Cyber SDC - Attack & Penetration - Exp - Consulting

Join to apply for the Cyber SDC - Attack & Penetration - Exp Staff - Consulting - Location OPEN role at EY

As a Senior Consultant in Offensive Security within EY’s Service Delivery Center, you will enhance clients  security posture through proactive threat assessments and vulnerability management. Lead and collaborate with a team of cybersecurity professionals to implement and manage offensive security initiatives, ensuring security measures are integrated throughout the software development lifecycle while optimizing service delivery processes. The opportunity involves managing and executing penetration testing, red teaming, and security assessments for clients and aligning security practices with industry standards.

• Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box), networks, cloud environments, hardware, and firmware.
• Develop and execute red team and purple team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
• Perform in-depth penetration testing results and create comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
• Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
• Assist in configuring, handling, patching, and updating penetration testing software and supporting infrastructure to ensure optimal performance and security.
• Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.

• Proven experience in penetration testing and offensive security practices, with a minimum of 5+ years in related work experience.
• Strong knowledge of automation tools and processes in offensive security and application security.
• Excellent problem-solving skills and the ability to manage multiple security projects simultaneously.
• Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• At least three (3) years’ experience in incident response or performing penetration tests; or at least one (1) year in an electric utility area performing penetration tests.
• Extensive experience with manual attack and penetration testing across web applications, networks, and cloud environments.
• Proficiency in scripting languages (e.g., Python, Bash, Power Shell) for automation of security tasks.
• Knowledge of Windows, Linux, Unix, and other major operating systems.

• Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
• Contributions to the security community (research, public CVE disclosures, bug bounty acknowledgments, open-source involvement).
• Strong analytical skills and ability to interpret complex information and communicate it effectively.
• Active interest in staying updated on cybersecurity threats and trends, with a commitment to continual learning.

• Competitive compensation and benefits, with salary ranges and total rewards depending on experience and geography.
• Hybrid work model and flexible vacation policy to support work-life balance.
• Opportunities for professional development, leadership, and working within diverse, inclusive teams.

EY is an equal employment opportunity employer. EY focuses on high-ethical standards and integrity and expects all candidates to demonstrate these qualities. EY provides reasonable accommodation to qualified individuals with disabilities during the application process. See the original posting for full EEO language.