TC-CS-Cyber Architecture- OT and Engineering-Devops- Cloud Security-Senior
EY · Mumbai, Maharashtra, India
- On site
- Full-time
- $120,000 / year
- Mumbai, Maharashtra, India
Job highlights
- Create and maintain secure VM images via automation.
- Implement CI/CD pipelines for efficient image deployment.
- Perform OS hardening and automated security remediation.
- Support audits and compliance reviews with evidence.
- Collaborate with cross-functional teams on security initiatives.
About the role
Senior Cyber Security Engineer
At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.
Job Summary:
We are seeking a skilled Cyber Security Engineer to join our dynamic team responsible for the creation and maintenance of hardened VM images in AWS and Azure environments. The ideal candidate will have a strong background in CI/CD pipeline deployment and coding, with proficiency in scripting languages such as Python, PowerShell and Bash. Experience with Azure DevOps, Ansible, Terraform, and Packer is essential. The role requires deep knowledge of CIS Benchmarks (L1/L2), OS hardening, and automated security remediation. The candidate should demonstrate strong problem-solving skills, effective communication abilities, and a proactive approach to security challenges. A commitment to continuous learning and staying updated with emerging threats, tools, and technologies is highly valued.
Key Responsibilities:
- Developing and maintaining secure VM images through automation and scripting.
- Implementing CI/CD pipelines for efficient deployment and management of images.
- Design and implement end-to-end automation workflows for image creation, validation, testing, and deployment.
- Create and maintain detailed documentation (runbooks, hardening guides, architecture diagrams).
- Conducting OS hardening for various operating systems, including RHEL, Rocky, OEL, Amazon Linux, Ubuntu, and Windows (2016/2019/2022).
- Debugging code and troubleshooting pipeline errors, OS issues, and service deployments.
- Build and manage automated patching mechanisms for Linux and Windows images.
- Applying in-depth knowledge of CIS L1/L2 frameworks to identify and remediate vulnerabilities using automated mechanisms.
- Track updates in CIS benchmarks and ensure continuous alignment with best practices.
- Support audits and compliance reviews by providing evidence, reports, and remediation strategies.
- Enhance pipelines with security validation, including vulnerability scanning, compliance checks, and integrity verification.
- Conduct peer reviews for scripts, automation logic, and IaC templates to ensure quality and consistency.
- Collaborate with cloud infrastructure, architecture, and security teams to align hardened images with enterprise requirements.
- Providing excellent customer service by communicating effectively with clients about team initiatives and project progress.
The successful candidate will possess strong problem-solving skills, a proactive approach to security challenges, and the ability to work collaboratively in a fast-paced environment. A commitment to continuous learning and staying updated on the latest security trends and technologies is highly valued.
Required Qualifications:
- Minimum of 5 years of IT experience.
- At least 3+ years of specialization in Image hardening.
- At least 2+ years of application development in Python.
- At least 2+ years of experience with programming languages such as Terraform.
- 3-5 years of experience in managing and securing multi-cloud environments (AWS, Azure, GCP) with native security tools.
EY | Building a better working world
EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.
Key skills/competency:
- Cyber Security
- VM Image Hardening
- CI/CD Pipelines
- AWS
- Azure
- Python
- Terraform
- Ansible
- CIS Benchmarks
- OS Hardening
Skills & topics
- Cyber Security Engineer
- VM Image Hardening
- CI/CD
- Python
- AWS
- Azure
- Terraform
- Ansible
- OS Hardening
- Cloud Security
- DevOps
- Security Automation
How to get hired
- Tailor your resume: Highlight your experience in image hardening, CI/CD, Python, Terraform, and multi-cloud security.
- Showcase your skills: Quantify achievements in automation, security remediation, and compliance with specific metrics and tools used.
- Prepare for technical questions: Be ready to discuss CIS benchmarks, OS hardening techniques, and IaC principles.
- Demonstrate problem-solving: Prepare examples of how you've debugged complex issues in cloud environments.
- Understand EY's mission: Research EY's commitment to building a better working world and how your role contributes.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key technical skills required for the Senior Cyber Security Engineer role at EY?
- The Senior Cyber Security Engineer role at EY requires strong skills in VM image hardening for AWS and Azure, CI/CD pipeline development using tools like Azure DevOps, proficiency in scripting languages such as Python, PowerShell, and Bash, experience with infrastructure as code tools like Terraform and Ansible, and deep knowledge of OS hardening and CIS Benchmarks (L1/L2).
- How important is experience with cloud platforms for this position?
- Experience with cloud platforms is crucial. The role specifically requires 3-5 years of experience in managing and securing multi-cloud environments, including AWS, Azure, and GCP, utilizing their native security tools. This ensures you can effectively develop and maintain hardened VM images within these critical infrastructures.
- What kind of problem-solving and communication skills are expected for the Senior Cyber Security Engineer at EY?
- The role demands strong problem-solving abilities to debug code, troubleshoot pipeline errors, and resolve OS or service deployment issues. Effective communication is also key, particularly in providing excellent customer service by clearly communicating team initiatives and project progress to clients.
- Does EY offer opportunities for continuous learning for this Cyber Security role?
- Yes, EY highly values a commitment to continuous learning. They encourage staying updated with emerging threats, tools, and technologies in the cybersecurity landscape, ensuring that engineers remain at the forefront of security practices.
- What is the minimum IT experience required for the Senior Cyber Security Engineer position?
- The minimum IT experience required for this role is 5 years. Additionally, specific experience requirements include at least 3+ years in image hardening, 2+ years in Python application development, and 2+ years with programming languages like Terraform.
- How does EY use automation in this Cyber Security Engineer role?
- Automation is central to this role. You will be responsible for developing and maintaining secure VM images through automation and scripting, implementing CI/CD pipelines, designing end-to-end automation workflows for image lifecycle management, and building automated patching mechanisms.
- What operating systems will the Senior Cyber Security Engineer be working with?
- The role involves conducting OS hardening for a variety of operating systems, including Linux distributions such as RHEL, Rocky, OEL, Amazon Linux, and Ubuntu, as well as Windows Server versions (2016/2019/2022).