Description
The SGV Security and Technology Solutions (STS) Team is a
key
component of SGV & Co. / Ernst & Young's Technology
and Security Risk
Services Practice. Ernst & Young's security
professionals deliver
enterprise security and risk-based services enabling our
clients to
take advantage of the evolving electronic economy in a
secure manner.
These professionals have extensive experience with
information
security protection, system security planning, information
security
assessments and implementation, security program
development, business
continuity planning, and strategic technology planning.
These services
help companies validate their infrastructure; design and
implement
business processes and technology solutions; address
regulations; and
educate and train management and employees.
We currently have a career opportunity for a staff
professional to
participate in multiple client engagement teams and other
related
activities in our Security and Technology Solutions (STS)
Team. The
STS Team is dedicated to providing attack and penetration
security
testing and vulnerability assessment to discover and
mitigate clients'
security risks before they can be exploited by unauthorized
parties.
The STS Team is equipped and configured to provide maximum
collaboration and teaming opportunities.
Responsibilities
*Perform vulnerability and attack and penetration
assessments in
internet, intranet, dial-up and wireless environments
*Perform discovery and scanning for open ports and
services
*Apply appropriate exploits to gain access and expand
access as appropriate
*Participate in activities involving application
penetration
testing and application source code review
*Interact with the client as required throughout the
engagement
*Prepare reports documenting discoveries during the
engagement
*Debrief the client at the conclusion of each
engagement
*Participate in research and provide recommendations
for
continuous improvement
*Participate in knowledge sharing
Qualifications
To qualify, candidates must have:
* A bachelor's or master's degree in computer science,
information
systems, engineering, or a related major
* 1-2 years of experience in one or more of the
following:
UNIX-based Operating Systems (Linux, IBM AIX, HP-UX,
Solaris),
Windows, networking and wireless security; attack and
penetration
testing; security testing of web-based applications; and
application
security source code assessments. Fresh graduates are
welcome to apply
* Experience with programming languages/platforms such
as Java,
J2EE, C, C++, C#, ASP, PERL, PHP and Microsoft .NET
* Experience in commercial and open source security
tools
including BackTrack Linux, Cain, Metasploit, WebInspect, GFI
LANguard
and Nessus is a plus
* Manual attack and penetration testing experience above
and
beyond running automated tools is a plus
* Experience developing custom scripts or programs (used
for port
scanning and vulnerability identification) is a plus
* Application development experience is a plus
* Strong technical skills related to a broad range of
operating
systems and databases
* An understanding of web-based application
vulnerabilities
* An understanding of global standards like COBIT and
ISO/IEC 27001/27002
* Excellent teaming and communication skills
* Demonstrated integrity in a professional environment
* Willingness and ability to travel (including potential
overseas
travel for international clients)
The successful candidate must hold or be willing to pursue
related
professional certifications such as CISSP, CISM, CEH, GSEC
and/or
CISA. If you are interested or have any questions, please
email me
your resume (or queries) at christian.s.masancay ph.ey.com
or at
csmasancaygmail.com.
--
Cris Masancay
____________________________________________________
LinuxJobs Philippines (linuxjobslists.linux.org.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.
ph
|