EY Cybersecurity - Threat Management Detection 

Canada, Ontario, Toronto 

500614212

Your Key Responsibilities

As an experienced Senior Penetration Tester your primary focus with be performing offensive security engagements including, but not limited to, penetration testing (Infrastructure and Application), Red Team assessments, Social Engineering assessments, and Adversary Simulation. The focus of these assessment will be to emulate various real-world threats and threat actors attempting to gain access to enterprise networks and achieve a set of defined objectives, such as obtaining domain admin privileges, gaining access to sensitive information, or simulating a ransomware attack. You will be responsible for remaining up to date on current threat intelligence and threat actor groups, along with their techniques/tools, to replicate during client engagements.

Additional responsibilities include identifying and exploiting vulnerabilities in enterprise networks, application, and cloud environments using both off-the-shelf and in-house built tools, including both automated and manual approaches. Development of custom exploits to bypass security measure in place or exploit vulnerabilities where proof-of-concept/public exploits may not be available. Development of detailed reports and presentations for variously clients across many industries for both executive and technical audiences.

Client Responsibilities

• Demonstrate in-depth technical capabilities and professional knowledge with the ability to assimilate new knowledge quickly and in fast paced environments.
• Demonstrate and apply a thorough understanding of complex information systems.
• Use knowledge of current cybersecurity industry trends to identify new exploits, attack vectors, and vulnerabilities, and communicate this information to the engagement team and client management through written correspondence and verbal presentations.
• Lead client calls and discussions with both the executives and technical team members with a demonstrated ability to communicate technical observations concisely to executive leadership while effectively describing the risk impact to the organization.

People Responsibilities

• Contribute to people-related initiatives, including development, coaching, recruiting, training, and retaining staff.
• Maintain an educational program to continually develop the personal skills of yourself and other operators.
• Understand and follow workplace policies and procedures.

Skills and Attributes for Success

Desired qualifications include:

• Undergraduate or masters’ degree preferably in one of the following areas: Information Systems Security, Computer Science, Computer Engineering, or other related majors.
• 5+ years of recent offensive security experience (internal, external, and application penetration testing, red teaming, adversary simulations, social engineering, etc.).
• Extensive and proven practical experience conducting penetration tests and red team assessments.
• Possession of certifications such as OSCP/OSCP+, OSWE, OSEP, OSED, OSEE, etc.
• Experience in working independently or as part of a large team to deliver offensive security services as standalone deliverables or within large, complex projects.
• Experience writing and analyzing complex code related to exploit development and analysis.
• Expertise in developing malware and custom tooling that remains undetected by enterprise endpoint protections.
• Experience with performing manual and automated OSINT collection and organizing findings
• Strong knowledge of modern offensive security tools and frameworks, such as Kali/Parrott (or other Linux distributions) and their associated toolkits, Bloodhound, nmap, BurpSuite, Impacket,
• Metasploit, Responder, Tenable/Qualys, Wireshark, SQLMap, Hashcat, Aircrack suite, various C2’s etc.
• Familiarity with all stages in the MITRE ATT&CK Framework.
• Excellent interpersonal, written, verbal, communication, and presentation skills.
• Excellent analytical skills and knowledge of data analytics methods.
• Demonstrated leadership abilities.