Job Details

At EY, we're committed to empowering you to shape your future with confidence. Join us to thrive in a dynamic environment where your career can take any direction you desire while contributing to building a better working world.

As a Senior Consultant in Offensive Security, you will be instrumental in strengthening our clients' security posture through thorough threat assessments and proactive vulnerability management. Lead and collaborate with a skilled team of cybersecurity professionals to implement and manage offensive security initiatives while ensuring that security measures are seamlessly integrated throughout the software development lifecycle.

The Opportunity

In this position, you will oversee and conduct penetration testing, red teaming, and comprehensive security assessments for a range of clients. Collaborate with multiple teams to spot vulnerabilities, devise mitigation strategies, and ensure security practices are in line with industry standards. Your expertise will drive efforts to automate security processes, enabling our clients to establish a more secure working environment.

Your Key Responsibilities

• Lead, scope, and execute various penetration testing projects, including web applications (black box, white box, and gray box assessments), network systems, cloud environments, hardware, and firmware.
• Develop and execute red and purple team scenarios to identify security gaps within organizations and offer actionable recommendations.
• Conduct thorough analysis of penetration testing results, creating detailed reports that include findings, exploitation procedures, associated risks, and recommended actions.
• Stay abreast of emerging security threats, vulnerabilities, and best practices in the industry, fostering a culture of continuous learning within the team.
• Assist in configuring and maintaining penetration testing tools and related infrastructure to ensure optimal performance and security.
• Contribute to developing and updating operational metrics for client meetings, offering insights into tool performance and security findings.

Skills and Attributes for Success

• At least 5+ years of experience in penetration testing and offensive security practices.
• Strong knowledge of automation tools and processes within offensive security and application security contexts.
• Excellent problem-solving skills and the ability to manage multiple security projects simultaneously.
• Effective communication skills to engage with clients and internal stakeholders, simplifying complex technical concepts into clear terms.

To qualify for the role, you must have:

• A Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
• At least ten (10) years of experience performing penetration tests or five (5) years in an electric utility in generation, or transmission & distribution performing penetration tests.
• Extensive experience in manual attack and penetration testing for web applications, networks, and cloud environments.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks.
• Knowledge of Windows, Linux, Unix, and other major operating systems.

Ideally, you would also have:

• Certifications like CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, or CISM.
• Contributions to the security community through research, public CVE disclosures, bug bounty acknowledgments, or open-source project involvement.
• Strong analytical skills to interpret complex information and communicate it effectively.
• A keen interest in staying updated on the latest cybersecurity threats and trends, promoting continual learning and adaptation.

What We Look For

We are looking for top performers who are passionate about cybersecurity principles, equipped with relevant experience and certifications. A proactive mindset, the ability to foster high-performing teams, adaptability to evolving threats, and a commitment to continuous learning are essential traits we seek. We want motivated individuals dedicated to safeguarding digital assets and promoting a culture of security awareness.

What We Offer

• Continuous learning: Develop the mindset and skills to navigate the future.
• Success as defined by you: Tools and flexibility to make a meaningful impact, your way.
• Transformative leadership: Insights, coaching, and confidence to be part of high-performing teams.
• Diverse and inclusive culture: An environment that embraces your uniqueness and encourages you to help others express their voices.

Join us and enhance your future with confidence. Apply today!