Senior Consultant _ Cyber Security for Penetration Test
EY
- Hanoi
- Permanent
- Full-time
- Perform systematic and complete penetration tests on company's digital systems to identify vulnerabilities.
- Develop and implement testing methods and tools for security testing of applications, networks and systems.
- Conduct manual penetration tests of web applications, APIs, mobile applications, and network infrastructure.
- Conduct social engineering assessments, including spear phishing, physical security assessments, and desktop testing.
- Document the findings from the penetration tests and communicate them to the stakeholders.
- Develop and guide junior testers in the team for performing penetration tests proficiently.
- Work with network and application teams to understand the system and help them fix identified vulnerabilities.
- Perform vulnerability assessments as part of a risk-based security assessment program.
- Keep updated with the latest trends in cybersecurity, new vulnerabilities, and testing methodologies.
- Analyze, disassemble, and reverse engineer code to discern weaknesses for exploitation; document and discuss findings with various stakeholders.
- Assist in managing engagement by organising staffing, tracking fees and communicating issues;
- Supervise and coach junior team members;
- Manage and maintain strong client relationships;
- Contribute to the development of proposals, conduct research & development activities;
- Participate in business development initiatives, identify and escalate potential business opportunities on existing engagements;
- Bachelor's Degree in Computer Science, Information Systems or a related field.
- A minimum of 03 years of experience in penetration testing or a similar role.
- Highly knowledgeable about various operating systems and databases.
- In-depth knowledge of networking protocols and web technologies.
- Previous experience with scripting and programming languages such as JavaScript, Python, Bash, or others is a plus.
- Strong understanding of vulnerability assessment and penetration testing methodologies.
- Excellent problem-solving and analytical skills.
- Exceptional communication skills; capable of conveying complex security topics in easy to understand language.
- High degree of professional integrity and strong ethical values.
- Good understanding of cybersecurity solutions and framework, enterprise architecture, IT/business functions and operations, industry trends;
- At least 3 years of experience in cybersecurity practices, in at least one of following domains: IT risk management, IT audit, security operation, security engineering, pentesting, etc;
- Having industry-recognized professtional certification e.g. CISSP, CISM, CRISC, ISO 27001 Implementor/Auditor, OSCP, OSCE, OSWE, CREST, or equivelant is a plus;
- Excellent interpersonal, written and verbal communication skills in English and Vietnamese;
- Desire to work in consulting demonstrated by relevant course work;
- Demonstrated project management, teaming, organizational, analytical and problem-solving skills;
- Strong root-cause analysis experience and skills as well as the ability to identify strengths and weaknesses in a client's processes and controls;
- Effective organization and time management skills with the ability to work under pressure and adhere to project deadlines;
- You will join a young, dynamic team, genuinely passionate about its work, within a leading global professional services firm;
- Opportunities to develop new skills and progress your career;
- Support, coaching and feedback from security professionals;
- The freedom and flexibility to handle your role in a way that's right for you;
- Acquire a fully accredited corporate MBA (EY Tech MBA) from Hult International Business School;