Cybersecurity - Senior Consultant - Iot Security Testing

Ernst & Young LLP Chicago , IL 60602

Posted 7 days ago

Apply

This Job is not relevant Tell us why

In a rapidly changing IT environment, clients from all industries look to us for trusted solutions for their increasingly complex risks and vulnerabilities. As a member of our Next Generation Security Operations and Response (NGSOR) team you'll be right at the heart of that goal, helping clients gain insight and context to their cyber threats and assessing, improving, and building security operations in order to mitigate these threats. You'll get to use your technical and business skills in order to help us drive this mission and have an impact on cyber security at a global level.

The opportunity

You'll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It's a highly specialized area, where you'll learn highly sought-after technical skills, all while developing your relationship management abilities - often by working directly on-site with our clients.

What to expect

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.

As part of our Penetration Testing team, you'll identify potential threats and vulnerabilities in connected product/IoT/embedded devices.

Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

Your key responsibilities

Execute connected product/IoT/embedded device security assessments to identify vulnerabilities and exploit them
Conduct security research and devise new attack techniques against connected products
Develop custom hardware / scripts to assist in compromising connected product devices.
Analyze, disassemble, reverse engineer and exploit connected product.
Solve challenging technical problems and devise creative solutions.
Perform in-depth analysis of test results and create report that describes findings, exploitation procedures, risks and recommendations.
Convey complex technical security concepts to technical and non-technical audiences.
Strong analysis skills and attention to detail.
Strong written and verbal communication skills with the ability to interact with senior management, technical teams, and key client stake holders.

To qualify for the role, you must have

A minimum of 5 years of work experience in penetration testing connected product/IoT/embedded devices or related experience with hardware hacking.
Experience with vulnerability assessment and penetration testing of commercial, consumer, and industrial IoT solutions.
Ability to perform end-to-end connected product security testing (chip to cloud) including hardware device, device firmware, communications including (i.e. protocols, wireless), supporting mobile applications, back-end infrastructure, API and cloud services.
Familiarity and understanding of OWASP IoT top 10 vulnerabilities.
Experience with soldering / desoldering hardware components and extraction of embedded device flash chips.
Experience with firmware extraction techniques including man-in-the-middle network attacks, memory access attacks, firmware upgrade attacks, and using hardware debugging interfaces such as JTAG, UART, SPI, I2C, USB, and NAND flash chip reader.
Experience with firmware extraction, firmware reverse engineering, analysis and identification of security vulnerabilities.
Proficiency with software debugging tools such as, Binary Ninja, gdb, Ghidra, IDA Pro, or Radare2, to analyze device software and firmware.
Experience with developing custom shell code to exploit embedded device firmware.
Experience with intercepting and attacking low power Radio Frequency (RF) communication protocols such as Z-Wave, Zigbee, and BLE; using hardware and software tools such spectrum analyzer, Software Defined Radio (SDR), HackRF and Gqrx.
Experience with intercepting and testing communication protocols including MQTT, CoAP, 6LowPan, LWM2M etc using software tools such as Scapy, mitmproxy, tcpdump and Wireshark.
Experience with performing bus spying, tampering, spoofing and injection testing techniques.
Willingness and ability to travel domestically and internationally to meet client needs; estimated 50% travel required annually.

Ideally, you'll also have

Strong understanding of embedded systems architecture and circuit design.
Proficiency with hardware description languages such as VHDL or Verilog.
Understanding and proficiency with Linux and Unix operating systems.
Deep understanding of embedded systems architecture and disassembly / assembly of microprocessors code such as ARM, AVR, MIPS, or x86.
Experience with exploiting side-channel attacks against connected product including power, timing, and fault injection techniques using hardware tools such as the Chip Whisperer.
Proficiency with performing device monitoring and analysis using logic analyzer hardware tools such as Saleae Logic Pro or Open Workbench Logic Sniffer.
Presented at an industry recognized information security event such as DEFCON or participated in CTFs such as IoT village CTF.
Deep understanding and experience of fuzzing techniques to discover and exploit identified vulnerabilities.
Updated and familiarized with the latest exploits and security trends in connected products.
Knowledge of attacking cryptographic protocols including Public Key cryptography.
Understanding of hardware, firmware, IoT communication protocols, network, application, API security and popular attacks vectors against IoT devices.
An understanding of web-based application vulnerabilities. (OWASP Top 10)
Experience testing API, cloud environments, mobile applications, and web applications.
Any one of the following certifications: OSWE, OSWP, OSCE, OSEE, GXPN, GWAPT, GMOB.

