Ernst & Young

EY is the only major professional services firm with a dedicated financial services practice (EY FSO) integrated in the EMEIA region. An international team of over 16.000 professionals is working across borders for our clients in the financial sector: Banking, Insurance, Payment Institutions and Wealth & Asset Management, in all service lines: Consulting, Tax, Transactions and Assurance. As we consider our people as the heart of EY, we hire and develop the most passionate people in their field to build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. So that, whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

The Opportunity

In response to strong market demand, EY has ambitious plans to expand our already market leading Cybersecurity practice. We continue to build our Cybersecurity practice and are now looking for strong individuals with experience in attack and penetration testing, vulnerability assessments and Red Teaming. By joining us now, you will be part of our exciting growth strategy where you will get the opportunity to develop it in line with your own interests.

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills to identify potential threats and vulnerabilities in client IT environments. The team works together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.

We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Key Responsibilities

• Coordinate Red Team assessments with internal and/or external stakeholders
• Execute a Red Team assessment based on the MITRE ATT&CK framework and Cyber Kill Chain, including for example: OSINT, phishing campaigns, persistence, lateral movement and data exfiltration 
• Perform in-depth analysis of results and create a report that describes findings, exploitation procedures, risks and recommendations. 
• Convey complex technical security concepts to technical and non-technical audiences, including executives.
• Ability to work both independently as well as work together as a team of technical testers on Red Team engagements.
• Provide technical leadership and advise to junior team members on Red Team engagements.
• Conduct security research to devise new attack techniques.
• Stay current with the latest exploits and security trends.

Skills and Attributes for Success

• Bachelor's or Master’s degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major
• A minimum of 3 years of related work experience in penetration testing and/or Red Teaming
• Relevant certifications such as: CRTO, CRTL, CRTP, CRTE, OSCP, OSEP, OSWP, GPEN, GXPN, CCSAM, CCSAS or similar
• Deep understanding and experience within an (Azure) Active Directory environment and how to exploit it
• Experience with the latest EDR/AV evasion techniques 
• Having knowledge of the MITRE ATT&CK framework and Cyber Kill Chain methodology
• Hands-on experience with Command & Control frameworks such as Cobalt Strike
• Experience with manual attack and penetration testing on various types of systems
• Experience with physical intrusion techniques is a plus
• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl, Ruby etc).
• Experience in using vulnerability scanning tools (e.g. Nessus, Sqlmap, nmap, Burpsuite Pro, ZAP, etc.)

What working at EY Offers

• You will join a dynamic & young team, that is exclusively focused on innovation.
• Interact with the newest products & technologies and create a better customer experience;
• We offer you an attractive remuneration package (competitive salary, net allowances and extensive fringe benefits: company car with fuel card, smart phone, health insurance, pension plan, etc.);
• We offer extensive personal development training budget;
• We are proud of our flexible working arrangements. We will support you to build a successful career and deliver excellent client service without sacrificing your personal priorities. While our client-facing profession might require regular travel, and at times working at client sites, we are committed to help you achieve a work-life balance;
• At EY we are passionate about the inclusion and support of individuals of all groups; we do not discriminate on the basis of race, religion, gender, sexual orientation, or disability status.