Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior Consultant – Attack & Penetration Testing
Company Ernst & Young
Location Remote
Preferred GIAC Certifications GPEN, GXPN, GWAPT
Travel 50%
Salary Not provided
Contact Name Anthony Switzer
Contact Email anthony.switzer/at/
Expires 2021-05-16

Job Description

As part of our Vulnerability Identification team, you’ll identify potential threats and vulnerabilities to operational environments. Projects here could include penetration testing and simulating physical breaches to identify vulnerabilities.

Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

Your key responsibilities
• Perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing.
• Execute red team scenarios to highlight gaps impacting organizations security postures.
• Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.
• Provide technical leadership and advise to junior team members on attack and penetration test engagements.
• Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Convey complex technical security concepts to technical and non-technical audiences including executives.

To qualify for the role you must have
• A minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.
• Experience with manual attack and penetration testing.
• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc).
• Updated and familiarized with the latest exploits and security trends.
• Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
• Familiarity to perform network penetration testing in stealth manner.
• Any two of the following certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
• A driver’s license valid in the U.S
• Willingness and ability to travel domestically and internationally to meet client needs. Estimated travel required up to 50%.

Ideally, you’ll also have
• Knowledge of Windows, Linux, Unix, any other major operating systems.
• Deep understanding of TCP/IP network protocols.
• Deep understanding and experience with various Active Directory attack techniques.
• Understanding of network security and popular attacks vectors.
• An understanding of web-based application vulnerabilities (OWASP Top 10).