What we look for

We're interested in intellectually curious people with a genuine passion for cyber security. With your specialization in attack and penetration testing, we'll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us - but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

What working at EY offers

We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, both pension and 401(k) plans, a minimum of three weeks of vacation plus 10 observed holidays and three paid personal days, and a range of programs and benefits designed to support your physical, financial and social wellbeing.

Plus, we offer

Support, coaching and feedback from some of the most engaging colleagues around
Opportunities to develop new skills and progress your career
The freedom and flexibility to handle your role in a way that's right for you
A rewards package tailored to your unique needs

About EY

As a global leader in assurance, tax, transaction and advisory services, we're using the finance products, expertise and systems we've developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we'll make our ambition to be the best employer by 2020 a reality.

Join us in building a better working world. Apply today.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.

Show Full Description

See how you match
to the job

Upload my resume

Download the
LiveCareer app and find
your dream job anywhere

Similar Jobs

View All

Want to see jobs matched to your resume?
Upload One Now!

Consulting Senior Consultant Cyber Security Identity & Access Management

Ernst & Young LLP

Posted 7 days ago

VIEW JOBS In a rapidly changing IT environment, clients from all industries look to us for trusted solutions for their increasingly complex risks and vulnerabilities. As a part of our Identity and Access Management (IAM) team you'll be right at the heart of that goal, helping clients gain insight and context to their complex IAM environments and assessing, improving, and building infrastructure, processes and policies in order to meet the client's IAM needs. You'll get to use your technical and business skills in order to help us drive this mission and have an impact on cyber security at a global level. The opportunity We currently have a career opportunity for a Senior to be responsible for leading projects or elements of multiple client engagements including service delivery, business development, and related activities. You'll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. Your Key Responsibilities Our IAM services assist our clients in aligning security management strategy with business goals by managing who has access to which resources and services, as well as enforcing business, privacy, and security policies. Supported by our strategic alliances with third-party vendors, our experienced professionals can provide broad services including: strategy, assessment, testing, and implementation of IAM solutions. Based on your existing experience, knowledge and ambitions, you could have the opportunity to gain experience across a number of our IAM teams, assessing and delivering foundational components of our services. Some of these teams include: Within the Identity analytics & intelligence team, you'll perform assessments in the following areas: * Current state assessments & Application access assessment * Capability maturity and benchmarking assessments * IAM data analytics The IAM strategy team is all about developing IAM strategy and road map comprising of: * Operating model and governance * IAM policies, procedures and standards On our Identity & access transformation team, you'll provide clients with the following: * Design and architecture * Process design and re-engineering * Cloud and mobile apps access management * Access enforcement implementation * Access administration implementation * Elevated access management Also you will help support the Identity and access governance team in: * IAM program management assistance & Privileged access management * Roles and rules management * SOD management and other IAM compliance related activities Skills and Attributes for Success * Knowledge of the current security environment and industry trends to identify engagement and client service issues, communicate this information to the engagement team and client management through written correspondence and verbal presentations * Work closely with engagement manager to co-lead and own multiple parts of the engagement delivery * Ability to consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget To qualify for the role you must have * A bachelor's degree in a related field and approximately 2-3 years of related work experience; or a graduate degree and approximately 2 years of related work experience * Experience in one or more of the following: * user provisioning and identity management solutions including design or implementation of user provisioning technologies (such as CA eTrust Admin, IBM Tivoli Identity Manager, Securonix, Saviynt); * role-based access control including design and development of user access roles; * directory services products including design or implementation (such as Radiant Logic) * web access control solutions including design and implementation of products (such as RSA Cleartrust, CA/Netegrity Siteminder); analysis of Segregation of Duties * An understanding of access control concepts including directory services, SAML, LDAP, PKI * Experience in process definition, workflow design, and/or and process mapping * A valid driver's license in the US and a valid passport required; willingness and ability to travel internationally and a willingness to travel; travel is estimated at 60-80% Ideally, you'd also have * Strong presentation and communication skills * CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification desired What we look for We're interested in intellectually curious people with a genuine passion for cyber security. With your broad exposure across IAM, we'll turn to you to speak up with innovative new ideas that could make a lasting difference not only to us - but also to the industry as a whole. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you. What working at EY offers We offer a competitive compensation package where you'll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package includes medical and dental coverage, both pension and 401(k) plans, a minimum of three weeks of vacation plus 10 observed holidays and three paid personal days, and a range of programs and benefits designed to support your physical, financial and social wellbeing. Plus, we offer * Support, coaching and feedback from some of the most engaging colleagues around * Opportunities to develop new skills and progress your career * The freedom and flexibility to handle your role in a way that's right for you * A rewards package tailored to your unique needs About EY As a global leader in assurance, tax, transaction and advisory services, we're using the finance products, expertise and systems we've developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we'll make our ambition to be the best employer by 2020 a reality. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply today. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law.

