Lead Offensive Security Consultant

Join EY and accelerate your career as a Lead Offensive Security Consultant. We are committed to shaping your future with confidence while fostering a diverse and globally interconnected work environment. Be an integral part of our mission to build a better working world. The Opportunity In this pivotal role, you will spearhead and execute penetration testing, red teaming, and various security assessments for our prestigious clients. Collaborating with cross-functional teams, you will identify vulnerabilities, create mitigation strategies, and ensure security measures align with industry standards. You'll also drive efforts in automation to enhance our security environments. Your Key Responsibilities Lead and execute comprehensive penetration testing projects, assessing web applications, networks, cloud environments, hardware, and firmware. Design and conduct red team and purple team exercises to identify gaps in security posture and provide actionable recommendations. Generate detailed reports outlining findings, exploitation procedures, associated risks, and well-grounded recommendations from thorough testing. Stay informed about emerging security threats, vulnerabilities, and best practices to promote continuous learning within the team. Assist in configuring and maintaining penetration testing tools and infrastructure for optimal performance and security. Contribute to operational metrics for client meetings, providing insights into tool performance and security findings. Skills and Attributes for Success Over 5 years of proven experience in penetration testing and offensive security methodologies. Strong understanding of automation tools and processes in offensive and application security contexts. Excellent problem-solving skills with the ability to manage multiple security projects simultaneously. Effective communication skills for engaging with clients and conveying complex technical concepts clearly. To Qualify for the Role, You Must Have A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. A minimum of three years of experience in incident response or penetration testing; or one year in the electric utility sector focusing on generation or transmission & distribution. Extensive knowledge of manual attack and penetration testing across multiple platforms, including web applications and cloud environments. Proficiency in scripting languages such as Python, Bash, or PowerShell for automating security tasks. Familiarity with major operating systems, including Windows, Linux, and Unix. Ideally, You Would Also Have Certifications such as CCSP, CSSLP, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, CISM. Contributions to the cybersecurity community through research, public CVE disclosures, bug bounties, or open-source involvement. Strong analytical skills for interpreting and analyzing complex information. A genuine interest in staying updated with the latest cybersecurity threats and trends. What We Look For We seek passionate top performers in the cybersecurity field. A proactive mindset, the ability to build high-performing teams, adaptability to evolving threats, and a commitment to continuous learning are essential qualities we value. We welcome motivated individuals dedicated to protecting digital assets and fostering a culture of security awareness. What We Offer Continuous Learning: We support your development to equip you for future challenges. Success Defined by You: We provide tools and flexibility to allow you to make a significant impact in your own unique style. Transformative Leadership: Access insights, coaching, and confidence to thrive in high-performing teams. Diverse and Inclusive Culture: Embrace and celebrate your identity while empowering others to do the same. At EY, we offer a comprehensive compensation and benefits package that rewards your performance and recognizes your value. Join us to shape your future confidently and make a meaningful impact in the world.

Created: 2026-03-06