Manager Cybersecurity (Offensive Sec. / Red teaming)

Job description

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Due to globalisation and developments within technology the structure of organisations are undergoing a lot of changes. As a technical solution architect at EY you support organisations with these transformations. Our teams exist of specialised consultants with different backgrounds. Our consultants are involved in a variety of projects, from developing up to implementing a strategy within different industries. Our core areas are Customer Experience Technology, Experience Design, Organisational Transformation and Data Analytics.

The opportunity - What future are you building towards?

With rapidly changing cybersecurity threats, clients from all industries look to us for trusted solutions for their increasingly complex risks. As a member of our Cyber Risk Management team  you’ll have the opportunity help clients gain insights into their cybersecurity program and strategy as a whole.? You will have access to our robust solutions to advise clients on managing cybersecurity risk, enhancing maturity, and improving efficiency. You will belong to an international connected team of specialists helping our clients with their most complex cybersecurity needs and contributing toward their business resilience. ?  

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. As part of our Cyber Threat Management team, you’ll identify potential threats and vulnerabilities to operational environments. Projects here could include penetration testing, red teaming and simulating physical breaches to identify vulnerabilities. 

Our team - Do great minds always think alike?

Within the Cybersecurity department, we focus on reliable solutions for increasingly complex cybersecurity risks in operational environments. We are an international team of specialists who help our clients with their most complex cybersecurity needs. We work from the Advanced Security Center in Amsterdam in collaboration with our Advanced Security Centers around the world to access the most advanced tools to combat cybercrime.

Responsibilities – How can you make a lasting impact in a rapidly changing world?

You’ll work with our practice in Amsterdam, and have a leading role on threat management projects. Within projects you may have the following responsibilities: 

• Lead penetration testing projects which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. 
• Lead and execute red team scenarios to highlight gaps impacting organizations security postures. 
• Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements. 
• Provide technical leadership and advise to consultants and senior consultants on attack and penetration test engagements. 
• Lead the analyses of code (security code review) 
• Lead the identification and exploitation of security vulnerabilities in a wide array of systems in a variety of situations. 
• Review and perform in-depth analysis of penetration testing results and oversee reporting that describes findings, exploitation procedures, risks and recommendations. 
• Lead penetration testing projects using the established methodology, tools and rules of engagements. 
• Convey complex technical security concepts to technical and non-technical audiences including executives.  

Job requirements – Where do you start if you want to change the world?

• Bachelors degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major with a minimum of 5 to 10 years of related work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments. 
• Experience with manual attack and penetration testing. 
• Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc). 
• Updated and familiarized with the latest exploits and security trends. 
• Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement. 
• Familiarity to perform network penetration testing in stealth manner. 
• Any two of the following certifications OSCP, GPEN, GWAPT, OSCE, OSEE, GXPN. 
• A driver’s license valid in The Netherlands 
• Willingness and ability to travel within The Netherlands to meet client needs. 
• Strong client services orientation and accustomed to taking a proactive role in engagements 
• Flexible, responsible and self-confident personality, who feels comfortable in client’s environment
• Knowledge of Windows, Linux, Unix, any other major operating systems. 
• Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends in Cloud implementations. 
• Deep understanding of TCP/IP network protocols. 
• Deep understanding and experience with various Active Directory attack techniques. 
• Understanding of network security and popular attacks vectors. 
• An understanding of web-based application vulnerabilities (OWASP Top 10)

Already interested? Apply now!

We offer an attractive employment package that rewards individual and team achievements:

• Vitality: the choice is yours. An online session with an external vitality coach, practical tips on topics such as nutrition, energy, sleep, and mindset and/or a voucher card to rent a padel court.
• Flexible working: you decide where and when you work in consultation with your team. At home, at the office, at the client or from another European country (up to 20 working days per year).
• Home office arrangement: to optimally set up your home office, EY has the following resources available for you: office chair, sit/stand desk, external monitor, desk lamp, (Bluetooth) headset and a large external keyboard
• Laptop and smartphone: you are entitled to a laptop and smartphone with a business subscription.
• Salary: in addition to your fixed salary, depending on EY's financial performance, you may be eligible for a bonus. You are also entitled to an expense allowance (depending on the function) and an internet allowance of €40 net per month.
• Time off: you are entitled to 29 vacation days per year when full-time employed.
• Sabbatical: the option to take unpaid leave after consultation.
• Birth leave: EY will pay 100% of the birth leave, in case of an additional birth leave EY will pay 70% of the salary.
• Training and education: EY believes it's important for everyone to always have the opportunity to further develop yourself. We therefore offer you the opportunity to take part in various soft & hard skills training, external courses and/or sign up for an additional education. For example, obtaining an MBA to broaden your skills in Leadership, Business and Tech.
• Mobility: Contribute directly to our ambition to reduce EY's carbon footprint to zero by 2025. With the new scheme you choose the most diverse sustainable options via the EY My Daily Travel app or online environment. Think of the use of lease bicycles, electric shared scooters, electric shared cars, flexible lease cars and various subscriptions for public transport. You can also view your CO2 footprint via the app.
• Bicycle arrangement: finance the purchase cost of your new bicycle from your gross monthly salary (purchase cost amount divided over 12 months) or from your non-statutory holiday entitlement.
• Pension scheme: you will build up a pension capital directly after your start at EY. Each month the available premium amount is transferred for you in an investment account at our pension provider. You will also have the option to build up additional pension capital on a voluntary basis. 

For more information about our employment terms, visit our page here.

The office

Our office in Amsterdam is located on the Zuidas: a bustling area where many companies are based. In our Cross Towers, as many as 1000 people are welcomed daily. Haven't had breakfast yet? Then a special smoothie will be made for you or simply a delicious cappuccino. During lunchtime, the team is ready to serve you a fresh lunch. For a breathtaking view of Amsterdam, head to the 22nd floor. Collaboration takes on a new meaning through the Wavespace. This high-tech environment brings together clients and colleagues virtually worldwide!

Recruitment procedure

The selection procedure exists in general out of 2 interview rounds and/or Business case. An (online) assessment an pre-employment screening will also be part of the process.

 Due to laws and regulations, and because EY (and in some cases its clients) has high demands on the reliability and integrity of its employees, every new employee will be screened. Depending on your rank the pre-employment screening could contain the following: Certificate of Conduct (in Dutch: VOG) or - if requesting a Dutch VOG is not possible - Criminal Background Check of the country you are currently living or have lived during the last five years, integrity questionnaire, verification of ID, diploma’s and/or work experience and consultation of the Dutch insolvency registry.