Job Title: Senior Cyber Security Consultant - Red Teaming - Financial Services
Company: EY
Location: Machelen, Belgium
Job Category: Other
EU work permit required: Yes
Job Summary:
EY is the only major professional services firm with a dedicated financial services practice integrated in the EMEIA region. Our team of experts works across borders for our clients in the financial sector, providing consulting, tax, transactions, and assurance services.
The Opportunity:
We are looking for strong individuals with experience in attack and penetration testing, vulnerability assessments, and Red Teaming to join our growing Cybersecurity practice. You will have the opportunity to develop your skills and work with the best in the industry in a collaborative environment.
Key Responsibilities:
* Coordinate Red Team assessments with internal and/or external stakeholders.
* Execute Red Team assessments based on the MITRE ATT&CK framework and Cyber Kill Chain, including OSINT, phishing campaigns, persistence, lateral movement, and data exfiltration.
* Perform in-depth analysis of results and create a report that describes findings, exploitation procedures, risks, and recommendations.
* Convey complex technical security concepts to technical and non-technical audiences, including executives.
* Ability to work both independently and as part of a team of technical testers on Red Team engagements.
* Provide technical leadership and advise junior team members on Red Team engagements.
* Conduct security research to devise new attack techniques.
* Stay current with the latest exploits and security trends.
Requirements:
* Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering, or a related major.
* A minimum of 3 years of related work experience in penetration testing and/or Red Teaming.
* Relevant certifications such as CRTO, CRTL, CRTP, CRTE, OSCP, OSEP, OSWP, GPEN, GXPN, CCSAM, CCSAS, or similar.
* Deep understanding and experience within an (Azure) Active Directory environment and how to exploit it.
* Experience with the latest EDR/AV evasion techniques.
* Having knowledge of the MITRE ATT&CK framework and Cyber Kill Chain methodology.
* Hands-on experience with Command & Control frameworks such as Cobalt Strike.
* Experience with manual attack and penetration testing on various types of systems.
* Experience with physical intrusion techniques is a plus.
* Experience with scripting/programming skills (Python, PowerShell, Java, Perl, Ruby, etc.).
* Experience with vulnerability scanning tools (Nessus, Sqlmap, nmap, Burpsuite Pro, ZAP, etc.).
What We Offer:
* You will join a dynamic and young team exclusively focused on innovation.
* Interact with the newest products and technologies to create a better customer experience.
* An attractive remuneration package, including competitive salary, net allowances, and extensive fringe benefits.
* Extensive personal development training budget.
* Flexible working arrangements to support a successful career and excellent client service without sacrificing personal priorities.
* Inclusion and support of individuals from all groups, regardless of race, religion, gender, sexual orientation, or disability status.