Senior Consultant - Cybersecurity Penetration Tester - Sector Focus Industries
EY
- Diegem, Brabant Flamand
- CDI
- Temps-plein
- Cyber Strategy and Resilience: Evaluate and improve our clients' cybersecurity and resiliency program in context of the business growth and operations strategies.
- Offensive Security: Penetration testing and Red Teaming, identifying weaknesses in our clients' IT and Technology environment.
- Defensive Security: Blue Teaming. Handle security incidents with our clients, co-operating their Cyber Security Incident Response Team (CSIRT), working with Cyber Threat Intelligence and running our 24/7 Incident Response service.
- Cloud Security: Build security in our clients' cloud solutions with focus on Security Orchestration, Automation & Response (SOAR).
- Digital Identify and Trust Services: Advise and certify Public Key Infrastructure (PKI) of Trust Service Providers (TSP) and Certificate Authorities (CA) in the context EU eIDAS regulation.
- Execute penetration testing assessments including identifying and exploiting security vulnerabilities in our clients” infrastructure using the established methodology, tools and rules of engagements.
- Perform intelligence gathering, vulnerability identification and analysis in a wide array of IT environments to identify vulnerabilities and potential attack paths resulting in privilege escalation and remote code execution vulnerabilities on client infrastructure.
- Perform in-depth analysis of penetration testing results and create a penetration testing report that describes findings, exploitation procedures, risks and recommendations.
- Conduct security research to devise new attack techniques.
- Stay current with the latest exploits and security trends.
- Develop custom software tools / scripts to assist in compromising IT infrastructure and applications.
- Ability to work both independently as well as lead a team of technical testers on penetration testing engagements.
- Provide technical leadership and advise to junior team members on attack and penetration test engagements.
- Convey complex technical security concepts to technical and non-technical audiences, including executives.
- Full working proficiency (native speaker) in either Dutch or French and English
- a Bachelor's or Master's degree in Computer Science, Cybersecurity Information Systems, Information Technology, Engineering or a related major
- A minimum of 2 years of related work experience in penetration testing
- Experience may include IT infrastructure, web application, API, mobile applications, wireless, social engineering, cloud and Red Team assessments.
- Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends.
- Knowledge of Windows, Linux, Unix, MacOS, Android, iOS and any other major operating systems.
- Deep understanding of TCP/IP network protocols
- Deep understanding and experience with various Active Directory attack techniques.
- Understanding of network security and popular attack vectors.
- Understanding of web-based application vulnerabilities (OWASP Top 10).
- Experience with manual attack and penetration testing.
- Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl, Ruby etc).
- Experience in using vulnerability scanning tools (e.g. Nessus, Sqlmap, nmap, Burpsuite Pro, ZAP, etc.)
- Any two of the following certifications: CEH, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, or similar.
- Execute penetration testing assessments including identifying and exploiting security vulnerabilities in our clients” infrastructure using the established methodology, tools and rules of engagements.
- Perform intelligence gathering, vulnerability identification and analysis in a wide array of IT environments to identify vulnerabilities and potential attack paths resulting in privilege escalation and remote code execution vulnerabilities on client infrastructure.
- Perform in-depth analysis of penetration testing results and create a penetration testing report that describes findings, exploitation procedures, risks and recommendations.
- Conduct security research to devise new attack techniques.
- Stay current with the latest exploits and security trends.
- Develop custom software tools / scripts to assist in compromising IT infrastructure and applications.
- Ability to work both independently as well as lead a team of technical testers on penetration testing engagements.
- Provide technical leadership and advise to junior team members on attack and penetration test engagements.
- Convey complex technical security concepts to technical and non-technical audiences, including executives.
- EY Family - you become part of the EY Family providing you with all the necessary skills, training and opportunities; enabling you to grow to your fullest potential.
- Attractive remuneration package - We offer an attractive remuneration package; including
- Inspiring work environment - At EY we are dedicated to providing you with an inspiring work environment. A work environment that allows you to further develop your skills and enables you to fulfill your true potential.
- Learning & personal growth - You will benefit from an onboarding program, receive extensive training and will be coached by a counselor. We offer a clear career path tailored to your unique skills with necessary guidance.
- Fun - By joining our EY- teams, you can participate in team activities, and companywide events and enjoy a drink during our monthly after-work drink.
- Sustainability - We have a fleet of hybrid and electric cars. Our flex plan makes it possible for you to choose the most sustainable option for you. You can also opt for a train subscription or lease a bike.
- Diversity & Inclusion - At EY we are passionate about the inclusion and support of individuals of all groups; we do not discriminate on the basis of race, religion, gender, sexual orientation, or disability status.
- Location - All of our offices are easily accessible by public transport and/or by car and have parking space. They all have parking spaces and charging stations are provided.
- Best Workplace - You will be part of the 2023 number one rated Best Workplace (Great Place to Work).