Job description

Requisition ID:  233441

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Our EY Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that was established to help our clients protect the confidentiality, integrity and availability of their information. Our vision is to build and bring the strongest, most diverse and highly skilled team to the market. We strive to be the market leaders in security testing services, ready to tackle any challenge that comes our way.

The ASC provides the following services to our clients:

Web, Web services, mobile and thick client penetration testing

Internal/External network penetration testing

Red Team/Purple Team assessments

Social Engineering assessments

Application Security consulting and secure code review

Wireless assessments

Vulnerability assessments

Security configuration reviews

Our mission is to provide long-term careers for security testers, not just a job. Our team is structured to allow you to grow in your role and progress your career.

What you’ll do:

Lead and manage technical cybersecurity testing engagements end to end (web applications, mobile applications (Android and iOS), web services, API, network, thick client, external/internal network penetration testing)

Work effectively as a self-managed team member, share responsibility, provide support, maintain communication and update management on engagement process

Supervise and provide coaching and training to junior team members

Prepare client reports and presentations to an exceptional standard

Excellent communication skills and be able to present technical findings to technical team (as and when required)

Manage and develop client stakeholder relationships

Research the latest security best practices and stay abreast of new threats and vulnerabilities and share these with the team

Contribute to internal research and development projects to help build custom red team tools

Contribute and/or lead and drive cyber security staff recruitment, retention and development activities

Execute and contribute to the ASC strategy and vision to build the strongest and most diverse team within security testing market.

On your first day, we'd love for you to have:

A minimum of 4+ years cybersecurity experience majority of it being penetration testing or application security experience beyond automated tools.

Strong project management, negotiation and interpersonal skills.

A commitment to build and grow your technical cybersecurity career to the next level.

Experience in web and mobile application security testing and specialisation in one other domain would be favourable (thick application or internal/external network)

Demonstrable proficiency of at least 2 following security assessment methodologies:

Web, Web services, mobile and thick client penetration testing

Internal/External network penetration testing

Application Security consulting and secure code review

Wireless assessments

Social engineering/red team assessments

Demonstrable technical understanding of at least 2 of following domains:

Common web technologies and frameworks

Application architecture

Cloud computing

Networking and Network protocols

DevOps methodology and pipelines

It's great, but not required, if you have:

Relevant (or be willing to pursue) professional certifications such as OSCP, SANS, CREST, CISSP etc.

A Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major is advantageous.

The ability to translate technical jargon to non-technical people

A methodical approach to attack and penetration testing (above running automated tools)

Technical security operations or software development experience

What we offer

Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

Continuous learning: personalised career development including coaching, experiences and formal learning so you’ll develop the mindset and skills you’ll need to thrive in the future.

Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

At EY, you’ll be rewarded and recognised based on your performance and our comprehensive benefits package can be tailored to your individual needs.

Looking to take advantage of the size and scale of our global EY network? This role may provide the opportunity for secondments to New Zealand and Japan - let your Recruiter know if this is of interest, as you go through our recruitment process!

We hold a collective commitment to foster an environment where all differences are valued and respected, practices are equitable and everyone experiences a sense of belonging. If you require any adjustments to the recruitment process in order to equitably participate, we encourage you to advise us at the time of application via contactrecruitment@au.ey.com or  phone +61 3 8650 7788 (option 4).

We understand the importance of social distancing at this time so our recruitment and onboarding process may be managed virtually so we can continue to prioritise the safety and wellbeing of EY people, clients, guests and the broader public. 

The exceptional EY experience. It’s yours to build. ​

EY | Building a better working world 

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.  

The preferred applicant will be subject to employment screening by EY or by their external third party provider.