Senior Consultant - Cybersecurity Penetration Tester - Sector Focus Industries

at  EY

THE EXCEPTIONAL EY EXPERIENCE. IT’S YOURS TO BUILD.

We are a team of 55+ Cybersecurity and Privacy professionals that helps organizations address the challenges on cybersecurity and privacy in a way that is in line with their business strategy.
We provide independent and impartial assistance in IT and business in industry and government organizations. Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills to support our clients and to growth their own career.
Our Belgian practice is part of an EMEIA and Global cyber competency that holds over 7.000 cyber experts. We are one of the 63 Advanced Security Centers globally.

THE OPPORTUNITY: YOUR NEXT ADVENTURE AWAITS?

In response to strong market demand, EY has ambitious plans, and we continue to build our Cybersecurity practice by- looking for strong individuals with experience in attack and penetration testing, vulnerability assessments and red teaming. By joining us now, you will be part of our exciting growth strategy where you will get the opportunity to develop it in line with your own interests.
Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills to identify potential threats and vulnerabilities in client IT environments. The team works together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
We will support you with career-long training and coaching to develop your skills. As EY is a global leading service provider in this space, you will be working with the best of the best in a collaborative environment. So whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

Our team is organized based on five core cyber capabilities that drive our go-to-market, i.e.

• Cyber Strategy and Resilience: Evaluate and improve our clients’ cybersecurity and resiliency program in context of the business growth and operations strategies.
• Offensive Security: Penetration testing and Red Teaming, identifying weaknesses in our clients’ IT and Technology environment.
• Defensive Security: Blue Teaming. Handle security incidents with our clients, co-operating their Cyber Security Incident Response Team (CSIRT), working with Cyber Threat Intelligence and running our 24/7 Incident Response service.
• Cloud Security: Build security in our clients’ cloud solutions with focus on Security Orchestration, Automation & Response (SOAR).
• Digital Identify and Trust Services: Advise and certify Public Key Infrastructure (PKI) of Trust Service Providers (TSP) and Certificate Authorities (CA) in the context EU eIDAS regulation.

By joining us now you will be part of our exciting growth strategy where you will get the opportunity to shape your career it in line with your own interests and aspirations.

• Execute penetration testing assessments including identifying and exploiting security vulnerabilities in our clients” infrastructure using the established methodology, tools and rules of engagements.
• Perform intelligence gathering, vulnerability identification and analysis in a wide array of IT environments to identify vulnerabilities and potential attack paths resulting in privilege escalation and remote code execution vulnerabilities on client infrastructure.
• Perform in-depth analysis of penetration testing results and create a penetration testing report that describes findings, exploitation procedures, risks and recommendations.
• Conduct security research to devise new attack techniques.
• Stay current with the latest exploits and security trends.
• Develop custom software tools / scripts to assist in compromising IT infrastructure and applications.
• Ability to work both independently as well as lead a team of technical testers on penetration testing engagements.
• Provide technical leadership and advise to junior team members on attack and penetration test engagements.
• Convey complex technical security concepts to technical and non-technical audiences, including executives.