Manager - Tech Consulting - Cybersecurity - Penetration Testing Ernst & Young AE

Manage and oversee offensive security engagements, including:

• Web, mobile, APIs, thick client, and cloud penetration testing
• Internal/external network and wireless security assessments
• Red team and purple team operations (including OSINT, social engineering, and physical security assessments)

Define methodologies, frameworks, and toolkits for red team and adversarial simulations aligned to MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model.

Guide the use of C2 frameworks (Cobalt Strike, Brute Ratel, NightHawk, Havoc, Sliver, Mythic, Merlin) and Breach & Attack Simulation (BAS) platforms in client engagements.

Review and validate advanced tradecraft such as EDR/AV evasion, C2 infrastructure setup, malware development, and offensive R&D.

Translate complex technical risks into business-relevant insights for executive level, producing executive-ready reports and presentations.

Act as the subject matter expert (SME) for client discussions, workshops, and industry events

Drive pre-sales and business development activities, including proposal development, scoping sessions, and client relationship management.

Manage accounts and relationships on a day-to-day basis and explore new business opportunities for the firm.

Assist in developing new methodologies and internal initiatives and help in creating a positive learning culture by coaching, counselling and developing junior team members.

Ensure compliance with local and international cybersecurity frameworks (e.g., NCA ECC/DCC, ISO 27001, PCI DSS).

Manage multiple engagements, ensuring timely delivery, quality assurance, and adherence to industry best practices.

Responsible for overall client service quality delivery in accordance with EY quality guidelines & methodologies

Skills and attributes for success

• Leadership and people management, with the ability to grow and retain high-performing teams.
• Strong project management skills, ensuring engagements are delivered on time, on budget, and at high quality.
• Excellent business acumen, with the ability to contribute to go-to-market strategies and service development.
• Ability to balance hands-on technical oversight with strategic advisory.
• Ability to interpret complex technical results and present insights to business stakeholders.
• Strong analytical, problem-solving, and critical-thinking skills.
• Excellent communication and collaboration skills
• Deep technical understanding of offensive security methodologies.

To qualify for the role, you must have

• A bachelor's or master s degree in information technology, cyber security etc.
• 7 10 years of experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments., with at least 2 3 years in a leadership or managerial role.
• Knowledge of Windows, Linux, UNIX, any other major operating systems.
• Deep understanding of TCP/IP network protocols and experience with various Active Directory attack techniques.
• Understanding of network security and popular attacks vectors.
• In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Experience with manual attack and penetration testing.
• Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
• Proven track record in leading red/purple team operations, adversarial simulations, and social engineering campaigns.
• Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
• Recognized certifications such as OSCP, OSWE, OSEP, OSEE, GXPN, CRTO2, SANS LDR551, GPEN, GWAPT.
• Exposure to offensive R&D, malware development, and automation for scaling engagements is highly desirable.
• Strong business development/ account management and client relationship skills.
• A valid passport for travel.
• Excellent communication skills with a consulting mindset.

Ideally, you ll also have

• Project management skills.
• Relevant certifications such as OSCP, OSCE, OSWE, OSEP, OSEE, GXPN, CRTO, SANS GWAPT, GPEN.
• Strong understanding of security frameworks and methodologies (e.g., MITRE ATT&CK, OWASP, NIST).