Senior Project Consultant - PAS WKFA - NAT - CNS-PC-Talent - Hyderabad

As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom. At EY, we don't just focus on who you are now, but who you can become. We believe that it’s your career and ‘It’s yours to build’ which means potential here is limitless and we'll provide you with motivating and fulfilling experiences throughout your career to help you on the path to becoming your best professional self.

The opportunity

Designation: Senior Project Consultant - InfoSec L2 Vulnerability Management Application Security Engineer

Location Hyderabad (on client site)

Tenure : 12 months

Shift: 1pm to 10 PM IST

The Information Security Strategy & Risk Management team at the client site ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen their security posture, including protecting sensitive data, identifying and mitigating cyber threats, and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security, and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.

This position is responsible for leading application security assessments across the organization, including web applications, mobile applications, business applications, and APIs. The role encompasses vulnerability identification, analysis, providing remediation guidance, and reporting. With a focus on secure application development, the position plays a critical role in improving the organization’s overall security posture. This role offers extensive influence, significant independence, and the resources required to implement impactful security enhancements The Security Engineer will collaborate with various teams to ensure secure development practices and safeguard critical business applications

Your key responsibilities

·       Lead the strategy and execution of application security services, ensuring alignment with organizational goals and compliance with corporate standards.

·       Manage and prioritize application vulnerability management efforts to ensure effective resource allocation and timely resolution of security risks.

·       Perform detailed security and architecture reviews for complex environments to identify vulnerabilities and assess the strength of existing controls.

·       Plan, execute, and manage vulnerability assessments for applications, including web, mobile, business applications, and APIs, to identify and address security risks.

·       Collaborate with stakeholders to drive timely remediation of vulnerabilities, providing expert guidance on risk reduction and secure development practices.

·       Analyze and interpret vulnerability data to uncover trends and root causes, implementing automation to address systemic weaknesses and improve efficiency.

·       Create and maintain actionable metrics and detailed reporting to ensure transparency and continuous improvement in security operations for leadership and business units.

·       Partner closely with the Vulnerability Management Lead and other internal stakeholders to optimize processes, fine-tune tools, and share critical security insights.

·       Stay informed of emerging threats, vulnerabilities, and best practices, incorporating them into organizational strategies to strengthen the application security framework.

Qualification

Education

• University Degree in Computer Science or Information Systems is required 
• MS or advanced identity courses or other applicable certifications is desirable, including
• Certified Information Systems Security Professional (CISSP)

·       Relevant certifications in infrastructure security and vulnerability management, such as Offensive Security Certified Professional (OSCP), GIAC Certified Vulnerability Assessor (GCVA), or Certified Ethical Hacker (CEH), are highly preferred

Experience

·                A minimum of 6+ years of relevant experience with a strong background in vulnerability management and security engineering.

·                2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.

·                 Experience working with global teams across multiple time zones.

·                  Demonstrated ability to work within diverse technical teams

                      Advanced proficiency with vulnerability scanning and security testing tools, such as Burp Suite, Veracode, Snyk, and HCL AppScan

                      Expertise in web application, mobile app, and API penetration testing

               Strong understanding of SDLC, secure coding practices, and application development processes and challenges

              Clear knowledge of security principles, application security vulnerabilities (e.g., OWASP Top 10), control frameworks (e.g., NIST), threat modeling, and security risks for both on-prem and cloud solutions.

               Application development or software delivery experience is desirable.

Hands-on experience with cloud platforms such as AWS and Azure.

Demonstrated ability to use an analytical and data-driven approach to solve problems and answer questions.

Capability to influence and encourage the prioritization of security initiatives across teams.

Personal or professional experience in staying up to date with emerging threats, threat actors, and their tactics, techniques, and procedures (TTPs).

 Pharmaceutical or other regulated industry experience is desirable.

 Excellent verbal and written communication skills, with the ability to create and deliver impactful presentations.

 Broad business and technical expertise in vulnerability management and application security vulnerabilities, inspiring confidence in recommendations.

Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

What we look for

People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain postivie energy, while being adaptable and creative in their approach. 

What we offer

With more than 200,000 clients, 300,000 people globally and 33,000 people in India, EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities.

EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world. Apply now.