   Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.   EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.   EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at ssc.customersupport@ey.com