EY is looking for a Senior Pentester to join our Cyber Security consulting team. This is a great opportunity to work with market leading specialists who provide world class threat intelligence, penetration testing, security monitoring, incident response and vulnerability management services to some of the world’s most prestigious organizations.
As Senior Pentester, your main responsibilities will be the following ones :
Vulnerability management and assessment (attack & penetration testing, red team testing);
Planning and execution of intrusion tests;
Hardening of high management solutions;
Tenable platform management;
Issuancing of technical opinions and improvement proposals for risk mitigation;
Updating general documentation;
Establishing professional and trust relationships with clients and staff, contributing to a flexible, stable, and team-oriented working culture;
Acting as mentor and coach to the junior members of the team and leading by example.
Skills and attributes for success
A strong work ethic;
Strong analytical and problem-solving skills;
High communication skills;
Flexibility and resilience;
Rigor and attention to detail;
Professional responsibility, confidentiality and integrity;
Efficient, innovative and team-oriented work environment;
Dedicated, innovative, resourceful and able to work under pressure.
To qualify for the role, the candidate must have
Academic education in Computer Engineering or similar fields of study, mainly in referenced universities;
Between 3 to 6 years of professional experience in Pentesting area;
Relevant experience in Red Team penetration testing, in consulting environment;
OSCP (Offensive security certified professional) and / or CCNA R&S certifications valued;
Experience in code development and / or review : C#, C / C++, , ASP, PHP, Powershell, Python or Java valued;
Understanding the data flow of an application and network components (SMTP, LDAP, Database servers);
Knowledge about OWASP and CWE / SANS classification systems;
Experience in Access Management, Change Management, Firewall & IPS rule sets and information leakage prevention and QoS;
Experience in Network Configuration with Firewall Devices;
Experience in systems security assessments and security design reviews of perimeter security application;
Knowledge about Linux, Tenable and Kubernetes;
Fluent written and verbal communication skills in both Portuguese and English.
Ideally, the candidate also have
Other certifications : GPEN, CEH, CompTIA Pentest +;
Knowledge of Audit and Risk standards : ISO27k1, ISO27k5, ITIL.