EY is hiring a Penetration Testing Senior to join our Cyber Security team. You will perform a wide range of assessments, including network, web application, mobile, wireless, social engineering, and physical penetration tests. You'll lead client engagements from kickoff through scoping, testing, and reporting, conveying complex security findings to both technical and executive audiences.
What You'll Do
- Lead client engagements from kickoff through scoping, testing, and reporting, adhering to agreed scope and deadlines.
- Perform diverse penetration testing: Network, web application, Mobile app (Android & iOS), APIs, Cloud Security, Thick Client, wireless, social engineering, and physical assessments.
- Execute red team assessments to highlight security posture gaps.
- Identify and exploit security vulnerabilities across a wide array of systems.
- Analyze results and create detailed reports describing findings, exploitation procedures, risks, and recommendations.
- Convey complex technical security concepts to technical and non-technical audiences, including executives.
- Perform technical quality reviews and conduct technical conversations directly with clients.
- Stay current with the latest techniques, concepts, and security threats.
- Confidently apply knowledge of OWASP Top 10 and SANS Top 25 vulnerabilities.
- Utilize tools such as BurpSuite, Nessus, Nmap, and Kali Linux.
- Apply understanding and experience with Active Directory attacks.
- Use scripting languages (e.g., Python, Perl, PHP, Ruby) for automation.
- Support SDLC and agile environments with application security testing and source code reviews.
- Serve as a mentor and guide to junior penetration testers.
- Provide technical expertise and guidance to clients on remediation strategies.
What We're Looking For
- BE/ B.Tech/ MCA or equivalent degree.
- Minimum of 3 years of work experience in penetration testing, covering at least three of these: Network, web application, Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical, and Red Team assessments.
- One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX.
- Knowledge of Windows, Linux, UNIX, or other major operating systems.
- 3-9 years of work experience in Strategy and Operations projects.
- Ability to conduct technical discussions and perform technical Quality reviews.
- Familiarity with OWASP methodologies and application security vulnerabilities.
- Exceptional ability to educate and guide application developers in security best practices.
- Excellent communication, presentation, and interpersonal skills.
- Strong Word, Excel, and PowerPoint skills.
Nice to Have
- Knowledge in AI in pentest.
- Team management skills.
- Project management skills.
- Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.
Technical Stack
- Tools: BurpSuite, Nessus, Nmap, Kali Linux
- Scripting: Python, Perl, PHP, Ruby
- Knowledge of AI in Pentest
- Networking: TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols, Wireless Communication, 802.1x
- Systems: Active Directory, Operation Technology / Internet of Things
- Cloud: AWS, Azure, GCP
Benefits & Compensation
- Support, coaching, and feedback from highly engaging colleagues.
- Opportunities to develop new skills and progress your career.
- The freedom and flexibility to handle your role in a way that’s right for you.
- Work on inspiring and meaningful projects.
- A focus on education and coaching alongside practical experience for personal development.
- Individual progression plan to control your own development.
- Quick growth into a responsible role with challenging assignments.
- An interdisciplinary environment emphasizing high quality and knowledge exchange.
EY is an equal opportunity employer committed to building a better working world.
