EY Senior Penetration Tester / Red Team Operator 

Cyprus, Nicosia 

987744284

Your Key Responsibilities

This role focuses on various technical areas such as the execution of threat-led penetration testing, execution of red / purple team exercises and penetration testing of external and internal infrastructures, web applications, and mobile applications, architecture and configuration review, source code review, social engineering exercises, attack simulation exercises, and cloud and on-premises infrastructure assessments.

Your main responsibilities will be:

• Execution of threat-led penetration testing and red / purple team exercises by utilising well-known and established frameworks such as MITRE ATT&CK and TIBER-EU.
• Perform attack simulation exercises / threat-led penetration tests using well known Tactics, Techniques, and Procedures (TTPs) that cyber threat actors use to plan and execute cyber-attacks on business networks.
• Perform penetration tests on various platforms and technologies, such as external and internal infrastructures, web applications, and mobile applications, to identify security weaknesses and misconfigurations.
• Perform social engineering assessments (email phishing, vishing, physical access attacks) to simulate the theft of passwords, infiltrate systems, and download malware / ransomware to assess the security awareness and physical security controls of Organizations.
• Perform source code review to identify software vulnerabilities and detect malware or malicious embedded code.
• Perform cloud, server, network, and middleware security configuration assessments.
• Perform architecture reviews for cloud and on-premises IT environments.
• Collaborate with a team of cyber security specialists to maintain, develop, and update security testing methodologies.
• Prepare reports and present on vulnerabilities and exploitation techniques to client stakeholders.
• Coaching and developing team members through sharing of experience and knowledge.
• Develop constructive client relationships, both inside and outside EY.
• Keep up to date with the latest penetration testing techniques and the current threat landscape.
• Maintain knowledge about current security standards, systems, and authentication protocols.
• Provide awareness to clients’ staff about potential threats and cyber security best practices.

To qualify for the role, you should have:

• A BSc. degree in Computer Science, Cyber Security, Information Technology, or a related field.
• A MSc. degree in Information Security, Cyber Security or a related field will be considered an advantage.
• At least 3-4 years of experience in a relevant role.
• At least one professional qualification required: eCPPTv2, eCPTXv2, eWPTXv2, OSCP, CRTP, or other relevant qualification.
• Working experience preferred related to the execution of red / purple team exercises and / or penetration testing of web and mobile applications, internal and external infrastructure, execution of social engineering assessments.
• Strong understanding of offensive security frameworks such as MITRE ATT&CK and TIBER-EU.
• Experience with offensive security (red teaming) tooling such as Cobalt Strike, Empire, Havoc, Mythic, etc.
• Experience in setting up red teaming Command and Control (C2) infrastructure, including web / proxy servers, redirectors, domain fronting, etc.
• Experience in the development of malicious payloads, shellcodes, etc., and understanding of obfuscation and encryption techniques.
• Experience with at least one scripting language (e.g., Bash, PowerShell) and / or programming language (e.g., Python, C, C#, C++, Java, etc.).
• Able to understand basic networking concepts and Internet protocols (e.g., routing, TCP/IP, HTTP(S), SMTP, DNS, SSL/TLS, etc.).
• Understanding of industry recognized security testing standards, penetration testing methodology and attack simulation tools.
• Strong knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a multidisciplinary team.

Ideally you should also have:

• Experience in client service delivery and be able to manage multiple engagement teams and projects.
• Be a team player with good communication and interpersonal skills.
• Creative, independent with good problem-solving skills.
• Proactive, dedicated, innovative, resourceful, strong analytical and able to work under pressure.
• Excellent written and verbal communication skills in English, with the ability to present ideas and results to technical and non-technical audiences.

Skills and attributes for success

• Strong analytical and problem-solving skills.
• Strong drive to excel professionally, and to guide and motivate others.
• Advanced written and verbal communication skills.
• Dedicated, innovative, resourceful, analytical, and able to work under pressure.
• Foster an efficient, innovative, and team-oriented work environment.

EY offers an attractive remuneration package for rewarding both personal and team performance. We are committed to be an inclusive employer and are happy to consider flexible working arrangements. In addition, but not limited to our benefits include:

• 13th salary and yearly bonus
• Provident Fund
• Private Medical and Life Insurance
• Flexible working arrangements (hybrid work and flexible work schedule)
• Friday afternoon off
• EY Tech MBA and EY MSc in Business Analytics
• EY Badges - digital learning certificates
• Mobility programs (if interested to work abroad)
• Paid Sick Leave
• Paid Paternity Leave
• Yearly wellbeing days off
• Maternity, Wedding, and New Baby Gifts
• EY Employee Assistance Program (EAP) (counselling, legal and financial consultation services)

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Apply Now.