EY-Cyber Security-Offensive Security-Manager

EY Cyber Security Manager Offensive Security

Job Listing Detail

At EY youll have the chance to build a career as unique as you are with the global scale support inclusive culture and technology to become the best version of you. Were counting on your unique voice and perspective to help EY become even better too. Join us and build an exceptional experience for yourself and a better working world for all.

The Opportunity

Were looking for a Manager in our Cyber Security team with a strong focus on Offensive Security Red Teaming Cloudnative VAPT and DevSecOps security assurance. Exposure to AI ML and GenAI security assessments is considered a desirable and goodtohave capability as organizations increasingly adopt AIenabled technologies.

As part of our Cyber Technology Consulting practice you will play a key role in leading and delivering offensive security services to clients across the MENA region. You will work with leading organizations across sectors including Financial Services Government & Public Sector Energy Telecom Healthcare and Digital-native enterprises helping them proactively identify vulnerabilities simulate advanced adversaries and strengthen their cyber resilience.

This role offers a unique opportunity to operate at the intersection of deep technical expertise strategic advisory and large-scale transformation while contributing to the growth of our Offensive Security competency.

Your Key Responsibilities

Client Delivery And Engagement Management

• Lead and deliver end-to-end offensive security engagements including:
• Network and infrastructure penetration testing
• Web and mobile application security testing
• API security assessments (REST SOAP GraphQL microservices)
• Cloud security testing across AWS Azure and GCP
• Plan and execute red team / adversary simulation / assumed breach exercises emulating real-world threat actors to test organizational detection and response capabilities.
• Execute and oversee purple teaming engagements enabling alignment between offensive findings and defensive improvements (SOC detection engineering incident response).

• Conduct and lead cloud offensive security assessments and validate effectiveness of controls across all layers and workloads within AWS Azure and GCP including IAM network storage container serverless and DevSecOps pipeline components.
• Assess cloud misconfigurations identity abuse paths privilege escalation scenarios insecure pipeline configurations exposed secrets and lateral movement techniques across hybrid and cloud native environments.
• Perform penetration testing and security assessments of cloud native architectures APIs microservices Kubernetes infrastructure as code container images and CI/CD pipelines to identify weaknesses across the secure software delivery lifecycle.

• Assess and validate CSPM / CNAPP controls identifying configuration gaps privilege escalation paths and exposure risks in cloud-native environments.
• Deliver AI/GenAI security assessments including (Desirable / GoodtoHave):
• Prompt injection and adversarial input risks
• Model misuse and abuse scenarios
• Data leakage and insecure integration risks
• AI governance and secure deployment considerations
• Translate technical vulnerabilities into business risk insights including attack paths impact analysis and prioritized remediation strategies.

Stakeholder Engagement And Advisory

• Serve as a trusted advisor to CISOs CIOs security leaders and engineering teams articulating security risks in a business-relevant and outcome-driven manner.
• Present complex offensive security findings to both technical and executive audiences tailoring messaging appropriately.
• Support clients in developing offensive security roadmaps maturity models and remediation programs aligned to leading practices.

Practice And Capability Development

• Contribute to building the Offensive Security practice including:
  • Development of methodologies testing playbooks and accelerators
  • Creation of reusable assets and frameworks
  • Standardization of delivery approaches and quality benchmarks
• Support go-to-market initiatives thought leadership and client pursuits:
  • RFP/RFI responses
  • Solution positioning and capability presentations
  • Market-facing content development (whitepapers POVs)
• Stay ahead of evolving threat landscape including:
  • Advanced attacker techniques and exploit trends
  • API and cloud-native attack vectors
  • AI/ML security risks and emerging vulnerabilities

People Leadership And Team Development

• Manage and mentor a team of consultants and senior consultants fostering:
  • Deep technical capability in offensive security domains
  • High-quality delivery and reporting standards
  • Continuous learning and certification progression
• Provide performance feedback coaching and career guidance aligned with firm values.
• Build a collaborative high-performance culture within the Offensive Security team.

Skills and Attributes for Success

• Strong hands-on expertise in offensive security methodologies including penetration testing exploit development adversary simulation and attack path analysis.
• Deep understanding of:
  • OWASP Top 10 and API Security Top 10
  • Authentication and authorization mechanisms (OAuth JWT SSO etc.)
  • Business logic vulnerabilities and modern application architectures
• Proven experience in API security testing and microservices environments.
• Strong working knowledge of cloud security risks including:
  • Misconfigurations IAM weaknesses secrets exposure lateral movement
  • Cloud-native architectures and shared responsibility model
• Familiarity with CSPM CNAPP and CIEM concepts and their practical implementation.
• Awareness of AI security risks including adversarial attack techniques prompt injection and model governance concerns.
• Strong analytical and problem-solving ability with attention to detail.
• Ability to convert complex technical findings into clear risk-based narratives.
• Excellent communication stakeholder management and consulting skills.
• Proven ability to manage multiple engagements in parallel with strong quality and delivery discipline.

To Qualify for the Role You Must Have

• A bachelors or masters degree in cyber security Information Technology Computer Science or related discipline.
• 1014 years of experience in Cyber Security with strong focus on Offensive Security and advanced VAPT.
• Strong knowledge of OWASP Top 10 OWASP API Security SANS Top 25 and MITRE ATT&CK.
• Hands-on experience delivering:
  • VAPT engagements across network application API and cloud layers
  • Red team / adversary simulation exercises
  • Cloud security assessments
  • Proven experience delivering Red Team Cloud native penetration testing and DevSecOps security validation engagements across modern engineering environments.
  • Hands on experience testing AWS Azure or GCP environments modern application stacks CI/CD platforms containerized workloads and infrastructure as code implementations.
• Experience working in a consulting or professional services environment managing clients and engagements.
• Strong reporting documentation and presentation skills.
• Proven ability to work in global and cross-cultural environments.
• Willingness and flexibility to travel across the MENA region as required.
• Relevant certifications such as OSCP OSEP OSCE CRTO GWAPT GPEN or equivalent.

Experience in:

• Advanced red teaming and purple teaming engagements
• API security and cloud offensive security
• AI/LLM application security testing
• DevSecOps and CI/CD pipeline security
• Container and Kubernetes security

Exposure to:

• BAS tools and attack simulation platforms
• EDR/XDR validation and detection engineering
• Regulatory and industry frameworks relevant to MENA

What We Look For

We are looking for individuals who bring:

• A growth mindset and passion for offensive security
• The ability to balance deep technical expertise with business acumen
• Strong client-centricity and relationship-building capability
• A collaborative approach to problem-solving and innovation
• A commitment to quality integrity and continuous improvement