EY
Assurance_Technology Risk - Senior Cyber Security Consultant - Milano/Bari
EY, Italy, New York, United States
Senior Cyber Security Consultant - Offensive Security
At EY, we're all in to shape your future with confidence.
We will help you grow in a global and connected world, taking your career where you want it.
Join EY and contribute to building a better working world.
What they say about us:
Learning and Development:
over 50 hours per year for each person; Career progression:
in the last 12 months, 65% of EY people have seen their careers recognized; Salary and Benefits:
with a wide range of company conventions, from gym to shopping, to free telemedicine and psychological support services; Mobility and international opportunities , including the possibility of working from abroad for up to 20 days without being on a business trip; Hybrid work
without centrally established days. Discover the Cybersecurity @Assurance team: For our Technology Risk team, within the Service Line of Assurance, we are looking for a
Senior Consultant - Offensive Security , you will be involved in advanced project activities of
penetration testing ,
Red Team operations ,
vulnerability assessment
and
real-world attack simulations . You will work closely with internal teams and clients to identify vulnerabilities, assess real risk and propose effective countermeasures. Your responsibilities will include: Planning and conducting penetration tests on infrastructures, web/mobile applications and industrial systems Executing Red Teaming campaigns and APT (Advanced Persistent Threat) attack simulations Targeted attacks with social engineering, phishing and physical intrusion techniques (if required) Developing custom exploits, payloads and evasion techniques Drafting technical and executive reports with evidence, risks and recommendations Mentoring junior figures and technical supervision of projects Collaborating with the Blue/Defensive team for Purple Teaming and detection improvement activities What we are looking for Degree in Computer Science, Engineering, Information Security or equivalent experience We will also evaluate profiles with a technical background (e.g. IT technician) and solid practical experience in the sector; At least 3 years of experience in cybersecurity, red teaming, vulnerability assessment or penetration testing, preferably in a consulting context; In-depth knowledge of major network protocols (TCP/IP, DNS, HTTP, SMTP, SMB, etc.) and ability to analyze network traffic and packets with tools like Wireshark or tcpdump; Excellent familiarity with Windows, Linux and Unix operating systems, with the ability to execute simulated attacks in hybrid and complex environments; Experience with penetration testing techniques and tools, vulnerability exploitation, privilege escalation, lateral movement and persistence (e.g. Metasploit, Cobalt Strike, Burp Suite, Nmap, BloodHound, etc.); Ability to write and understand scripts in languages like Python, Bash or PowerShell to support offensive activities; Skills in log analysis, events and anomalous behavior for identifying security gaps or potential attack vectors; Knowledge of the attack lifecycle according to frameworks like MITRE ATT&CK, NIST. Certifications
such as
OSCP, OSCE, OSEP, CRTP, CRTE, eXploit Development
or equivalent are highly appreciated. Nice to Have: Participation in CTF, bug bounty, projects, open source or technical communities; Experience with advanced evasion and bypass techniques (EDR/AV), or basic knowledge of exploit development; Familiarity with cloud environments (AWS, Azure, GCP) from an offensive security perspective. Location and work mode:
hybrid in Bari/Milan. What we offer at EY In EY, we help you develop future skills and live world-class experiences. You will have the opportunity to grow in a flexible environment and show your talent in a diversified and inclusive culture with connected global teams. You will have the opportunity to: participate in projects of all kinds for clients in all sectors; access over 450,000 hours of training to enhance your technical skills and personal talent; be supported by a Counselor in your professional path; enjoy a flexible policy and the possibility of working from abroad; access benefits and corporate welfare programs. EY promotes diversity, equity and inclusion, valuing uniqueness, regardless of age, gender, ability, experience, culture, sexual orientation, religion, disability and socio-economic background. All our job offers are addressed equally to people with disabilities, in compliance with Italian law L. 68/99. Our goal is to create a fair and accessible work environment. To ensure you have the best possible experience during the selection process, we ask you to indicate the necessary supports in relation to your potential disability. EY | Building a better working world EY is building a better working world, creating new value for clients, people, society and the planet, while strengthening trust in financial markets. Thanks to data, artificial intelligence and advanced technologies, EY teams help clients shape the future with confidence and find solutions to today's and tomorrow's most urgent challenges. EY teams operate in a wide range of services: audit, consultancy, taxation, strategy and extraordinary operations. Powered by deep sector knowledge, a global multidisciplinary network and a diverse partner ecosystem, EY teams offer services in over 150 countries and territories.
