Your key responsibilities:

• Conduct penetration testing on applications and infrastructure: 
  
  Perform penetration tests on web, thin, mobile, and thick applications or APIs, and computer networks and systems. The candidate will define the applicable tests and use a framework or methodology such as the unified kill chain framework. The candidate will then choose the appropriate tools to try to break into security-protected applications and networks to probe and identify vulnerabilities and come up with the latest methods for ethical hacking by regularly evaluating new penetration testing tools and techniques. 
• Conduct security audits: 
  
  Use security testing methods to identify ways that attackers could exploit weaknesses in security systems. Conducting network and system security audits, which evaluate how well an organization’s system conforms to a set of established criteria. 
• Write security assessment reports: 
  
  Document findings after conducting thorough research and testing and write security reports. 
  
  Present solutions with key stakeholders within EY and to the clients. Provide feedback and 
  
  verification/revalidation tests after security fixes are applied.

Skills and attributes for success:

• In-depth knowledge of OWASP Top 10 and CVEs, and the ability to effectively communicate 
  
  methodologies and techniques with development teams and operations 
• Penetration testers work with computer systems and web applications and are comfortable using the 
  
  following software and programs:
  • Security assessment tools (such as Burp Suite, SQLmap, nmap, etc.) 
  • Operating systems (such as Linux, Unix, Windows) and web platforms (CMS, Apache, MS IIS, 
    
    etc.) 
  • Programming languages and frameworks (such as SQL, C ++, JavaScript, Ruby, and Python) 
  • DevOps solutions such as Chef, Puppet, Jenkins, and Ansible
• Network and Security Infrastructure:
  • Knowledgeable in Firewall Appliance (such as Fortigate, Palo Alto, Cisco ASA,etc.) 
  • End-point Protection (such as Symantec, McAfee, Carbon Black, etc.) 
  • Knowledgeable in L2 and L3 Networking devices (Cisco, Juniper, etc.)
  • Understanding of Networking concepts (TCP/IP model, OSI Layers, network protocols, routing protocols, TACACS, Radius, VPN (GRE/IPSEC tunnel), etc.  
  • Understanding of Wireless protocols (WPA, WPA2, WLAN, etc.) 
  • VA/PT experience in Mainframe, Thick Client

To qualify for the role, you must have:

• Bachelor's degree in BE / M Sc (Stats, Maths, Computer Science) 
• Perform vulnerability management, penetration testing, social engineering and exploitations 
• Execute red team scenarios to highlight gaps impacting organizations security postures. 
• Document and report testing results including screenshots and findings

Ideally, you’ll also have:

• Certifications in Penetration testing such as OSCP, GWEB, or other similar industry recognized 
  
  certifications is nice to have

Please refer to job description.