Job Details

At EY, we are committed to shaping your future with confidence and helping you advance your career within a diverse and globally connected environment. Join us and contribute to building a better working world.

As a Senior Consultant in Offensive Security within our Service Delivery Center, you will significantly enhance our clients' security posture through proactive threat assessments and vulnerability management. In this role, you will lead and collaborate with a skilled team to implement and manage offensive security initiatives, integrating security measures throughout the software development lifecycle while optimizing service delivery processes.

The Opportunity

In this pivotal role, you will manage and execute penetration testing, red teaming, and security assessments for our diverse clientele. Collaborating closely with cross-functional teams, you will identify vulnerabilities, devise mitigation strategies, and ensure that security practices align with industry standards, driving efforts in automation and enhancing our clients' security environments.

Your Key Responsibilities

• Lead and execute penetration testing projects, including assessments for web applications, networks, cloud environments, hardware, and firmware.
• Develop and conduct red team and purple team scenarios to uncover security posture gaps and provide actionable recommendations.
• Create comprehensive reports detailing findings, exploitation procedures, risks, and recommendations based on thorough penetration testing.
• Stay updated with emerging security threats, vulnerabilities, and industry best practices, fostering continual learning within the team.
• Assist in configuring and maintaining penetration testing software and infrastructure to ensure optimal performance and security.
• Contribute to operational metrics for client meetings, offering insights into tool performance and security findings.

Skills and Attributes for Success

• At least 5+ years of proven experience in penetration testing and offensive security practices.
• Strong understanding of automation tools and processes in the context of offensive and application security.
• Excellent problem-solving abilities and the skill to manage multiple security projects concurrently.
• Effective communication skills for liaising with clients and translating complex technical concepts into comprehensible terms.

To Qualify for the Role, You Must Have

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• A minimum of three years of experience in incident response or performing penetration tests; or one year in an electric utility in the area of generation, or transmission & distribution performing penetration tests.
• Extensive experience in manual attack and penetration testing across web applications, networks, and cloud environments.
• Proficiency in scripting languages such as Python, Bash, or PowerShell for automating security tasks.
• Familiarity with major operating systems including Windows, Linux, and Unix.

Ideally, You Would Also Have

• Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM.
• Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, or open-source involvement.
• Strong analytical skills for interpreting complex information effectively.
• An active interest in the latest cybersecurity threats and trends to promote continual learning.

What We Look For

We seek top performers with a strong passion for cybersecurity principles and practices. A proactive mindset, the ability to create high-performing teams, adaptability to evolving threats, and a commitment to continuous learning are critical attributes for candidates. We value motivated individuals who are dedicated to safeguarding digital assets and promoting a culture of security awareness.

What We Offer

• Continuous Learning: Develop the mindset and skills to navigate future challenges.
• Success Defined by You: We provide the tools and flexibility to make a meaningful impact in your unique way.
• Transformative Leadership: Gain insights, coaching, and confidence to excel in high-performing teams.
• Diverse and Inclusive Culture: Embrace your identity and empower others to do the same.

At EY, we offer a comprehensive compensation and benefits package, rewarding your performance and recognizing your value. Join us to shape your future with confidence and impact the way the world works.