3 Gpen Jobs

EY- Cyber Security (OT Security) Technology Consulting Senior GDS Advisory's Risk group is a unique, industry-focused business unit that provides a broad range of integrated services that leverage deep industry experience with strong functional capability and product knowledge. Risk practice team provides integrated advisory services to leading Fortune 500 Companies. The team provides Risk Assurance, Risk Transformation, Internal Audit, Cybersecurity, Financial Services Risk Management and Actuarial services that take an enterprise-wide view, so that risk mitigation and risk management strategies and processes are embedded in every part of the organization. Our services mitigate risk, reduce the cost of control and help create value. The opportunity The GDS Architecture Engineering and Emerging Technology (AEET) services help our clients tackle the many security challenges they face on a daily basis and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to manging security risks. The AEET team is looking for individuals who will play a direct role in delivery of Operational Technology (OT) security engagements, development of proposals in this area, and develop OT security solutions. You will play a key role in supporting our clients to secure their IT/OT environments, either through advisory and/or implementation support. Your key responsibilities To qualify, candidates must have: Understanding of security-related operational processes in the OT-ICS environments Understanding of OT SOC/ OT Identity Access Management/ OT Pen testing/ Zero Trust on OT Understanding of technologies (typical assets, communication protocols, technical architectures) utilized by OT-ICS systems and networks Knowledge of cyber / information security concepts, risk and controls concepts Understanding of aspects of functional safety (SIS) Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Knowledge of the technical security solutions utilized within OT-ICS systems and networks Knowledge of OS (Windows / Linux) security, Database security Knowledge of IT infrastructure Knowledge of cyber threats and vulnerabilities related to platform and infrastructure is a plus Prior experience working alongside delivery leads and architects to Identify and manage risks is a plus Skills and attributes for success Completed technical higher education in the field of industrial automation, computer science, electronics or other relevant fields Certificates or education related to industrial automation / engineering etc. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, etc. is a plus Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus Knowledge on OT network monitoring solution such as Nozomi, Claroty, Armis, DarkTrace, Azure Defender. To qualify for the role, you must have 5+ years of experience in the Cyber Security and OT Security Domain Minimum B. Tech. or equivalent educational qualification ISA/IEC 62443 Fundamental* SCADA Fundamentals CompTIA Network+ CompTIA Security+ What we look for A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What working at EY offers At EY, were dedicated to helping our clients, from startups to Fortune 500 companies and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way thats right for you

What youll be doing... Verizon Cyber Security Team is looking for a Penetration Tester to join our Application Pen Test team. Youll be joining a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. . This team isnt a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an enterprise-recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. The successful candidate will possess an effective aptitude in thinking like an adversary, security of Web applications, Infrastructure, APIs and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports Cyber Security Team and broader Verizon goals. The ability to lead and perform full scope penetration testing on complex web applications, Infrastructure, APIs and Mobile applications. Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments. Developing comprehensive and accurate reports and presentations for both technical and executive audiences. The ability to make collaborative decisions on the impact of an exposure to Verizon. Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed. Helping define the Pen Test strategy and standards to further enhance the companys security posture. Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities. Developing scripts, tools, or methodologies to enhance Verizons pen testing processes and effectiveness. Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations. Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise. What were looking for... Youll need to have: Bachelor's degree and four or more years of work experience. Four or more years of relevant work experience. Relevant pen testing or security experience. Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS. Even better if you have one or more of the following: Strong knowledge of tools used for API, infrastructure, web application, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap. Knowledge of secure software deployment methodologies, tools, and practices. Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE. Service Delivery/Governance: ITILv2/3. Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors. An implementation level familiarity with all common classes of modern exploitation. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell. Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others. Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of secure coding techniques. Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.

