Penetration Testers, Advanced Security Centre
The Covid-19 pandemic is creating seismic challenges around the world. Our purpose, to build a better working world, has never been more important. Life at EY has been transformed dramatically but our strong culture of flexible and remote working has helped EY people navigate new ways of working and remain connected with each other and our clients.
A better working world truly starts with the people at EY who are building it every day. Now more than ever we need talented people from diverse backgrounds to help our clients navigate the complexities of this Transformative Age: people with the passion, curiosity and drive to make things better.
The opportunity
We are looking for a number of Penetration Testers within the Advanced Security Centre team in our Melbourne and Sydney offices.
Our Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that is designed to help our clients protect the privacy, integrity and availability of their information. The professionals in the ASC typically operate in a red team capacity executing with advanced cybersecurity tools and techniques.
The ASC provides the following services to our clients:
- Web, Web services, mobile and thick client penetration testing
- Internal/External network penetration testing
- Source code reviews
- Wireless assessments
- Social engineering/red team assessments
- Vulnerability assessments
- Security configuration reviews
Due to current border restrictions we will only be considering candidates currently based in Australia with appropriate working rights at this time.
Your key responsibilities
- Manage technical cybersecurity testing engagements end to end (web applications, mobile applications (Android and iOS), web services, API, network, thick client, external/internal network)
- Work effectively as a self-managed team member, maintain communication and update management on engagement process
- Prepare client reports and presentations to an exceptional standard
- Excellent communication skills and be able to present technical findings to a technical audience (as and when required)
- Manage and develop client stakeholder relationships
- Research the latest security best practices and stay abreast of new threats and vulnerabilities
- Contribute to internal research and development projects to help build custom red team tools
- Provide training and coaching to junior team members on penetration testing related knowledge and skills
- Contribute to and/or drive cyber security staff recruitment, retention and development activities
- Work with key business stakeholders to develop the ASC and execute go-to-market plans
Skills and attributes for success
- A minimum of 3 years cybersecurity experience majority of it being penetration testing experience beyond automated tools.
- A Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major is advantageous but not essential.
- Strong project management skills.
- Willing to build and grow your technical cybersecurity career to the next level.
- Have relevant certifications (at least OSCP or equivalent) and be willing to pursue related professional certifications such as the SANS, CREST, MSCIPT, RHCE, CISSP etc.
- Have extensive experience in web and mobile application security testing and specialisation in one other domain would be favourable (thick application or internal/external network)
- Thorough knowledge of the following items:
- Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
Ideally, you’ll also have
- The ability to translate technical jargon to non-technical people
- A methodical approach to attack and penetration testing (above running automated tools)
- Working knowledge of network protocols
- Technical security operations or development experience