At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.  

EY's people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and consulting services. We strive to help all of our people achieve their professional and personal goals through an inclusive environment that values everyone's contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canada's top employers, EY continually strives to be a great place to work.

 

The opportunity 

 

Join our Financial Services Cybersecurity team in Toronto as a Cloud Application Security Engineer. You’ll gain insights into the unique cybersecurity integration challenges in financial services, strategies to secure emerging technologies, and evolving regulatory expectations. You’ll work alongside respected industry professionals, learning about and applying leading cyber risk management and strategy practices at our financial services clients.

 

This position falls within our Consulting team, which helps our clients enhance the effectiveness of operations functions by assisting them as they shift their emphasis from transaction-level control, processing and reporting to more value driven, decision support and analytics.

 

Your key responsibilities:

Security Architecture and Design: Collaborate with development teams to design secure cloud application architectures, considering best practices and industry standards. Assess and recommend appropriate security controls, such as encryption, access controls, and authentication mechanisms. Threat Modeling: Conduct threat modeling exercises to identify potential security risks and vulnerabilities in cloud applications. Assess the impact and likelihood of threats and prioritize security mitigations based on risk analysis. Secure Development Lifecycle (SDL): Promote and enforce secure coding practices throughout the software development lifecycle. Provide guidance on secure coding techniques, secure code reviews, and vulnerability remediation. Cloud-specific Security Controls: Implement and configure security controls specific to cloud environments, such as web application firewalls (WAF), cloud access security brokers (CASB), and container security solutions. Ensure these controls are properly integrated and effectively protect cloud applications. Security Testing: Conduct security assessments, penetration testing, and vulnerability scanning of cloud applications to identify and remediate security weaknesses. Perform static and dynamic application security testing (SAST/DAST) and provide recommendations for secure coding and configuration. Identity and Access Management (IAM): Implement secure IAM practices for cloud applications, including role-based access control (RBAC), multi-factor authentication (MFA), and privileged access management (PAM). Regularly review and update access permissions to ensure least privilege access. Compliance and Regulatory Requirements: Ensure cloud applications comply with relevant industry regulations and standards, such as GDPR, HIPAA, or PCI DSS. Work closely with compliance teams to address security and privacy requirements and support audit activities. Security Monitoring and Logging: Configure logging and monitoring mechanisms to detect and respond to security events in cloud applications. Implement log analysis tools and security information and event management (SIEM) solutions to gain visibility into application activities and potential threats. Security Awareness and Training: Develop and deliver security awareness programs for development teams, educating them about secure coding practices, common vulnerabilities, and emerging threats specific to cloud applications. Foster a security-conscious culture within the organization. Cloud Provider Security Assessment: Conduct security assessments of cloud service providers to evaluate their security controls and compliance with security standards. Assess vendor security documentation, perform due diligence, and make informed decisions regarding cloud service providers. Stay Current with Cloud Security Trends: Stay updated with the latest trends, emerging threats, and evolving security technologies in the cloud computing domain. Continuously enhance knowledge and skills through professional development, attending conferences, and participating in relevant training programs.

To qualify for the role you must have:

Cloud Security Expertise: In-depth knowledge of cloud security principles, concepts, and best practices. Familiarity with major cloud service providers (such as AWS, Azure, Google Cloud) and their security offerings. Understanding of cloud-specific security challenges and solutions. Application Security Knowledge: Strong understanding of application security principles, secure coding practices, and common vulnerabilities such as OWASP Top 10. Knowledge of secure development frameworks and methodologies (e.g., Secure SDLC, DevSecOps). Cloud Application Architecture: Proficiency in designing and architecting secure cloud applications. Understanding of cloud-native architectures, microservices, serverless computing, and containerization. Knowledge of how security controls can be effectively integrated into cloud application designs. Security Assessment and Testing: Experience in conducting security assessments and vulnerability testing of cloud applications. Familiarity with tools and techniques for static and dynamic application security testing (SAST/DAST), penetration testing, and vulnerability scanning. Cloud Compliance and Regulations: Knowledge of industry regulations and compliance standards, such as GDPR, HIPAA, PCI DSS, or SOC 2. Understanding of how to design and implement cloud applications that comply with these standards. Identity and Access Management (IAM): Proficiency in designing and implementing secure IAM practices for cloud applications. Knowledge of IAM concepts, authentication protocols, role-based access control (RBAC), and federated identity management. Secure Development Practices: Strong understanding of secure coding practices and principles. Familiarity with programming languages commonly used in cloud applications (e.g., Java, Python, JavaScript) and how to mitigate common security vulnerabilities in code. Communication and Collaboration: Strong communication skills to effectively collaborate with development teams, security teams, and other stakeholders. Ability to articulate complex security concepts to both technical and non-technical audiences. Continuous Learning: A passion for staying updated with the latest cloud security trends, emerging threats, and evolving technologies. Willingness to acquire new skills and certifications to enhance expertise in cloud application security.

 

What We Look For

 

We’re interested in intellectually curious people with a genuine passion for cybersecurity. If you have the confidence in your technical abilities to grow into a leading expert here, this is the role for you.

 

What We Offer

 

At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.

 

We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:

Support and coaching from some of the most engaging colleagues in the industry Learning opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you

 

Diversity and Inclusion at EY

 

Diversity and inclusiveness are at the heart of who we are and how we work. We’re committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. From our actions to combat systemic racism and our advocacy for the LGBT+ community to our innovative Neurodiversity Centre of Excellence and Accessibility initiatives, we welcome and embrace the diverse experiences, abilities, backgrounds and perspectives that make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.

  EY | Building a better working world   EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.   Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.   Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.