What youll be doing... Youll be finding the right technology to help ensure our customers keep their systems secure and spot risks before they become real threats. But youll be doing more than just providing SOX and IT securityyoull help customers prepare for the unexpected, defend their systems, and protect their business, brand, and bottom line. Designing solutions to mitigate risk and close security gaps and reduce vulnerability. Managing SOX Audit. PM/Engineering effort for tracking Security vulnerabilities. Working closely with VCG Application Development, App Security teams and other Key stakeholders in strategizing SOX and Security Engineering Practices and mitigating the Security Vulnerabilities. Adhering to industry standards and best practices and understanding emerging technologies and trends to continuously improve the systems, application, infrastructure, and processes. Performing SOX QA Support for Controls to ensure minimal SOX findings by auditors. Conducting quarterly Lesson Learned with SOX POCs/Directors/Performers to prevent the same issues from happening quarter over quarter. Supporting SOX BOT automation enhancements and testing in partnership with Control Performers. Supporting SOX Ops - Maintain and enhance SOX SOP documents for effective QA reviews by team. Where you'll be working... In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. What were looking for... Application Security Skills: Secure Coding Practices: Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript). SAST/DAST/IAST Expertise: Proficiency in using and interpreting results from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and ideally Interactive Application Security Testing (IAST) tools. Open Source Software (OSS) Security: Knowledge of common OSS vulnerabilities, license compliance issues, and tools for managing OSS risks. Threat Modeling: Ability to perform threat modeling exercises to identify potential security weaknesses in application architectures and designs. Cloud Security (for Cloud-Native Apps): Familiarity with cloud security concepts, including secure configuration of cloud services (e.g., AWS, Azure, GCP), identity and access management (IAM), and cloud-native security tools. Logging and Monitoring: Experience with implementing and analyzing security logs, setting up security information and event management (SIEM) systems, and using intrusion detection/prevention systems (IDS/IPS). DevSecOps Practices: Understanding of integrating security into the software development lifecycle (SDLC) using DevSecOps methodologies and tools. Platform Security Skills: Cloud Security: Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments. Container Security: Expertise in securing containerized applications and their underlying infrastructure (e.g., Docker, Kubernetes), including image scanning, runtime security, and container orchestration security. Vulnerability Management: Proficiency in using vulnerability scanning tools (like Tenable) for both network and application layers, prioritizing vulnerabilities, and coordinating remediation efforts. Hardware Security: Understanding of hardware security concepts, including firmware security, hardware-based encryption, and physical security measures. Incident Response: Experience with incident response processes, including detection, containment, eradication, and recovery, as well as post-incident analysis. SOX Auditing Exposure/ Experience: We are seeking a highly motivated and detail-oriented SOX Audit person to join our growing team. In this role, you will play a crucial part in ensuring the effectiveness of our internal control environment and compliance with the Sarbanes-Oxley Act (SOX). Plan, execute, and document SOX testing procedures for key financial and IT controls. Identify and assess the design and operating effectiveness of internal controls. Evaluate control deficiencies and recommend remediation strategies. Collaborate with process owners to remediate control deficiencies and enhance the control environment. Stay abreast of SOX compliance requirements and industry best practices. Assist with the development and maintenance of SOX documentation, including process narratives, flowcharts, and risk control matrices. Participate in special projects and other duties as assigned Additional Important Skills: Automation and Scripting: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools. Communication and Collaboration: Excellent communication skills to effectively convey security findings to technical and non-technical audiences and collaborate with development and operations teams. Problem-Solving and Analytical Skills: Strong analytical and problem-solving abilities to investigate security issues, identify root causes, and develop effective solutions. Youll need to have: Bachelors degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Worked as a consultant. Four or more years of relevant experience in Application Security Skills, Platform Security Skills & SOX Auditing Exposure/ Experience. Even better if you have one or more of the following: A degree in engineering or computer science. Experience with security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications in one or more of the following: Security: CISSP, CISM, CEH, GCIH, GPEN, CCSK, Security+, Cisco, F5, BlueCoat, Check Point. Network: Cisco, Juniper, Palo Alto. Architecture: TOGAF. Service Delivery/Governance: ITILv2/3.