Security Iot & Penetration Tester Delivery Manager Location Negotiable

Accenture

Posted 1 week ago

VIEW JOBS Job Description Location: Seattle, WA - *Location Negotiable* Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions - underpinned by the world's largest delivery network - Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 505,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. As a Security IoT & Penetration Delivery Manager, you will evaluate customer applications and products security and advise them how to develop secure solutions. These could include operating systems, mobile frameworks, embedded devices, and cloud-based solutions. Successful Security Associate Manager can apply their security expertise to multiple domains, have experience leading teams, and possess an unending curiosity about technology. Our ideal candidate will be able to influence clients so they can achieve the right balance between their business needs and security requirements. Essential Functions * Research and identify customer security vulnerabilities ensuring the highest service quality to the client * Create and elaborate on security analysis reports and other relevant customer-facing documentation * Engage in technical problem solving across multiple technologies, helping ensure customers develop secure applications and hardware. Qualifications Required Qualifications * 5 years of programming experience in any of the following: C++, .Net, Java * 5 years of experience with security design, implementation, or assessment * Intricate understanding of advanced security areas such as cryptography, application security, hardware security, kernel hacking, and reverse engineering * Ongoing record of excellent delivery to customers * Advanced knowledge in at least a single specific vertical * Expertise in leading small teams * Excellent written and oral communication skills * Ability to work autonomously with little directional oversight * Commitment to quality and on-schedule delivery; and a proven ability to establish and meet milestones and deadlines * Customer-focused mentality to understand and appropriately respond to customers' business needs * BA/BS preferred in Computer Science, Computer Engineering, Information Security, Technology or equivalent work experience Preferred Qualifications * Proven track record with vulnerability discovery and responsible disclosure * Professional consulting experience and background * History of contributing to open source projects or speaking at relevant professional conferences * Master's degree in related field Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Accenture. Equal Employment Opportunity Statement Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation. Our rich diversity makes us more innovative, more competitive and more creative, which helps us better serve our clients and our communities. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Accenture is committed to providing veteran employment opportunities to our service men and women. For details, view a copy of the Accenture Equal Opportunity and Affirmative Action Policy Statement Requesting An Accommodation Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired. If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 (877) 889-9009, send us an email or speak with your recruiter. Other Employment Statements Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process. The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.

