Senior Application Security Reviewer

Role Overview Join EY as a Senior Application Security Reviewer and take charge of identifying and mitigating security risks across our applications and systems. This role offers the opportunity to work with cutting-edge security methodologies while collaborating with development teams and stakeholders to build a more secure digital environment. You will be instrumental in integrating security into the software development lifecycle and ensuring organizational compliance with industry standards. Key Responsibilities - Conduct comprehensive threat modelling analysis using established frameworks like STRIDE to identify potential attack vectors and prioritize security remediation efforts - Perform secure code reviews to identify security flaws and ensure adherence to coding standards and best practices across development teams - Execute various security testing methodologies including Static Application Security Testing, Dynamic Application Security Testing, and Interactive Application Security Testing - Provide technical guidance and support during application onboarding activities, helping developers navigate the security review process and building positive stakeholder relationships - Document comprehensive assessment findings including identified risks, recommended mitigations, and action plans with clear reporting to both technical and non-technical audiences - Stay current with emerging security threats and vulnerabilities while designing and implementing process improvements for the Application Security program Required Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Business Management, or related field - Minimum 4 years of hands-on experience with various threat modelling tools and methodologies - Minimum 4 years of experience in engineering, product management, technical program management, data analysis, or product development - Minimum 4 years of cross-functional and cross-team project experience - Minimum 4 years of combined experience in technology administration, technical risk management, and software development - Proven experience working in client-facing roles with strong stakeholder engagement skills Why Join Us At EY, you will have the opportunity to build a unique career with global scale, comprehensive support, and an inclusive culture. You will work with diverse teams across over 150 countries, contributing to building a better working world while developing your skills in one of the most dynamic fields in technology. Preferred Qualifications - Certifications such as CISSP or CEH - Basic to moderate coding skills and experience with application or service development - Understanding of cloud computing architectures and networking concepts - Familiarity with OWASP, NIST, and other security frameworks

- 4 or more years threat modelling experience with established frameworks like STRIDE - 4 or more years in engineering, product management, technical program management, or product development - 4 or more years in cross-functional and cross-team project management - 4 or more years in technology administration, technical risk management, and software development - Bachelor's degree in IT, Cybersecurity, Business Management, or related field - Client-facing experience with strong communication skills - Cloud computing and networking knowledge - Application security and software development process understanding - OWASP and NIST framework familiarity - Static and Dynamic Application Security Testing expertise - Threat modelling and code review capabilities

- Global career development opportunities - Inclusive workplace culture - Work with diverse teams across 150+ countries - Professional growth in cutting-edge security domain - Comprehensive support and resources