Offensive Security Analyst
About The Position
At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team helps protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value.
Requirements
- A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security
- Hands-on experience testing applications, APIs, cloud environments, and network infrastructure
- Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques
- Familiarity with offensive security methodologies and frameworks
- Experience supporting or performing third-party risk assessments
- Strong analytical and problem-solving skills with the ability to prioritize risks effectively
- Strong communication and stakeholder management skills
Nice To Haves
- OWASP training
- Incident response experience
Responsibilities
- Apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure.
- Test proof-of-concepts to validate exploitability and determine real-world impact.
- Emulate adversary tactics to test detection and response capabilities.
- Conduct reconnaissance and asset discovery to uncover unmanaged or exposed assets.
- Support third-party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required.
- Collaborate closely with security engineering, blue teams, and business stakeholders to help prioritize remediation efforts based on risk severity and exploitability.
- Contribute to enhancing processes, playbooks, and reporting standards within the Vulnerability Discovery and offensive security functions.
Benefits
- medical and dental coverage
- pension and 401(k) plans
- a wide range of paid time off options
- flexible vacation policy
- designated EY Paid Holidays
- Winter/Summer breaks
- Personal/Family Care
- other leaves of absence
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
