- Full Time
From strategy to execution, the Government & Public Sector practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal, State, Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse, high-performing teams, quality work at the highest professional standards, operational know-how from across our global organization, and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military, veterans, and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world.
Our Information Security Senior will provide technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems. The Senior provides cybersecurity troubleshooting, analysis and technical expertise and oversees the work of junior team members. Additional responsibilities include:
- Assist in the coordination of large-scale cybersecurity engagements
- Assess cybersecurity controls, programs and strategies using our proprietary framework and industry frameworks
- Prepares documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework); Prepares test plans
- Provides assessment and authorization (A&A) support in the development of security and contingency plans and conducts complex risk and vulnerability assessments
- Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps
- Develop and complete system security and contingency plans and recommend system enhancements to improve security deficiencies
- Operate solutions based upon engagement defined policies and procedures
- Review cybersecurity measurements and monitor development and operations
- Develops, tests and integrates computer and network security tools. Secures system configurations and installs security tools, scans systems in order to determine compliancy and report results and evaluates products and various aspects of system administration
- Assist in the development of cybersecurity strategies and roadmap development
- Develops strategies to comply with privacy, risk management, and e-authentication requirements. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements
- Monitor progress and manage risk while ensuring stakeholders are kept informed about progress and expected outcomes
- Leverage knowledge of industry trends to identify engagement and client service issues; communicate this information to the on-site engagement team through written correspondence and verbal presentations
- Develop and review reports and presentations for both technical and executive audiences
- Assist staff by providing mentorship and coaching to grow their technical and consulting skills
- Work closely with engagement manager to co-lead and own multiple parts of the engagement delivery
To qualify for the role, you must have
- BS/BA with 8+ years of related experience
- Experience designing, developing, implementing, and enforcing security requirements.
- Expertise preparing Security Test and Evaluation plans. Has provided certification and accreditation support.
- Experience developing security plans and contingency plans.
- Familiar with developing, testing, and integrating security tools as well as configuring and installing the tools.
- Skilled in conducting security audits and developing mitigations to identified risks. Has conducted vulnerability assessments.
- Must be able to obtain and maintain a TS/SCI clearance or higher
- Must be able to work 100% in-person at Fort Belvoir, VA
DoD 8570 IAT Level II (CCNA, GSEC, GICSP, SEC+, CND or CSSP) and/or IAM Level II (ie CAP, CISM, CISSP, GLSC, or CCISO)
The EY Government and Public Sector Practice's staffing model is to assign resources to projects aligned to the office within the metropolitan area you have been hired; however, in certain circumstances, travel may be required within and/or beyond your geographic region based on client and project needs. For roles within the federal practice, the flexibility to travel up to approximately 30% is preferred. Within the state, local and education practice, the flexibility to travel up to approximately 80% is preferred.
Ideally, you'll also have
- Consulting experience or experience working on technical projects
What we look for
We're interested in intellectually curious people with a genuine passion for cybersecurity. With your broad exposure across Cyber Transformation, we'll turn to you to speak up with innovative ideas that could make a lasting difference not only to us – but also to the industry. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.
At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
- Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.