EY
Cyber SDC - Attack & Penetration - Exp Staff - Consulting - Location OPEN
EY, Chicago, Illinois, United States, 60290
Job Title
Senior Consultant, Offensive Security – Cyber SDC (Attack & Penetration) – Consulting – Location Open – EY
Location Anywhere in Country
Employment Type Full-time
Seniority Level Mid‑Senior level
Job Summary As a Senior Consultant in Offensive Security within EY’s Service Delivery Center, you will lead and execute penetration testing, red‑team, and security assessment engagements for EY clients. You will collaborate with cross‑functional teams, develop mitigation strategies, and drive automation to strengthen clients’ security posture across the software development lifecycle.
Your Key Responsibilities
Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box), networks, cloud environments, hardware, and firmware.
Develop and execute red‑team and purple‑team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
Perform in‑depth penetration testing, create comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
Assist in configuring, managing, patching, and updating penetration testing software and supporting infrastructure.
Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.
Skills and Attributes for Success
5+ years of proven experience in penetration testing and offensive security.
Strong knowledge of automation tools and processes, particularly in the context of offensive and application security.
Excellent problem‑solving skills and the ability to manage multiple security projects simultaneously.
Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.
Qualifications
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Minimum of three years’ experience in incident response or performing penetration tests; OR a minimum of one year working in an electric utility in the area of generation, or transmission & distribution, performing penetration tests.
Extensive experience with manual attack and penetration testing, including web applications, networks, and cloud environments.
Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation of security tasks.
Knowledge of Windows, Linux, Unix, and other major operating systems.
Preferred Qualifications
Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open‑source project involvement.
Strong analytical skills with the ability to interpret complex information and communicate it effectively.
Active interest in staying updated on the latest cybersecurity threats and trends.
What We Offer
Continuous learning: develop the mindset and skills to navigate whatever comes next.
Success as defined by you: we’ll provide the tools and flexibility so you can make a meaningful impact, your way.
Transformative leadership: we’ll give you insights, coaching, and confidence to succeed in high‑performing teams.
Diverse and inclusive culture: you’ll be embraced for who you are and empowered to use your voice to help others find theirs.
Comprehensive compensation and benefits package: competitive base salary, medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
Hybrid work model: flexible in‑office participation (40–60% of the time) aligned with engagement or project requirements.
Under our flexible vacation policy, you’ll determine how much vacation time you need based on your personal circumstances.
Equal Employment Opportunity Statement EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and need assistance applying online or would like to request an accommodation, please contact 1‑800‑EY‑HELP3 or email ssc.customersupport@ey.com.
#J-18808-Ljbffr
Location Anywhere in Country
Employment Type Full-time
Seniority Level Mid‑Senior level
Job Summary As a Senior Consultant in Offensive Security within EY’s Service Delivery Center, you will lead and execute penetration testing, red‑team, and security assessment engagements for EY clients. You will collaborate with cross‑functional teams, develop mitigation strategies, and drive automation to strengthen clients’ security posture across the software development lifecycle.
Your Key Responsibilities
Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box), networks, cloud environments, hardware, and firmware.
Develop and execute red‑team and purple‑team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
Perform in‑depth penetration testing, create comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
Assist in configuring, managing, patching, and updating penetration testing software and supporting infrastructure.
Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.
Skills and Attributes for Success
5+ years of proven experience in penetration testing and offensive security.
Strong knowledge of automation tools and processes, particularly in the context of offensive and application security.
Excellent problem‑solving skills and the ability to manage multiple security projects simultaneously.
Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.
Qualifications
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Minimum of three years’ experience in incident response or performing penetration tests; OR a minimum of one year working in an electric utility in the area of generation, or transmission & distribution, performing penetration tests.
Extensive experience with manual attack and penetration testing, including web applications, networks, and cloud environments.
Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation of security tasks.
Knowledge of Windows, Linux, Unix, and other major operating systems.
Preferred Qualifications
Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open‑source project involvement.
Strong analytical skills with the ability to interpret complex information and communicate it effectively.
Active interest in staying updated on the latest cybersecurity threats and trends.
What We Offer
Continuous learning: develop the mindset and skills to navigate whatever comes next.
Success as defined by you: we’ll provide the tools and flexibility so you can make a meaningful impact, your way.
Transformative leadership: we’ll give you insights, coaching, and confidence to succeed in high‑performing teams.
Diverse and inclusive culture: you’ll be embraced for who you are and empowered to use your voice to help others find theirs.
Comprehensive compensation and benefits package: competitive base salary, medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
Hybrid work model: flexible in‑office participation (40–60% of the time) aligned with engagement or project requirements.
Under our flexible vacation policy, you’ll determine how much vacation time you need based on your personal circumstances.
Equal Employment Opportunity Statement EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and need assistance applying online or would like to request an accommodation, please contact 1‑800‑EY‑HELP3 or email ssc.customersupport@ey.com.
#J-18808-Ljbffr