Security Consultant

Security Consultant

This Security Consultant position will play a key role in the development and implementation of all security aspects for complex global applications based on Microsoft Azure technology and, more broadly, the Microsoft technology stack. The role is primarily that of an individual contributor capable of supporting multiple project teams, including detailed participation in implementation, certification of security controls across various projects/applications. This requires knowledge of multiple IT system architectures and cloud technologies, as well as supporting technologies such as IAM, network security, firewalls, user account management, auditing and logging, and other security concepts as described in ISO27001, OWASP, and related security standards.

• Agile and DevOps Methodologies – Experience as a contributing member of a balanced team in an Agile or DevOps development environment
• Application Security – Experience in designing security controls for multilayered business solutions, including application-level access and authorization management, tenancy and data isolation, encryption, and logging. Hands-on familiarity with REST APIs and microservices architecture
• Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings, plus experience in designing configuration and security controls for cloud-based solutions in Microsoft Azure, Google GCP, Amazon AWS, and other providers
• Infrastructure Security – Experience integrating common infrastructure security technologies and solutions into business solution architectures, including identity and access management, intrusion detection and prevention, security monitoring, and data encryption solutions
• Identity and Access Management (IAM) – Experience in designing identity and access management based on Active Directory and integration with IDaaS and Federation technologies

Extensive experience in implementing, advising, and consulting on security configurations in complex IT architectures, including cloud environments (primarily Microsoft, but also covering a variety of IaaS, PaaS, and SaaS offerings from multiple vendors) and on-premises solutions. In-depth knowledge of IT system architecture concepts and cloud technologies, along with associated technologies such as Identity and Access Management (IAM), network security, firewalls, software development best practices, system auditing, system hardening, and other security principles as described in ISO27001, OWASP, and related security standards. Proficiency in interpreting security reports (SAST and DAST) and testing results for applications, providing advice on required fixes and security measures based on policies and non-functional requirements. A degree in Computer Science or a related field. Excellent communication skills, fluency in English (Spanish knowledge is an advantage), and the ability to collaborate with stakeholders ranging from developers and architects to business leaders and EY clients.

Preferred candidates will have additional experience and knowledge in one or more of the following areas:

• Operational Security – Experience in defining operational models and procedures for business solutions, including operation and maintenance of infrastructure and application security controls
• Information Security Standards – Knowledge of common information security standards, such as ISO 27001/27002, NIST CSF, FEDRAMP, CSA, and CIS Controls
• Cloud Security Certifications – Such as AZ-300 Azure Architect Technologies
• Product Management – Working with broader business teams on security aspects that affect all phases, from concept to design, implementation, and then operational support

We are looking for individuals with a passion for information security and a proven ability to apply their knowledge to new and emerging technologies that support the growth strategy of a global professional services firm.

The main challenges for the Enterprise Security Consultant position include the need to design and implement security controls in complex global applications, requiring deep knowledge of IT system architecture and cloud technologies. In addition, the professional must be able to collaborate effectively with multiple project teams, ensuring security certification in a dynamic and constantly evolving environment. Finally, interpreting security reports and applying corrective measures are essential to maintaining the integrity and protection of developed solutions.

• Bachelor’s degree in Technology or related fields;

• Experience in implementation and consulting on security configurations in complex IT architectures, including cloud environments;

• Extensive experience in Cloud Security– Technical understanding of virtualization, cloud infrastructure, and public cloud offerings, along with experience in designing configurations and security controls for cloud-based solutions in Microsoft Azure;

• Strong knowledge of IT system architecture, identity and access management, and security principles in accordance with ISO27001 and OWASP standards;

• Knowledge of programming language: Python;

• Advanced English for corporate/business communication.

• Certifications: CISSP, Security+, CISA;

• Spanish language skills;

• Availability for occasional travel.

• Support internal application development teams, as well as onboarding suppliers and their applications, ensuring alignment with EY security policies and international best practices

• Collaborate effectively with multiple project teams, ensuring security certification in a dynamic and constantly evolving environment

• Interpret security reports and apply corrective measures, essential to maintaining the integrity and protection of developed solutions.