Cyber SDC - Attack & Penetration - Exp - Consulting

Senior Consultant, Offensive Security – Service Delivery Center (EY)

Location:

Anywhere in Country

As a Senior Consultant in Offensive Security within EY’s Service Delivery Center, you will enhance our clients’ security posture through proactive threat assessments and vulnerability management. You will lead a team of cybersecurity professionals in implementing offensive security initiatives and integrating security into the software development lifecycle.

You will manage and execute penetration testing, red teaming, and security assessments for our clients. You will collaborate with cross‑functional teams to identify vulnerabilities, develop mitigation strategies, and ensure practices align with industry standards.

• Lead, scope, and execute penetration testing projects for web applications, networks, cloud environments, hardware, and firmware.
• Develop and run red team and purple team scenarios to identify gaps and provide actionable recommendations.
• Create detailed reports of testing results, exploitation procedures, risks, and recommendations.
• Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote learning within the team.
• Configure, maintain, patch, and update testing tools and supporting infrastructure.
• Contribute to operational metrics for client meetings and provide insights on tool performance.

• 5+ years of penetration testing and offensive security experience.
• Strong knowledge of automation tools in offensive and application security.
• Excellent problem‑solving and project management skills.
• Effective communication skills for clients and stakeholders.

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field.
• Minimum 3 years in incident response or penetration tests; or minimum 1 year in electric utility penetration testing.
• Extensive manual attack testing experience across web, network, and cloud.
• Proficiency in scripting (Python, Bash, Power Shell) for automation.
• Knowledge of Windows, Linux, Unix, and major operating systems.

• Certifications:
  
  CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
• Community contributions, research, CVE disclosures, bug bounty, open‑source involvement.
• Strong analytical and communication skills.
• Active interest in cybersecurity trends and learning.

• Continuous learning opportunities.
• Flexibility to impact the way you work.
• Leadership coaching and development.
• Diverse and inclusive culture.
• Competitive compensation: $61,200‑$100,500 base (U.S.) with additional variations for major markets.
• Comprehensive benefits: medical, dental, pension, 401(k), paid time off, flexible vacation.
• Hybrid work model: 40‑60% in‑office.

Apply today. EY accepts applications on an ongoing basis.

EY is an equal‑employment‑opportunity employer. We provide reasonable accommodation for qualified individuals with disabilities. If you have a disability and need assistance, contact 1‑800‑EY‑HELP
3.