Senior Security Controls Analyst

BMO

Posted 2 days ago

VIEW JOBS Address: 200 W Adams Street Job Family Group: Business Management The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud, Physical Security and Resilience Planning capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances BMO's ability to rapidly prevent, detect, respond to, and recover from all security & crisis threats. This position offers a unique experience to learn from experienced leaders in the industry, join a team building the 21st century model for security and helping grow the good by protecting our customers and communities. Take your career to the next level by gaining a deeper understanding and experience on cutting-edge Information Security related technologies and controls. You will also have the opportunity to interact and learn from both BMO's senior management and top talent related to the Information Security profession. You will drive the Testing & Evaluation of Information Security (IS) Controls in the Process, Risk & Controls (PRC) framework. PRC is a set of key processes, risks and controls associated with the use and support of technology in the delivery of business objectives. You will be responsible to play a leadership role in the management of PRC framework, Testing of Design and Operating Effectiveness of IS controls. The role requires working closely with the CTU Stakeholder community and IS 1A functions that are responsible for Design and / or Operations of IS controls. Responsibilities: * Supports the business/group leader in the effective implementation, maintenance and administration of first line of defense (1st LOD) programs (e.g., operational risk, AML, compliance, regulatory, etc.), including overseeing business operations within the jurisdiction to ensure adherence and efficiency. Contributes to a strong risk management culture through collaboration with other first line employees, and second & third line functions to ensure Compliance, AML or operational risks are identified, mitigated, monitored and reported on an ongoing basis. * Supports multiple, varied business units with corresponding number of regulators. * Monitors and advises on management of risk requirements within the defined risk appetite. * Manages/supports large/complex risk programs/frameworks /projects/initiatives to ensure risks are appropriately mitigated and regulations adhered to. * Monitors industry and legislative developments and continuously updates programs to ensure they are competitive and effective * Supports the position on regulatory compliance Issues by interpreting requirements (existing, new and emerging) and identifying, analyzing and addressing resultant gaps and issues, including those raised through the review of change initiatives. Understands the identified risk exposures and supports the development of action plans required to mitigate identified risks. * Acts as a subject matter expert in the evaluation, development and implementation of an internal control system. * Supports the execution of strategic initiatives in collaboration with internal and external stakeholders. * Builds effective relationships with internal/external stakeholders. * Breaks down strategic problems, and analyses data and information to provide insights and recommendations. * Builds change management plans of varying scope and type; leads or participates in a variety of change management activities including readiness assessments, planning, stakeholder management, execution, evaluation and sustainment of initiatives. * Monitoring to ensure that 1st line jobs are following defined processes and procedures. * Develops, documents and maintains business/group procedures updating and obtaining approvals as regulations or the operating environment changes and communicates changes to the business/group & relevant stakeholder groups. * Designs measurable sustainment strategies including assessing and recommending mitigations for industry/ segment-specific risks and prioritizing opportunities presented by internal and external stakeholders. * Tracks exception/exemption requests and corresponding approvals. * Facilitates training to ensure business unit employees fully understand requirements. * Provides quality control for investigations, self-reports, examinations and independent reviews conducted by internal and external stakeholders, including regulators, providing verbal and written responses to requests for positions, action plans, information and/or documentation * May act as the designated Primary Business Unit Compliance Officer (BUCO) and/or Anti-Money Laundering Reporting Officer for the operating group and is accountable to meet all program requirements (e.g., Operating Group Compliance Program, AML Program Framework). * Builds awareness, knowledge, and skills and, as necessary, provides communication, practical tools and ongoing support including making presentations, to promote a culture of risk identification and management. * Supports the management of 1st LOD program for the business/group in compliance with appropriate principles, standards & direction from the second line of defense groups. Includes developing and promoting program and ensuring the execution of all program components. * Works with assigned business/group leaders to implement 1st LOD programs and frameworks, developing and maintaining an in-depth understanding of the applicable regulatory and