EY is looking for experienced professionals who can deliver penetration tests in line with the NCSC and CREST accredited schemes.
This role focuses on contributing to some of our most demanding and challenging technical opportunities in security consulting to make a meaningful impact across different sectors.
You will also be expected to take a supporting role in building out EY’s attack and penetration testing capability, working with alliance partners and advise clients on the current market trends.
The role will see you providing specialist advice as part of large multi-discipline EY engagement teams working on the likes of simulated attack assessments, penetration tests and incident response.
You will work with colleagues in the UK, EMEIA and globally to develop new and innovative penetration testing solutions and sector-specific industry propositions that solve client problems / issues and integrate with their overall IT delivery and support strategy.
In addition to the above, you will have an opportunity work across all aspects of Cyber, Technology and business solutions.
Your key responsibilities
Your responsibilities will include but are not limited to :
Work across a portfolio of penetration testing engagements with our clients, responsible for the day to day delivery of engagements contributing to the achievement of quality, time and budget targets
Conduct external / internal / wireless network assessments, web and mobile application testing, red and purple teaming, assumed breach assessments, source code reviews and network security architecture reviews
Use formal project management skills in planning, tracking, and reporting on project progress
Financial and quality risk management procedures for client engagements
Work with prospective clients on the planning and delivery phase of engagements
Create high quality reports as part of a team, for review by engagement and project leaders
Identify sales opportunities and work with senior practice leaders and market leaders in the creation of proposals and marketing material
Lead and develop junior team members by sharing knowledge, acting as mentor and coach to them and leading by example
Contribute to building client proposals and presentations
Skills and attributes for success
Be professional, quickly establishing personal credibility and demonstrating expertise
Be a good communicator with the ability to contribute assuredly to technical security discussions with peers and management
Be a team player who is not only looking to enhance their own career but recognises the value of teamwork, facilitating and encouraging collaboration amongst team members
Take a practical approach to solving issues and gaining client agreement
Be able to analyse complex problems and to deliver insightful, practical and sustainable solutions
Be confident and effective in recognising and managing potential issues during client assignments
Structure and manage projects which meet client expectations and mitigate any risks or issues
Ideally, you’ll also have
A degree in computer security, computer science, or equivalent
Related qualifications such as CREST CCT Infrastructure / Application, CRTE, eCPTX, eWPTX, OSCP, OSCE, OSEP, OSWE etc.
Demonstrable flair for technical writing, including engagement reports, presentations and operating procedures
Ability to communicate detailed technical information to a non-technical audience clearly
Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
Experience with Research and Development
Strong understanding of security principles, policies, and industry best practices
Good understanding of enterprise security controls in Active Directory / Windows environments
UK Government Security Clearance the ability