Cyber SDC - Attack & Penetration - Exp - Consulting

Job Title

Cyber SDC - Attack & Penetration - Exp Staff - Consulting - Location OPEN

As a Senior Consultant in Offensive Security within EY’s Service Delivery Center, you will enhance clients’ security posture through proactive threat assessments and vulnerability management. You will lead and collaborate with cybersecurity professionals to implement and manage offensive security initiatives across the software development lifecycle while optimizing service delivery processes.

• Lead, scope, and execute penetration testing projects, including web applications (black box, white box, gray box), networks, cloud environments, hardware, and firmware.
• Develop and execute red team and purple team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
• Generate comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
• Stay current with emerging security threats, vulnerabilities, and industry best practices, promoting continual learning within the team.
• Configure, maintain, and patch penetration testing tools and supporting infrastructure to ensure optimal performance and security.
• Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.

• Minimum 5+ years of experience in penetration testing and offensive security.
• Strong knowledge of automation tools and processes for offensive and application security.
• Excellent problem‑solving skills and ability to manage multiple security projects simultaneously.
• Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Minimum 3 years’ experience in incident response or performing penetration tests; or minimum 1 year working in an electric utility in generation, transmission & distribution performing penetration tests.
• Extensive experience with manual attack and penetration testing of web applications, networks, and cloud environments.
• Proficiency in scripting languages (Python, Bash, Power Shell) for automation of security tasks.
• Knowledge of Windows, Linux, Unix, and other major operating systems.

• Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
• Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open‑source project involvement.
• Strong analytical skills for interpreting complex information and communicating effectively.
• Active interest in staying updated on the latest cybersecurity threats and trends.

• Continuous learning and professional development.
• Impactful work with the flexibility to make a meaningful impact your way.
• Transformative leadership coaching and high‑performing teams.
• Diverse and inclusive culture that empowers you to use your voice.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities.

If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at