internal risk management requirements. Interprets and provides advice on the application of the requirements for the business/group. * Develops and maintains an understanding of the business/group strategies and objectives, products and services, internal and external stakeholders and business processes as well as the underlying infrastructure to identify and manage implications and risk exposures for the business/group. * Identifies, investigates, analyzes, documents & mitigates program risks, taking into account jurisdictional issues, and raises any issues or concerns to senior leaders and other stakeholders. * Analyzes the impact and effectiveness of the program through periodic reviews. * Recommends adjustments to the overall program, policy or processes within the business/group in accordance with the Risk Appetite Statement, Governance and Corporate Policy. * Supports the business/group through internal/external audits or regulatory examinations and assists in development of action plans to resolve any identified issues. * Provides support to the development and delivery of training and awareness programs within the business/group to increase awareness of and compliance to risk management requirements. * Focus is primarily on business/group within BMO; may have broader, enterprise-wide focus. * Provides specialized consulting, analytical and technical support. * Exercises judgment to identify, diagnose, and solve problems within given rules. * Works independently and regularly handles non-routine situations. * Broader work or accountabilities may be assigned as needed This role can be located in either Chicago, USA or Toronto, Ontario Canada. Only candidates who currently reside in either one of these cities will be considered.* Pre-requisites/Mandatory Qualifications: * University degree/college diploma or equivalent work experience * At least one professional Information Security Certifications (i.e. CISSP / CISM / CISA) * At least 6 to 8 years experience in Information Security management processes and methodology * Minimum of 6-8 years experience with Control Testing or IT Audit OR Information Security Audits * Strong expertise with MS Excel and complex analytics/formulas, MS Power Point and all the MS Office Suite of products * Experience with providing subject matter expertise in the interpretation and deployment of key Industry standards and regulatory requirements * Experience with playing a lead role in the review, ongoing assessment and testing of IS controls . This includes test preparation, test execution, providing recommendations and reporting on the status of the identified gaps / issues. * Experience with playing a key role in developing capability to provide inputs that are required for regulatory reporting and audit queries * Experience in leading in the collection/consolidation data to be utilized for management and executive communications, including presentations, organizational program support, and communications between teams * Experience with communicating, making recommendations or escalations to management or making updates as per established management reporting guidelines * Experience with effectively and proactively contribute on the coordination, consolidation, analysis, recommendations, and reporting * Experience with ensuring testing lifecycle is implemented in a timely & consistent manner * Experience with providing leadership and direction by setting context, defining accountabilities, tasks and assignments * Exposure to coaching, motivating, developing and evaluating the performance of subordinates and provide guidance and mentoring in the resolution of complex issues * Good understanding of Information Security standards and frameworks is preferred, such as ISO 27001, ISO 27002 (2013), NIST CSF, NIST 800-53, COBIT 5, ITIL, BITS SIG Lite, FFIEC, GLBA, PCI DSS, and others * Strong foundation in Information Security processes, procedures, controls, reporting, risk and regulatory requirements * Strong technical knowledge of data processing and IT security arrangements * Ability to work independently and multi-task in a fast-paced environment * Ability to communicate and present effectively through a range of mediums, to various audiences, in a way that demonstrates subject-matter knowledge, facilitates comprehension, and inspires appropriate action * Exceptional and proven leadership capabilities - communication, conflict resolution, people management, relationship management (internally/externally), and multitasking * Advanced level of conceptual and strategic thinking with strong problem management skills * Ability to act with the highest integrity in ambiguous situations and conflicts * Experience in managing projects and using project management skills is desired Skills: * Possesses expert communication skills, both written and verbal * Strong collaboration skills * Demonstrates expert leadership skills and capabilities * Displays high ethics and trust values * Ability to operate effectively in a matrix environment We're here to help At BMO Harris Bank we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world. As a member of the BMO Harris Bank team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset. To find out more visit us at www.jobs.bmoharris.com. BMO Harris Bank is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO Harris Bank N.A. is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Apply