Attack & Penetration Testing - Senior
As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
Your key responsibilities
- Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
- Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing.
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Execute red team assessments to highlight gaps impacting organizations security postures.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
- Convey complex technical security concepts to technical and non-technical audiences including executives.
- Perform technical quality reviews and conduct technical conversations directly with clients.
- Keep uptodate with the latest techniques and concepts.
- Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams
- Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing.
- Understanding and experience with Active Directory attacks.
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
- Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization.
- Support SDLC and agile environments with application security testing and source code reviews.
- Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development.
- Provide technical expertise and guidance to clients on remediation strategies and security best practices.
Skills and attributes for success
- In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments
- Good to have knowledge in AI in pentest
- Understanding of TCP/IP network protocols.
- Understanding of network security and popular attacks vectors.
- Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing
- Strong understanding of security principles, policies, and industry best practices
- Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results.
- Excellent communication and presentation skills, both written and verbal.
- Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums.
- Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead.
To qualify for the role, you must have
- BE/ B.Tech/ MCA or equivalent
- Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments.
- One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX
- Knowledge of Windows, Linux, UNIX, any other major operating systems.
- 3-9 years of work experience in Strategy and Operations projects
- Team management skills are preferred.
- Conduct technical discussions and perform technical Quality reviews.
- Familiarity with OWASP methodologies and application security vulnerabilities.
- Exceptional ability to educate and guide application developers in security best practices.
- Excellent communication, presentation, and interpersonal skills.
- Strong Word, Excel and PowerPoint skills.
Ideally, you’ll also have
- Project management skills
- Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT.
What we look for
- Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results.
At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
- Support, coaching and feedback from some of the most engaging colleagues around
- Opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.