Senior Consultant - Cyber Security - Offensive Security Specialist
As part of our Cyber Technology Consulting team, you will execute advanced penetration testing, red team engagements, and adversary simulation exercises for enterprise and government clients. You will be responsible for identifying vulnerabilities, exploiting them in controlled scenarios, and providing actionable recommendations to improve clients’ security posture. The client base spans various sectors and includes collaboration with other teams within Advisory services. This role requires a balance of strong technical expertise, client communication, and mentoring junior team members.
The opportunity
We’re looking for a senior consultant with hands-on expertise and experience in driving offensive security engagements to join our Cyber Technology Consulting team. This is a fantastic opportunity to be part of a leading firm
Your key responsibilities
Conduct penetration testing across web, mobile, APIs, cloud, and network environments (internal and external). Execute red team and purple team operations, including social engineering, OSINT, and physical security assessments. Perform secure code reviews, wireless security assessments, and application security consulting when required. Develop and execute adversarial attack simulations, leveraging C2 frameworks (commercial: Cobalt Strike, Brute Ratel, NightHawk; open source: Havoc, Mythic, Sliver, Merlin). Stay updated with emerging cyber threats, vulnerabilities, and offensive security techniques, and incorporate these insights into client engagements. Develop detailed reports, articulate technical findings, and deliver actionable recommendations to both technical teams and executive stakeholders. Support pre-sales activities such as scoping, proposal writing, and client workshops.
Skills and attributes for success
Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates. Ability to interpret complex technical results and present insights to business stakeholders. Strong analytical, problem-solving, and critical-thinking skills. Excellent communication and collaboration skills. Deep technical understanding of offensive security methodologies, including network penetration testing, web application testing, and adversary simulation.
To qualify for the role, you must have
Bachelor’s degree in computer science, Cybersecurity, or related field. 4–6 years of hands-on experience in penetration testing, red teaming, or exploit development. Demonstrable proficiency in at least two of the following methodologies: Web, web services, mobile, or thick client penetration testing. Internal/external network penetration testing. Secure code review & application security consulting. Wireless assessments. Social engineering and red team assessments. Strong technical understanding in at least two of the following domains: Common web technologies and frameworks. Application architecture. Cloud platforms (AWS, Azure, GCP). Networking and network protocols. DevOps pipelines and CI/CD security. Hands-on expertise with offensive tools and frameworks (e.g., Burp Suite, Metasploit, BloodHound, Cobalt Strike, Sliver, Havoc). Strong knowledge of MITRE ATT&CK, OWASP Top 10, NIST SP 800-115, and red team methodologies. A valid passport for travel. Excellent communication skills with a consulting mindset.
Ideally, you’ll also have
Relevant Cyber and offensive security certifications Relevant certifications such as OSCP, OSCE, OSWE, OSEP, OSEE, GXPN, CRTO, SANS GWAPT, GPEN. Strong understanding of security frameworks and methodologies (e.g., MITRE ATT&CK, OWASP, NIST). Experience in offensive security engagements
What we offer
We offer a competitive compensation package where you’ll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:
Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.