Cyber SDC - WAM Penetration Tester - Senior

Overview

Location:

Anywhere in the country.

Title:

Cybersecurity – Attack and Penetration Tester. EY is a global professional services organization focused on building a better working world.

At EY, we’re committed to shaping your future with confidence. You will work with an international team of cybersecurity specialists to help clients protect their business and resilience, leveraging Advanced Security Centers to access sophisticated tools to combat cybercrime.

• Lead the implementation of security solutions for clients and support their efforts to protect the business.
• Identify potential threats and vulnerabilities in operational environments as part of the Penetration Testing team.
• Conduct penetration testing (web applications, APIs, and Thick clients) and simulate physical breaches where appropriate.
• Plan, pursue, deliver and manage engagements to assess, improve, build, and sometimes operate integrated security operations for clients.
• Research and discover new security vulnerabilities; share knowledge through conferences, white papers, and industry groups.
• Provide technical leadership and mentor junior team members on attack and penetration test engagements.
• Communicate complex technical concepts to technical and non-technical audiences, including executives.

• A bachelor’s degree and at least 5+ years of related work experience.
• Experience with manual attack and penetration testing.
• Scripting/programming skills (e.g., Bash, Python, Power Shell, Java, JavaScript, etc.).
• Familiarity with the latest exploits and security trends.
• Two or more of the following certifications: OSCP, OSWP, OSEP, OSCE, OSEE, GPEN, GWAPT, GMOB, GCPN, GXPN, GRTP, GDAT, CRTO, CRTP, CREST CRT, CCSAS, CWEE, Burp Suite Certified Practitioner, CBBH, eWPTX, OSWA, eWPT, eMAPT, among others.

• Bachelor’s in Computer Science/Cybersecurity/Information Systems/IT/Engineering or related field with 3+ years of related experience, or a master's degree with 2+ years in penetration testing (including internet, intranet, web apps, wireless, social engineering, red team assessments).
• Contributions to the security community (research, CVE disclosures, bug bounties, open-source involvement, publications).
• Understanding of web-based vulnerabilities (OWASP Top 10).
• Strong analytical, problem-solving, and communication skills; ability to work collaboratively in a team.

We seek intellectually curious individuals with a genuine passion for cybersecurity and the ability to speak up with innovative ideas that can influence the industry. If you’re confident in your presentation and technical abilities to grow into a leading expert here, this role is for you.

• Comprehensive compensation and benefits, including flexible Total Rewards and regional salary ranges; details depend on location and experience.
• Hybrid work model: most external client-facing roles are expected to be in-person 40-60% of the time over an engagement or year.
• Flexible vacation policy and paid holidays, with additional time off for personal and family needs, designed to support well-being.

EY accepts applications on an ongoing basis. EY is an equal employment opportunity employer and provides reasonable accommodations for applicants with disabilities. For California applicants, additional information is available via the specified link.

EY is committed to building a better working world by delivering value to clients, people, society and the planet. EY teams work across assurance, consulting, tax, strategy and transactions, leveraging data, AI and technology in more than 150 countries.

EY provides equal employment opportunities without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability, or other legally protected statuses. EY is also committed to reasonable accommodation for qualified individuals with disabilities, including veterans.

For candidate inquiries, contact EY’s Talent Shared Services Team (TSS).