#J-18808-Ljbffr
over 50 hours per year for each person; Career progression:
in the last 12 months, 65% of EY people have seen their careers recognized; Salary and Benefits:
with a wide range of company conventions, from gym to shopping, to free telemedicine and psychological support services; Mobility and international opportunities , including the possibility of working from abroad for up to 20 days without being on a business trip; Hybrid work
without centrally established days. Discover the Cybersecurity @Assurance team: For our Technology Risk team, within the Service Line of Assurance, we are looking for a
Senior Consultant - Offensive Security , you will be involved in advanced project activities of
penetration testing ,
Red Team operations ,
vulnerability assessment
and
real-world attack simulations . You will work closely with internal teams and clients to identify vulnerabilities, assess real risk and propose effective countermeasures. Your responsibilities will include: Planning and conducting penetration tests on infrastructures, web/mobile applications and industrial systems Executing Red Teaming campaigns and APT (Advanced Persistent Threat) attack simulations Targeted attacks with social engineering, phishing and physical intrusion techniques (if required) Developing custom exploits, payloads and evasion techniques Drafting technical and executive reports with evidence, risks and recommendations Mentoring junior figures and technical supervision of projects Collaborating with the Blue/Defensive team for Purple Teaming and detection improvement activities What we are looking for Degree in Computer Science, Engineering, Information Security or equivalent experience We will also evaluate profiles with a technical background (e.g. IT technician) and solid practical experience in the sector; At least 3 years of experience in cybersecurity, red teaming, vulnerability assessment or penetration testing, preferably in a consulting context; In-depth knowledge of major network protocols (TCP/IP, DNS, HTTP, SMTP, SMB, etc.) and ability to analyze network traffic and packets with tools like Wireshark or tcpdump; Excellent familiarity with Windows, Linux and Unix operating systems, with the ability to execute simulated attacks in hybrid and complex environments; Experience with penetration testing techniques and tools, vulnerability exploitation, privilege escalation, lateral movement and persistence (e.g. Metasploit, Cobalt Strike, Burp Suite, Nmap, BloodHound, etc.); Ability to write and understand scripts in languages like Python, Bash or PowerShell to support offensive activities; Skills in log analysis, events and anomalous behavior for identifying security gaps or potential attack vectors; Knowledge of the attack lifecycle according to frameworks like MITRE ATT&CK, NIST. Certifications
such as
OSCP, OSCE, OSEP, CRTP, CRTE, eXploit Development
or equivalent are highly appreciated. Nice to Have: Participation in CTF, bug bounty, projects, open source or technical communities; Experience with advanced evasion and bypass techniques (EDR/AV), or basic knowledge of exploit development; Familiarity with cloud environments (AWS, Azure, GCP) from an offensive security perspective. Location and work mode:
hybrid in Bari/Milan. What we offer at EY In EY, we help you develop future skills and live world-class experiences. You will have the opportunity to grow in a flexible environment and show your talent in a diversified and inclusive culture with connected global teams. You will have the opportunity to: participate in projects of all kinds for clients in all sectors; access over 450,000 hours of training to enhance your technical skills and personal talent; be supported by a Counselor in your professional path; enjoy a flexible policy and the possibility of working from abroad; access benefits and corporate welfare programs. EY promotes diversity, equity and inclusion, valuing uniqueness, regardless of age, gender, ability, experience, culture, sexual orientation, religion, disability and socio-economic background. All our job offers are addressed equally to people with disabilities, in compliance with Italian law L. 68/99. Our goal is to create a fair and accessible work environment. To ensure you have the best possible experience during the selection process, we ask you to indicate the necessary supports in relation to your potential disability. EY | Building a better working world EY is building a better working world, creating new value for clients, people, society and the planet, while strengthening trust in financial markets. Thanks to data, artificial intelligence and advanced technologies, EY teams help clients shape the future with confidence and find solutions to today's and tomorrow's most urgent challenges. EY teams operate in a wide range of services: audit, consultancy, taxation, strategy and extraordinary operations. Powered by deep sector knowledge, a global multidisciplinary network and a diverse partner ecosystem, EY teams offer services in over 150 countries and territories.
#J-18808-Ljbffr