Requisition ID: 1648472
At EY, we’re all in to shape your future with confidence.
We’ll help you succeed in a globally connected powerhouse of diverse teams and
take your career wherever you want it to go.
Join EY and help to build a better working world.
EY's people in more than 150 countries are committed to operating with
integrity, quality and professionalism in the provision of audit, tax,
transaction and advisory services. We strive to help all our people achieve
their professional and personal goals through an inclusive environment that
values everyone's contributions, appreciates diversity of thought, fosters
growth, and provides continuous opportunities for development. Recognized as
one of Canada's top employers, EY continually strives to be a great place to
work.
• *The Opportunity**
With rapidly changing cybersecurity threats, clients from all industries look
to us for trusted solutions for their increasingly complex risks. EY’s
Offensive Security team is a highly skilled technical team dedicated to
replicating the tactic, techniques and procedures used by new and emerging
threat actors while utilizing them to provide quality insights to client
engagements. The team places a strong emphasis on continuous learning and
personal growth for each member in an ever-evolving industry.
We are actively seeking an experienced/advanced Senior Penetration Tester to
join our Offensive Security team. You’ll work and collaborate with a highly
skilled technical team of likeminded individuals dedicated to performing
offensive security operations, ranging from infrastructure penetration
testing, web application security assessments, and full-scope red team
assessments with a focus on covertly obtaining and maintaining access to
enterprise networks. As a member, you'll develop, deliver, and lead
cybersecurity client engagements as well as internal development projects.
• *Your Key Responsibilities**
As an experienced Senior Penetration Tester your primary focus with be
performing offensive security engagements including, but not limited to,
penetration testing (Infrastructure and Application), Red Team assessments,
Social Engineering assessments, and Adversary Simulation. The focus of these
assessment will be to emulate various real-world threats and threat actors
attempting to gain access to enterprise networks and achieve a set of defined
objectives, such as obtaining domain admin privileges, gaining access to
sensitive information, or simulating a ransomware attack. You will be
responsible for remaining up to date on current threat intelligence and threat
actor groups, along with their techniques/tools, to replicate during client
engagements.
Additional responsibilities include identifying and exploiting vulnerabilities
in enterprise networks, application, and cloud environments using both off-
the-shelf and in-house built tools, including both automated and manual
approaches. Development of custom exploits to bypass security measure in place
or exploit vulnerabilities where proof-of-concept/public exploits may not be
available. Development of detailed reports and presentations for variously
clients across many industries for both executive and technical audiences.
• *Client Responsibilities**
• Demonstrate in-depth technical capabilities and professional knowledge with the ability to assimilate new knowledge quickly and in fast paced environments.
• Demonstrate and apply a thorough understanding of complex information systems.
• Use knowledge of current cybersecurity industry trends to identify new exploits, attack vectors, and vulnerabilities, and communicate this information to the engagement team and client management through written correspondence and verbal presentations.
• Lead client calls and discussions with both the executives and technical team members with a demonstrated ability to communicate technical observations concisely to executive leadership while effectively describing the risk impact to the organization.
• *People Responsibilities**
• Contribute to people-related initiatives, including development, coaching, recruiting, training, and retaining staff.
• Maintain an educational program to continually develop the personal skills of yourself and other operators.
• Understand and follow workplace policies and procedures.
• *Skills and Attributes for Success**
Desired qualifications include:
• Undergraduate or masters’ degree preferably in one of the following areas: Information Systems Security, Computer Science, Computer Engineering, or other related majors.
• 5+ years of recent offensive security experience (internal, external, and application penetration testing, red teaming, adversary simulations, social engineering, etc.).
• Extensive and proven practical experience conducting penetration tests and red team assessments.
• Possession of certifications such as OSCP/OSCP+, OSWE, OSEP, OSED, OSEE, etc.
• Experience in working independently or as part of a large team to deliver offensive security services as standalone deliverables or within large, complex projects.
• Experience writing and analyzing complex code related to exploit development and analysis.
• Expertise in developing malware and custom tooling that remains undetected by enterprise endpoint protections.
• Experience with performing manual and automated OSINT collection and organizing findings
• Strong knowledge of modern offensive security tools and frameworks, such as Kali/Parrott (or other Linux distributions) and their associated toolkits, Bloodhound, nmap, BurpSuite, Impacket,
• Metasploit, Responder, Tenable/Qualys, Wireshark, SQLMap, Hashcat, Aircrack suite, various C2’s etc.
• Familiarity with all stages in the MITRE ATT&CK Framework.
• Excellent interpersonal, written, verbal, communication, and presentation skills.
• Excellent analytical skills and knowledge of data analytics methods.
• Demonstrated leadership abilities.
• *What We Look For**
In addition to the above skills and attributes, we’re interested in
intellectually curious people with a genuine passion for cybersecurity. If you
have the confidence in your technical abilities to grow into a leading expert
here, this is the role for you.
• *Inclusiveness at EY **
Diversity and inclusiveness are at the heart of who we are and how we work.
We’re committed to fostering an environment where differences are valued,
policies and practices are equitable, and our people feel a sense of
belonging. We embrace diversity and are committed to combating systemic
racism, advancing gender equity and women in leadership, advocating for the
2SLGBTQIA+ community, promoting our neuroinclusion and accessibility
initiatives, and are dedicated to amplifying the voices of Indigenous peoples
(First Nations, Inuit, and Métis) nationally as we strive towards
reconciliation. Our diverse experiences, abilities, backgrounds, and
perspectives make our people unique and help guide us. Because when people
feel free to be their authentic selves at work, they bring their best and are
empowered to build a better working world.
• *EY | Building a better working world **
EY is building a better working world by creating new value for clients,
people, society and the planet, while building trust in capital markets.
Enabled by data, AI and advanced technology, EY teams help clients shape the
future with confidence and develop answers for the most pressing issues of
today and tomorrow.
EY teams work across a full spectrum of services in assurance, consulting,
tax, strategy and transactions. Fueled by sector insights, a globally
connected, multi-disciplinary network and diverse ecosystem partners, EY teams
can provide services in more than 150 countries and territories.
