TC-CS-CTM-Pen testing-Senior

Attack & Penetration Testing - Senior

As part of our Cyber Security team you shall perform penetration testing which includes internet intranet wireless web application social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings exploitation procedures risks and recommendations.

The opportunity

Were looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering.

Your key responsibilities

• Lead engagements from kickoff with clients through scoping engagements penetration testing and reporting while adhering to the agreed scope and deadlines.
• Perform penetration testing which includes Network web application Mobile app (both Android & iOS) APIs Cloud Security Thick Client application wireless social engineering physical penetration testing.
• Execute penetration testing projects using the established methodology tools and rules of engagements.
• Execute red team assessments to highlight gaps impacting organizations security postures.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings exploitation procedures risks and recommendations.
• Convey complex technical security concepts to technical and non-technical audiences including executives.
• Perform technical quality reviews and conduct technical conversations directly with clients.
• Keep uptodate with the latest techniques and concepts.
• Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
• Utilize tools such as BurpSuite Nessus Nmap Kali Linux and Nessus for effective vulnerability assessment and penetration testing.
• Understanding and experience with Active Directory attacks.
• Stay up-to-date with the latest security threats vulnerabilities and best practices in vulnerability management. Knowledge of AI in Pentest TCP/IP OSI Layer IPv4 & IPv6 Network Protocols and Wireless Communication skills preferred.
• Working knowledge with any scripting languages (e.g. Python Perl PHP Ruby) to develop automated solutions that mitigate risks throughout the organization.
• Support SDLC and agile environments with application security testing and source code reviews.
• Serve as a mentor and guide to junior pen testers sharing your knowledge skills and best practices to nurture their growth and development.
• Provide technical expertise and guidance to clients on remediation strategies and security best practices.

Skills and attributes for success

• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
• Good to have knowledge in AI in pentest
• Understanding of TCP/IP network protocols.
• Understanding of network security and popular attacks vectors.
• Experience with Operation Technology / Internet of Things Cloud technologies (AWS Azure GCP) Active Directory and 802.1x penetration testing
• Strong understanding of security principles policies and industry best practices
• Proven ability to lead client engagements build strong client relationships and deliver exceptional results.
• Excellent communication and presentation skills both written and verbal.
• Demonstrated thought leadership in the cybersecurity field through publications speaking engagements or contributions to industry forums.
• Exceptional problem-solving skills strategic thinking and the ability to influence and lead.

To qualify for the role you must have

• BE/ MCA or equivalent
• Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network web application Mobile app (Android & iOS) Thick client APIs wireless social engineering physical and Red Team assessments.
• One of the following certifications: OSCP OSCE OSEP OSWE CREST CRTE eCPTX or eWPTX
• Knowledge of Windows Linux UNIX any other major operating systems.
• 3-9 years of work experience in Strategy and Operations projects
• Team management skills are preferred.
• Conduct technical discussions and perform technical Quality reviews.
• Familiarity with OWASP methodologies and application security vulnerabilities.
• Exceptional ability to educate and guide application developers in security best practices.
• Excellent communication presentation and interpersonal skills.
• Strong Word Excel and PowerPoint skills.

Ideally youll also have

• Project management skills
• Certifications: OSCP OSCE CRTP CRTO CISSP GPEN GWAPT.

What we look for

• Who can perform penetration testing which includes internet intranet wireless web application social engineering and physical penetration testing and provide analysis for the testing results.

What working at EY offers

At EY were dedicated to helping our clients from startups to Fortune 500 companies and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus we offer:

• Support coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way thats right for you