Senior Offensive Security Consultant

Join EY and take the next step in your career as a Senior Offensive Security Consultant. We are dedicated to shaping your future with confidence, fostering a diverse and globally connected work environment. Be part of our mission to build a better working world.

The Opportunity

In this influential role, you will lead and execute penetration testing, red teaming, and various security assessments for our esteemed clients. Collaborating with cross-functional teams, you will identify vulnerabilities, develop mitigation strategies, and ensure security measures align with industry standards, driving efforts in automation to enhance security environments.

Your Key Responsibilities

• Lead and execute extensive penetration testing projects, assessing web applications, networks, cloud environments, hardware, and firmware.
• Design and facilitate red team and purple team exercises to identify security posture gaps and provide actionable recommendations.
• Generate detailed reports of findings, exploitation procedures, associated risks, and well-founded recommendations from thorough testing.
• Stay abreast of emerging security threats, vulnerabilities, and best practices to promote continual learning within the team.
• Assist in configuring and maintaining penetration testing tools and infrastructure for optimal performance and security.
• Contribute to operational metrics for client meetings, providing insights into tool performance and security findings.

Skills and Attributes for Success

• Over 5 years of proven experience in penetration testing and offensive security methodologies.
• Strong grasp of automation tools and processes in the context of offensive and application security.
• Excellent problem-solving skills and the capability to manage multiple security projects simultaneously.
• Effective communication skills to engage with clients and explain complex technical concepts clearly.

To Qualify for the Role, You Must Have

• A Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• A minimum of three years of experience in incident response or penetration testing; or one year in the electric utility sector focusing on generation or transmission & distribution.
• Extensive knowledge of manual attack and penetration testing across various platforms including web applications and cloud environments.
• Proficiency in scripting languages such as Python, Bash, or PowerShell for automating security tasks.
• Familiarity with major operating systems, including Windows, Linux, and Unix.

Ideally, You Would Also Have

• Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM.
• Contributions to the cybersecurity community via research, public CVE disclosures, bug bounties, or open-source involvement.
• Strong analytical skills for interpreting and analyzing complex information.
• A keen interest in staying updated with the latest cybersecurity threats and trends.

What We Look For

We seek passionate top performers in the cybersecurity domain. A proactive mindset, the ability to forge high-performing teams, adaptability to evolving threats, and a commitment to continuous learning are vital qualities we value. We welcome motivated individuals who are devoted to protecting digital assets and nurturing a culture of security awareness.

What We Offer

• Continuous Learning: We support your development to equip you for future challenges.
• Success Defined by You: We provide tools and flexibility to make a significant impact in your own unique style.
• Transformative Leadership: Access insights, coaching, and confidence to thrive within high-performing teams.
• Diverse and Inclusive Culture: Embrace your identity and empower others to do the same.

At EY, we offer a comprehensive compensation and benefits package that rewards your performance and recognizes your value. Join us to shape your future confidently and make a meaningful impact in the world.