Penetration Testers, Advanced Security Centre

  • Company:
  • Location:
  • Salary:
    negotiable / month
  • Job type:
  • Posted:
    22 hours ago
  • Category:

Penetration Testers, Advanced Security Centre


Requisition # MEL002IQ

Post Date Jan 01, 2021

TheCovid-19 pandemic is creating seismic challenges around the world. Our purpose, to build a better working world, has never been more important. Life at EY has been transformed dramatically but our strong culture of flexible and remote working has helped EY people navigate new ways of working and remain connected with each other and our clients.

A better working world truly starts with the people at EY who are building it every day. Now more than ever we need talented people from diverse backgrounds to help our clients navigate the complexities of this Transformative Age: people with the passion, curiosity and drive to make things better.

**The opportunity**

We are looking for a number of Penetration Testers within the Advanced Security Centre team in our Melbourne and Sydney offices.

Our Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that is designed to help our clients protect the privacy, integrity and availability of their information. The professionals in the ASC typically operate in a red team capacity executing with advanced cybersecurity tools and techniques.

The ASC provides the following services to our clients:

+ Web, Web services, mobile and thick client penetration testing

+ Internal/External network penetration testing

+ Source code reviews

+ Wireless assessments

+ Social engineering/red team assessments

+ Vulnerability assessments

+ Security configuration reviews

**Due to current border restrictions we will only be considering candidates currently based in Australia with appropriate working rights at this time.**

**Your key responsibilities**

+ Manage technical cybersecurity testing engagements end to end (web applications, mobile applications (Android and iOS), web services, API, network, thick client, external/internal network)

+ Work effectively as a self-managed team member, maintain communication and update management on engagement process

+ Prepare client reports and presentations to an exceptional standard

+ Excellent communication skills and be able to present technical findings to a technical audience (as and when required)

+ Manage and develop client stakeholder relationships

+ Research the latest security best practices and stay abreast of new threats and vulnerabilities

+ Contribute to internal research and development projects to help build custom red team tools

+ Provide training and coaching to junior team members on penetration testing related knowledge and skills

+ Contribute to and/or drive cyber security staff recruitment, retention and development activities

+ Work with key business stakeholders to develop the ASC and execute go-to-market plans

**Skills and attributes for success**

+ A minimum of 3+ years cybersecurity experience majority of it being penetration testing experience beyond automated tools.

+ A Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major is advantageous but not essential.

+ Strong project management skills.

+ Willing to build and grow your technical cybersecurity career to the next level.

+ Have relevant certifications (at least OSCP or equivalent) and be willing to pursue related professional certifications such as the SANS, CREST, MSCIPT, RHCE, CISSP etc.

+ Have extensive experience in web and mobile application security testing and specialisation in one other domain would be favourable (thick application or internal/external network)

+ Thorough knowledge of the following items:

+ Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.

**Ideally, you’ll also have**

+ The ability to translate technical jargon to non-technical people

+ A methodical approach to attack and penetration testing (above running automated tools)

+ Working knowledge of network protocols

+ Technical security operations or development experience

**What working at EY offers**

We offer a competitive remuneration package where you’ll be rewarded for
your performance. In addition, our comprehensivepackage can be tailored to your individual needs,
to give you the freedom to manage your role in a way that’s right for you. This

+ a variety of flexibleworking and leave arrangements

+ personalisedincluding coachingand support to help you build your career and access to formal learning so youcan develop the skills you’ll need to thrive in the future

+ arange oftools and benefits to guide and support your health and wellbeing throughoutyour entire EY career

**About EY**

At EY, we hold a collective commitment to foster an
environment where all differences are valued and respected, practices are
equitable and everyone experiences a sense of belonging. Through our inclusive
leadership behaviours, a variety of internal networks, flexible working and
mentoring programs, you will have the support and flexibility to build an
exceptional career. Read more about.

EY is committed to making reasonable
adjustments to provide a positive, barrier-free recruitment process for
people with disability. If you require any adjustments to the recruitment
process in order to equitably participate, we encourage you to advise us at the
time of application viaor phone+61 3
8650 7788.

We understand the importance of social
distancing at this time so our recruitment and onboarding process will be managed
virtually so we can continue to prioritise the safety and wellbeing of EY
people, clients, guests and the broader public.

**Theexceptional EY experience. It’s yours to build.** ​

**Apply now.**

preferred applicant will be subject to employment screening by EY or by their
external third party provider.

2020 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under
Professional Standards Legislation.