Location: Taguig Date: Mar 7, 2025 Requisition ID: 1563372 At EY, you’ll have the chance to build a career as unique as you are. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our Cyber Security team, you shall perform penetration testing including internet, intranet, wireless, web application, social engineering, and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks, and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing, and reporting while adhering to the agreed scope and deadlines. Perform penetration testing including Network, web application, Mobile app (both Android & i OS), APIs, Cloud Security, Thick Client application, wireless, social engineering, and physical penetration testing. Execute penetration testing projects using the established methodology, tools, and rules of engagements. Execute red team assessments to highlight gaps impacting organizations' security postures. Identify and exploit security vulnerabilities in a wide array of systems in various situations. Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks, and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep up to date with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams. Utilize tools such as Burp Suite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills and attributes for success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments. Good to have knowledge in AI in pentest. Understanding of TCP/IP network protocols. Understanding of network security and popular attack vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory, and 802.1x penetration testing. Strong understanding of security principles, policies, and industry best practices. Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B. Tech/ MCA or equivalent. Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application, Mobile app (Android & i OS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, e CPTX, or e WPTX. Knowledge of Windows, Linux, UNIX, and other major operating systems.3-9 years of work experience in Strategy and Operations projects. Team management skills are preferred. Conduct technical discussions and perform technical quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel, and Power Point skills. What we look for Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering, and physical penetration testing and provide analysis for the testing results. What working at EY offers At EY, we’re dedicated to helping our clients, from start-ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Support, coaching, and feedback from some of the most engaging colleagues around. Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you. About EYAs a global leader in Assurance, Tax, Strategy & transactions and Consulting services, we’re using the finance products, expertise, and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities, and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now EY | Building a better working world
#J-18808-Ljbffr