Offensive Security AnalystErnst & Young Oman • Carson City, Nevada, United States
Offensive Security Analyst
Ernst & Young Oman
- Carson City, Nevada, United States
- Carson City, Nevada, United States
À propos
Key Responsibilities
Assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure.
Test proof‑of‑concepts to validate exploitability and determine real‑world impact.
Emulate adversary tactics to test detection and response capabilities.
Conduct reconnaissance and asset discovery to uncover unmanaged or exposed assets.
Support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required.
Collaborate closely with security engineering, blue teams, and business stakeholders to help prioritize remediation efforts based on risk severity and exploitability.
Contribute to enhancing processes, playbooks, and reporting standards within the Vulnerability Discovery and offensive security functions.
Skills and Attributes for Success
Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc.
Strong attention to detail with a methodical approach to identifying complex attack paths.
Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context.
Ability to manage high volumes of testing requests without compromising depth or quality.
Flexibility to work across diverse technologies, including cloud, applications, and infrastructure.
Effective communication skills to convey technical findings to both technical and non‑technical audiences.
Familiarity with research techniques and threat intelligence to support proactive risk identification.
Qualifications
A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security.
Hands‑on experience testing applications, APIs, cloud environments, and network infrastructure.
Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques.
Familiarity with offensive security methodologies and frameworks.
Experience supporting or performing third‑party risk assessments.
Strong analytical and problem‑solving skills with the ability to prioritize risks effectively.
Strong communication and stakeholder management skills.
Ideally You’ll Also Have
Certifications such as OSCP, GPEN, GWAPT, or equivalent offensive security credentials.
What We Offer You
Compensation ranges in the US: $76,400 to $138,600. In specific metro areas: $91,700 to $157,500. Total rewards include medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
Hybrid model: most external, client‑serving roles work together in person 40–60% of the time over the course of an engagement, project or year.
Flexible vacation policy: choose vacation time based on personal circumstances, plus EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence.
Equal Employment Opportunity EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please contact the appropriate support channels.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.