EY
Cyber SDC - WAM Penetration Tester - Senior - Location OPEN
EY, Sacramento, California, United States, 95828
Overview
Location: Anywhere in Country At EY, were all in to shape your future with confidence. Well help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Title: Cybersecurity Attack and Penetration Tester The opportunity involves leading security solution implementations for clients, working with an international team of cybersecurity specialists, and contributing toward clients business resilience. You will be part of EYs Advanced Security Centers, accessing sophisticated tools to combat cybercrime. Responsibilities
As part of the Penetration Testing team, identify potential threats and vulnerabilities to operational environments. Perform penetration testing (web applications, APIs, thick clients) and simulate physical breaches to identify vulnerabilities. Plan, pursue, deliver and manage engagements to assess, improve, build, and sometimes operate integrated security operations for clients. Research and discover new security vulnerabilities; participate in security conferences and share knowledge with industry groups. Provide thought leadership and exchange information through conferences, white papers, and other channels. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Skills and Attributes to success
Perform penetration testing with a focus on web applications, APIs, and thick clients. Ability to work independently and lead a team of testers on penetration testing and red team engagements. Provide technical leadership and advise junior team members. Identify and exploit security vulnerabilities across diverse systems and environments. Analyze penetration testing results and create reports with findings, exploitation procedures, risks, and recommendations. Execute projects using established methodology, tools, and rules of engagements. Communicate complex security concepts to technical and non-technical audiences, including executives. Qualifications
A bachelor's degree and at least 5+ years of related work experience. Experience with manual attack and penetration testing. Scripting/programming skills (e.g., Bash, Python, PowerShell, Java, Perl, Rust, Golang, J2EE, .NET, JavaScript). Updated and familiar with the latest exploits and security trends. Two of the following certifications: OSCP, OSWP, OSEP, OSCE, OSEP, OSEE, GPEN, GWAPT, GMOB, GCPN, GXPN, GRTP, GDAT, CRTO, CRTP, CRTE, CREST CRT, CCSAS, CWEE, Burp Suite Certified Practitioner, CBBH, eWPT, OSWA, eWPTX, eMAPT. Ideally, youll also have A bachelors in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering, or related field with 3+ years of related experience (or a masters with 2+ years) in penetration testing, including internet, intranet, web app tests, wireless, social engineering, and red team assessments. Contributions to the security community (research, CVE disclosures, bug bounty acknowledgments, open-source, publications). Understanding of web vulnerabilities (OWASP Top 10). Strong analytical and problem-solving abilities; excellent written and verbal communication. Ability to work collaboratively in a team. What We Look For
Intellectually curious individuals with a genuine passion for cyber security and the ability to contribute innovative ideas in attack and penetration testing. What We Offer You
Comprehensive compensation and benefits; salary ranges vary by location and experience, with Total Rewards including medical/dental coverage, pension/401(k), and paid time off. Hybrid model with most client-facing roles expected to work in person 40-60% of the time; flexible vacation and designated holidays and leave policies. EEO and Accommodation
EY provides equal employment opportunities regardless of race, color, religion, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability, or any other legally protected status. EY is committed to reasonable accommodation for qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or require an accommodation, please contact EYs Talent Shared Services. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries: Professional Services
#J-18808-Ljbffr
Location: Anywhere in Country At EY, were all in to shape your future with confidence. Well help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Title: Cybersecurity Attack and Penetration Tester The opportunity involves leading security solution implementations for clients, working with an international team of cybersecurity specialists, and contributing toward clients business resilience. You will be part of EYs Advanced Security Centers, accessing sophisticated tools to combat cybercrime. Responsibilities
As part of the Penetration Testing team, identify potential threats and vulnerabilities to operational environments. Perform penetration testing (web applications, APIs, thick clients) and simulate physical breaches to identify vulnerabilities. Plan, pursue, deliver and manage engagements to assess, improve, build, and sometimes operate integrated security operations for clients. Research and discover new security vulnerabilities; participate in security conferences and share knowledge with industry groups. Provide thought leadership and exchange information through conferences, white papers, and other channels. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Skills and Attributes to success
Perform penetration testing with a focus on web applications, APIs, and thick clients. Ability to work independently and lead a team of testers on penetration testing and red team engagements. Provide technical leadership and advise junior team members. Identify and exploit security vulnerabilities across diverse systems and environments. Analyze penetration testing results and create reports with findings, exploitation procedures, risks, and recommendations. Execute projects using established methodology, tools, and rules of engagements. Communicate complex security concepts to technical and non-technical audiences, including executives. Qualifications
A bachelor's degree and at least 5+ years of related work experience. Experience with manual attack and penetration testing. Scripting/programming skills (e.g., Bash, Python, PowerShell, Java, Perl, Rust, Golang, J2EE, .NET, JavaScript). Updated and familiar with the latest exploits and security trends. Two of the following certifications: OSCP, OSWP, OSEP, OSCE, OSEP, OSEE, GPEN, GWAPT, GMOB, GCPN, GXPN, GRTP, GDAT, CRTO, CRTP, CRTE, CREST CRT, CCSAS, CWEE, Burp Suite Certified Practitioner, CBBH, eWPT, OSWA, eWPTX, eMAPT. Ideally, youll also have A bachelors in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering, or related field with 3+ years of related experience (or a masters with 2+ years) in penetration testing, including internet, intranet, web app tests, wireless, social engineering, and red team assessments. Contributions to the security community (research, CVE disclosures, bug bounty acknowledgments, open-source, publications). Understanding of web vulnerabilities (OWASP Top 10). Strong analytical and problem-solving abilities; excellent written and verbal communication. Ability to work collaboratively in a team. What We Look For
Intellectually curious individuals with a genuine passion for cyber security and the ability to contribute innovative ideas in attack and penetration testing. What We Offer You
Comprehensive compensation and benefits; salary ranges vary by location and experience, with Total Rewards including medical/dental coverage, pension/401(k), and paid time off. Hybrid model with most client-facing roles expected to work in person 40-60% of the time; flexible vacation and designated holidays and leave policies. EEO and Accommodation
EY provides equal employment opportunities regardless of race, color, religion, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability, or any other legally protected status. EY is committed to reasonable accommodation for qualified individuals with disabilities, including veterans with disabilities. If you need assistance applying online or require an accommodation, please contact EYs Talent Shared Services. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries: Professional Services
#J-18808-Ljbffr