Cyber SDC - Attack & Penetration - Senior - Consulting

Overview

Location:

Anywhere in Country

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

As a Senior Consultant in Offensive Security within our Service Delivery Center, you will play a pivotal role in enhancing our clients' security posture through proactive threat assessments and vulnerability management. You will lead and collaborate with a team of cybersecurity professionals to implement and manage offensive security initiatives, ensuring that security measures are integrated throughout the software development lifecycle while optimizing service delivery processes.

Collaborate with cross-functional teams to drive security initiatives that align with industry standards and client needs.

• Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box assessments), networks, cloud environments, hardware, and firmware.
• Develop and execute red team and purple team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
• Perform in-depth penetration testing and create comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
• Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
• Assist in configuring, handling, patching, and updating penetration testing software and supporting infrastructure to ensure optimal performance and security.
• Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.

• Proven experience in penetration testing and offensive security practices, with a minimum of 5+ years of related work experience.
• Strong knowledge of automation tools and processes in offensive security and application security.
• Excellent problem-solving skills and the ability to manage multiple security projects simultaneously.
• Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• A minimum of ten (10) years’ experience performing penetration tests; or a minimum of five (5) years working in an electric utility in generation, or transmission & distribution performing penetration tests.
• Extensive experience with manual attack and penetration testing, including web applications, networks, and cloud environments.
• Proficiency in scripting languages (e.g., Python, Bash, Power Shell) for automation of security tasks.
• Knowledge of Windows, Linux, Unix, and other major operating systems.

• Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
• Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open-source project involvement.
• Strong analytical skills with the ability to interpret complex information and communicate it effectively.
• Active interest in staying updated on the latest cybersecurity threats and trends, promoting continual learning and adaptation.

We seek top performers who possess a strong passion and foundation in cybersecurity principles and practices, along with relevant certifications and experience. A proactive mindset, the ability to create high performing teams, adaptability to evolving threats, and a commitment to continuous learning are also critical attributes we look for in candidates. Ultimately, we look for motivated individuals who are committed to safeguarding digital assets and fostering a culture of security awareness within the organization.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We’ll provide the tools and flexibility, so you can make a…