EY
Cyber SDC - Attack & Penetration - Exp Staff - Consulting - Location OPEN
EY, San Diego, California, United States, 92189
Cyber SDC - Attack & Penetration - Exp Staff - Consulting - Location OPEN
Location: Anywhere in Country
At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help build a better working world.
Senior Consultant – Offensive Security (Service Delivery Center) As a Senior Consultant in Offensive Security within our Service Delivery Center, you will play a pivotal role in enhancing our clients' security posture through proactive threat assessments and vulnerability management. You will lead and collaborate with a team of cybersecurity professionals to implement and manage offensive security initiatives, ensuring that security measures are integrated throughout the software development lifecycle while optimizing service delivery processes.
The opportunity In this role, you will manage and execute penetration testing, red teaming, and security assessments for our clients. You will work closely with cross‑functional teams to identify vulnerabilities, develop mitigation strategies, and ensure that security practices align with industry standards. Your expertise will drive the team’s efforts in automating security processes and help our clients build a more secure working world.
Your Key Responsibilities
Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box), networks, cloud environments, hardware, and firmware.
Develop and execute red team and purple team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
Produce comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
Configure, maintain, patch, and update penetration testing software and supporting infrastructure to ensure optimal performance and security.
Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.
Skills and Attributes for Success
Proven experience in penetration testing and offensive security practices (5+ years).
Strong knowledge of automation tools and processes in offensive and application security.
Excellent problem‑solving skills and the ability to manage multiple security projects simultaneously.
Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.
To qualify for the role, you must have
Bachelor’s degree in computer science, information technology, cybersecurity, or related field.
Minimum of 3 years’ experience in incident response or penetration testing; or at least 1 year working in an electric utility in generation, transmission & distribution performing penetration tests.
Extensive experience with manual attack and penetration testing of web applications, networks, and cloud environments.
Proficiency in scripting languages (Python, Bash, PowerShell) for automation of security tasks.
Knowledge of Windows, Linux, Unix, and other major operating systems.
Ideally, you’d also have
Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open‑source project involvement.
Strong analytical skills for interpreting complex information and communicating effectively.
Active interest in staying updated on the latest cybersecurity threats and trends, promoting continual learning and adaptation.
What We Look For We seek top performers who possess a strong passion and foundation in cybersecurity principles and practices, along with relevant certifications and experience. A proactive mindset, high‑performing team building, adaptability to evolving threats, and a commitment to continuous learning are critical attributes. Ultimately, we look for motivated individuals committed to safeguarding digital assets and fostering a culture of security awareness.
What We Offer
Continuous learning: develop the mindset and skills to navigate whatever comes next.
Success as defined by you: tools and flexibility to make a meaningful impact, your way.
Transformative leadership: insights, coaching, and confidence to succeed in high‑performing teams.
Diverse and inclusive culture: embraced for who you are and empowered to use your voice.
Compensation & Benefits Base salary range: $61,200 to $100,500 (all geographic locations in the U.S.). For New York City Metro Area, Washington State and California (excluding Sacramento): $73,100 to $113,500. Total rewards include medical and dental coverage, pension and 401(k) plans, and paid time off.
Additional benefits: hybrid work model, flexible vacation policy, paid holidays, and support for your personal and professional development.
Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities.
Apply Today EY accepts applications for this position on an ongoing basis.
#J-18808-Ljbffr
At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help build a better working world.
Senior Consultant – Offensive Security (Service Delivery Center) As a Senior Consultant in Offensive Security within our Service Delivery Center, you will play a pivotal role in enhancing our clients' security posture through proactive threat assessments and vulnerability management. You will lead and collaborate with a team of cybersecurity professionals to implement and manage offensive security initiatives, ensuring that security measures are integrated throughout the software development lifecycle while optimizing service delivery processes.
The opportunity In this role, you will manage and execute penetration testing, red teaming, and security assessments for our clients. You will work closely with cross‑functional teams to identify vulnerabilities, develop mitigation strategies, and ensure that security practices align with industry standards. Your expertise will drive the team’s efforts in automating security processes and help our clients build a more secure working world.
Your Key Responsibilities
Lead, scope, and execute penetration testing projects, including web applications (black box, white box, and gray box), networks, cloud environments, hardware, and firmware.
Develop and execute red team and purple team scenarios to identify gaps in organizational security postures and provide actionable recommendations.
Produce comprehensive reports detailing findings, exploitation procedures, risks, and recommendations.
Stay current with emerging security threats, vulnerabilities, and industry best practices, and promote continual learning within the team.
Configure, maintain, patch, and update penetration testing software and supporting infrastructure to ensure optimal performance and security.
Contribute to the creation and updating of operational metrics for client meetings, providing insights into tool performance and security findings.
Skills and Attributes for Success
Proven experience in penetration testing and offensive security practices (5+ years).
Strong knowledge of automation tools and processes in offensive and application security.
Excellent problem‑solving skills and the ability to manage multiple security projects simultaneously.
Effective communication skills to liaise with clients and internal stakeholders, translating complex technical concepts into understandable terms.
To qualify for the role, you must have
Bachelor’s degree in computer science, information technology, cybersecurity, or related field.
Minimum of 3 years’ experience in incident response or penetration testing; or at least 1 year working in an electric utility in generation, transmission & distribution performing penetration tests.
Extensive experience with manual attack and penetration testing of web applications, networks, and cloud environments.
Proficiency in scripting languages (Python, Bash, PowerShell) for automation of security tasks.
Knowledge of Windows, Linux, Unix, and other major operating systems.
Ideally, you’d also have
Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM, etc.
Contributions to the security community, including research, public CVE disclosures, bug bounty acknowledgments, and open‑source project involvement.
Strong analytical skills for interpreting complex information and communicating effectively.
Active interest in staying updated on the latest cybersecurity threats and trends, promoting continual learning and adaptation.
What We Look For We seek top performers who possess a strong passion and foundation in cybersecurity principles and practices, along with relevant certifications and experience. A proactive mindset, high‑performing team building, adaptability to evolving threats, and a commitment to continuous learning are critical attributes. Ultimately, we look for motivated individuals committed to safeguarding digital assets and fostering a culture of security awareness.
What We Offer
Continuous learning: develop the mindset and skills to navigate whatever comes next.
Success as defined by you: tools and flexibility to make a meaningful impact, your way.
Transformative leadership: insights, coaching, and confidence to succeed in high‑performing teams.
Diverse and inclusive culture: embraced for who you are and empowered to use your voice.
Compensation & Benefits Base salary range: $61,200 to $100,500 (all geographic locations in the U.S.). For New York City Metro Area, Washington State and California (excluding Sacramento): $73,100 to $113,500. Total rewards include medical and dental coverage, pension and 401(k) plans, and paid time off.
Additional benefits: hybrid work model, flexible vacation policy, paid holidays, and support for your personal and professional development.
Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities.
Apply Today EY accepts applications for this position on an ongoing basis.
#J-18808-Ljbffr