Expire bientôt Ernst & Young

Application Security Expert FY19

  • Israelsdorf (Lübeck)
  • Infra / Réseaux / Télécoms

Description de l'offre

Application Security Expert @ Advanced Security Center, EY
Who are we?
The Tel Aviv Advanced Security Center is a global leader in information security services, as part of EY’s worldwide network. EY has been home to the best security consultants in the world over the past 15 years, creating concrete business value for our customers out of their technical expertise.
What are we looking for?
If you believe you can think like a cyber-criminal, but want to fight them, we can provide you with the tools, the skills and the legit way of doing it. We are looking for an application security expert to assist our clients in analyzing the security of their products, applications, and services, discover and address security issues though automated and manual code inspection, automate security testing as part of the SDLC and react to new threat scenarios, while following security best practices.
Role responsibilities
·  Perform secure architecture design and threat modeling
·  Define the secure coding guidelines and perform security code review
·  Define functional and non-functional product security requirements
·  Provide guidance and build proof of concepts to the R&D team with regards to security aspects of product design, development, and testing

To qualify for the role you must have
·  Solid 2 years or more of web application penetration testing experience or security champion in a product development team
·  2+ years’ experience in software development. Mainly Java, C#, PHP, and Python.
·  Experience in performing threat modeling and designing security controls
·  Experience in performing security code review
·  Excellent knowledge of secure coding concepts and methodologies
·  Knowledge in OS internals (Windows or Linux)
·  Bachelor's degree in computer science, information systems, engineering, or related

Ideally, you should also have, or be willing to pursue
·  Related professional certifications such as OSCP, GWAPT, CISSP, etc.