GDS Consulting | Cyber Security - Application Security Management Senior Engineer

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

The opportunity
In your role at EY, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses, and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.

Your key responsibilities
We are seeking a highly skilled and experienced Cybersecurity Engineer, Application Security (AppSec) Management to join our team. The ideal candidate must have a strong background in application security, security & privacy by design implementation and penetration testing, with a focus on identifying vulnerabilities, assessing risks, and ensuring secure software development practices in alignment with industry standards such as OWASP, NIST SP 800-115, SANS, DevSecOps and ISO/IEC 27001. The AppSec Engineer will be responsible for conducting manual and automated security assessments, collaborating with development teams, driving remediation efforts to strengthen the security posture of systems, web and mobile applications, and the ability to translate technical findings into actionable business insights.

Responsibilities for success include, but not limited to:
•    Serve as the primary security consultant for client engagements, providing expert guidance on application security best practices.
•    Plan, execute, and document vulnerability & penetration tests on web, mobile, and cloud-based applications.
•    Identify and exploit vulnerabilities using both manual techniques and automated tools.
•    Ensure testing methodologies align with OWASP Top 10, NIST SP 800-115, and other relevant frameworks.
•    Collaborate with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
•    Provide detailed findings and actionable remediation guidance to engineering teams.
•    Lead threat modeling sessions and risk assessments for client applications and architectures.
•    Advocate for secure coding and security-by-design practices and assist in implementing security controls.
•    Evaluate and recommend security tools and technologies to enhance testing capabilities.
•    Participate in code reviews and architecture assessments to identify potential security flaws.
•    Develop and maintain documentation related to testing procedures, findings, and remediation tracking.
•    Prepare reports on application security posture, vulnerabilities, and mitigation progress for stakeholders.
•    Assist in incident response and forensic analysis related to application-level breaches.
•    Stay current with emerging threats, vulnerabilities, and security technologies.
•    Recommend and implement continuous improvement initiatives to enhance application security.
•    Support incident response efforts and forensic investigations for client-reported application security incidents.
•    Maintain documentation of testing methodologies, client interactions and remediation tracking.

Preferred Qualifications:
•    Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field or;
•    Minimum of 5 years of experience in application security, vulnerability management, penetration testing, or ethical hacking.
•    Hands-on experience with tools such as Burp Suite, OWASP ZAP, Metasploit, custom scripts, etc.
•    Familiarity with secure coding practices and common development frameworks (e.g., Java, .NET, Python, JavaScript).
•    Relevant certifications such as Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT), or Certified Ethical Hacker (CEH) are a huge plus.
•    Strong understanding of application architectures, APIs, authentication mechanisms, and encryption protocols.
•    Proficiency in vulnerability management platforms and SIEM tools.
•    Excellent communication and interpersonal skills, with the ability to translate technical findings into business impact.
•    Detail-oriented with a strong commitment to quality, security, and compliance.

What working at EY offers

At EY, we’re dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

•    Support, coaching and feedback from some of the most engaging colleagues around
•    Opportunities to develop new skills and progress your career
•    The freedom and flexibility to handle your role in a way that’s right for you

About EY

As a global leader in Assurance, Tax, Strategy & transactions and Consulting services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world.  Apply now

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.