Business Security Consultant (CNAPP)
About the role
EY Infosec is seeking a Cloud Security Consultant with expertise in cloud security architecture, configuration, and governance across the Microsoft Azure platform. The role involves guiding, implementing, and maintaining the security of cloud services and infrastructure, leading the enablement of Wiz CNAPP technology, and applying best practices for secure deployments.
Responsibilities
- SME to mature/advance cloud security posture using Wiz CNAPP across Azure cloud platform
- Guide and help integrate Wiz to drive risk-based remediation with product/DevOps teams and automate guardrails for compliance
- Implement existing and new features of Wiz and build CNAPP capabilities within EY
- Develop, tune, and enforce security policies, requirements, standards, and procedures for cloud environments and containerized workloads
- Collaborate with cross-functional teams to shift left (IaC scanning in CI/CD, approve/deny policies), integrate security best practices into SDLC and CI/CD pipelines
- Automate monitoring for compliance, threats, and performance anomalies, ingest security defects and vulnerabilities into Jira/ServiceNow
- Conduct regular security assessments, vulnerability scans, and threat modeling for cloud environments, identify, evaluate, and mitigate risks
- Work with cross-functional teams to explore new ideas and develop innovative security solutions
- Collaborate with Security Ops and Incident Response teams to investigate and remediate security incidents
- Generate dashboards and executive metrics, report security risks, incidents, and findings to leadership
- Identify gaps in security tools and services, and create custom solutions as necessary
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or related field
- 8+ years of experience as a Cloud Security Engineer/Architect with Wiz (or similar CNAPP platforms and capabilities)
- Hands-on experience with Wiz (or similar CNAPP) capabilities at enterprise level, including CSPM, CWPP, vulnerability scanning, compliance assessments, DevSecOps integration
- CI/CD familiarity (GitHub/GitLab/Azure DevOps), IaC (Terraform/CloudFormation), scripting/automation (Rego/Python/TypeScript), APIs/webhooks, event pipelines
- Strong understanding of DevSecOps principles and practices
- Excellent communication, presentation, and collaboration skills
- Relevant security certifications such as CISSP or GIAC certs, or Azure Security Engineer
- Frameworks: CIS Benchmarks, NIST 800-53, 800-190, ISO 27001/27002, SOC 2 and other industry standards
What We Offer
The compensation range for this role is $128,100 to $239,600 in the US, and $153,800 to $272,300 in the New York City Metro Area, Washington State, and California (excluding Sacramento). EY offers a comprehensive compensation and benefits package, including medical and dental coverage, pension, 401(k) plans, and flexible vacation policies. EY is committed to providing reasonable accommodation to qualified individuals with disabilities.