Vulnerability- Management - Compliance Support Engineer
Job description
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Security – Vulnerability Management & Compliance Support Engineer
EY Technology
Today’s world is fuelled by vast amounts of information, which means data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust.
Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions that provide speed to market and business value.
The opportunity
The Vulnerability Management and Compliance Support Engineer will be responsible for ensuring the stable run state of Information Security technologies. They will provide operational and Level 3 support for these technologies. The job duties include daily management of incidents, maintaining and supporting the systems, and conducting proactive analysis to prevent future issues. The technologies in question can be located either in-house or with vendors and in cloud environments. The Support Engineer will be responsible for planning and coordinating upgrades, standardizing processes, and automating procedures for Information Security technologies. The job requires an understanding of ITIL service management practices and managing the implementation of changes, releases, and upgrades to different environments. The Engineer will also be required to be on call and work during weekends and off-hours to support the normal functioning of the systems.
Key Responsibilities
- Troubleshoot, diagnose, and analyze incidents related to Information Vulnerability Management and Compliance technologies.
- Identify the root cause of incidents, whether it be configuration or a defect.
- Work with various technical teams to develop corrective actions or workarounds to resolve incidents.
- Plan, coordinate, and install Information Security technologies in different environments, as well as upgrade and fix them.
- Address operating system and application vulnerabilities.
- Respond to automated alerts on system health using sound analytical and troubleshooting methods.
- Conduct routine maintenance and monitoring of security technologies and report on their status.
- Ensure that incidents are resolved in a timely and efficient manner and that steps are taken to prevent future problems.
- Communicate operational support issues to executives and senior management.
- Upgrade security applications to the latest versions, which involves testing, validation, compatibility, and addressing security vulnerabilities.
- Recommend and implement improvements to system performance and uptime for security applications and products.
- Document procedures for responding to alerts and drive the creation of automated restoration steps.
- Develop implementation plans for complex change requests, evaluating risks to system availability, business dependencies, and security event visibility.
- Drive automation of redundant activities to improve support efficiency and demonstrate familiarity with scripting languages like PowerShell, Python, or Shell scripts.
- Serve as technology advocate, promoting the correct support of various technology layers such as operating systems, databases, and networking.
Skills and Attributes for Success
We are interested in people who bring in security experience from having implemented and supported solutions in a large enterprise environment. As a successful candidate you will have functional and technical experience in implementing both Cloud and On-Premises security compliance and vulnerability management technologies.
- Skills in supporting complex security solutions and services in a very large enterprise.
- Technical knowledge implementing and supporting security solutions within multi-cloud environments such Azure, AWS, GCP or similar technologies
- Technical proficiency in implementing Cloud-based and/or On-Premises GRC and Vulnerability solutions.
- Project management experience, including tracking timelines and performing tasks within project deadlines.
- Ability to enhance applications for improved performance and stability, including enhanced monitoring and automation.
- Strong problem-solving and analytical skills.
- Knowledge of ITIL to drive compliance in Incident, Problem, and Change processes.
- Expertise in large enterprise governance, risk, and compliance (GRC) security platforms.
- Experience with ETL/ELT tools and techniques, including the ability to extract, transform, and load data from various sources.
- Familiarity with cloud data engineering concepts and hands-on experience with cloud-based solutions like Azure Data Factory.
- Strong SQL skills and the ability to write complex queries to extract, manipulate, and analyze data.
- Good understanding of data architecture, data modeling, and data warehousing concepts.
- Familiarity with data security best practices and experience implementing security measures.
- Excellent problem-solving skills and the ability to troubleshoot complex data issues.
- Strong communication and collaboration skills, able to effectively communicate with both technical and non-technical stakeholders.
- Detail-oriented and organized
To qualify for the role, you must have
- A Bachelor's degree in Computer Science or a related field, or equivalent work experience
- At least 5 to 7 years of experience in Information Technology in a large, complex global IT environment
- Experience in managing a 24x7 support organization, overseeing projects and products
- Flexibility to allocate additional time outside of regular working hours to support pressing issues or maintenance windows and to accommodate team members in different time zones, including weekends
- Proficiency in Azure, Google, and/or AWS Cloud services, as well as hybrid and on-premises security solutions including Linux and Windows Operating Systems
- Ability to write custom scripting tools using Python, Ansible, PowerShell, etc., work with APIs, and have a strong understanding of SQL
- Strong documentation skills to accurately and clearly outline processes, procedures, and security designs for internal teams and customers
- Demonstrated experience in managing external vendors and suppliers
Ideally, you’ll also have
- ITIL v4 Foundation Certification
- Involvement in large-scale global IT deployments or cloud migrations
- Microsoft Solutions Engineer (MCSE), Red Hat Certified Engineer (RHCE), or other relevant certifications
- At least one technical certification from a public cloud provider such as Azure, AWS, or Google, and security certifications from ISC2 (CISM, CISSP, CCSP, etc.) or SANS/GIAC (GSEC, GCLD, GPCS, etc.).
What we offer
As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial, and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:
- Continuous learning: You will develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.
- Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.