Note: The job is a remote job and is open to candidates in USA. EY is a global leader in consulting and audit services, and they are seeking a Senior Consultant for their Government and Public Sector Cybersecurity team. This role involves executing advanced penetration testing, identifying vulnerabilities, and providing technical oversight in a collaborative environment to enhance security operations for government clients.
Responsibilities
- Execute advanced penetration testing and red team activities
- Identify, validate, and exploit complex attack paths to demonstrate realistic business and mission risk
- Perform manual validation of vulnerabilities identified through automated or tool-based scanning to confirm exploitability and impact
- Correlate findings across network, application, cloud, and identity attack vectors to identify systemic security weaknesses
- Escalate critical and high-risk findings to engagement leadership and client stakeholders during active testing activities
- Articulate technical risk, potential impact, and exploitation context in clear, client-facing language suitable for both technical and executive audiences
- Review, validate, and approve testing evidence and technical findings prior to inclusion in formal deliverables
- Author and contribute to technical penetration testing reports and executive summaries that clearly describe risk, likelihood, and potential impact
- Apply consistent evidence handling and documentation practices aligned to engagement and compliance requirements
- Support engagement scoping, testing strategy development, and definition of rules of engagement
- Provide technical oversight and mentoring to staff-level penetration testers during testing execution and report development
- Serve as a senior technical authority during client briefings, readouts, and debrief sessions
Skills
- Bachelor's Degree
- Minimum of three years of direct penetration testing or red teaming experience supporting enterprise or large-scale environments
- Must be able to obtain/maintain a secret level clearance
- Must be comfortable working in-person as needed in the greater Washington, DC area
- Demonstrated hands-on execution of penetration testing across infrastructure, application, cloud, and identity-centric environments
- At least one intermediate or advanced offensive security certification, such as: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Equivalent industry-recognized certification
- Demonstrated experience completing approximately 1,000 hours of penetration testing activities, aligned with EY Attack and Penetration Testing senior capability benchmarks
- Technical Skills: Network, operating system, and application exploitation techniques
- Credential-based attack techniques, including password cracking, pass-the-hash, and token abuse
- Active Directory and enterprise identity infrastructure assessment
- Web application and application programming interface (API) security testing
- Cloud and hybrid environment penetration testing; Use of commercial, open-source, and custom penetration testing tools
- Experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and red team assessments
- Operates effectively within multi-role delivery teams that include Managers, Seniors, and Staff testers aligned to EY GPS resource structures
- Demonstrated professionalism and discretion when handling sensitive government systems, data, and assessment findings
- Strong client-facing communication skills suitable for interaction with security leadership, compliance personnel, and oversight stakeholders
Benefits
- We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business.
- In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
- Join us in our team-led and leader-enabled hybrid model.
- Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
- Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances.
- You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
Company Overview