Sorry! This position is no longer accepting applications.

Cyber Security (VAPT) Consultant

Ernst & Young

Amman, Jordan

Ref: NP946-1825

Job description / Role

Employment: Full Time

As part of our Cyber Technology Consulting team, you will be performing managed or ad-hoc vulnerability assessment and penetration testing for various clients across the Jordan region. Working with Cyber Technology consulting team, you will also perform application security assessments, code & architecture reviews, threat modelling, configuration audit, AD assessments, social engineering assessments, red/purple teaming etc. The client base spans across various sectors and includes collaboration with other teams within Advisory services.

The opportunity

We're looking for a Senior Consultant/Assistant Manager with real hands-on expertise in performing cyber security assessments to join the group of our Cyber Technology Consulting team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering.

Your key responsibilities

- Perform end-to-end project execution for end clients (VAPT domain) both offshore and onshore
- Perform infrastructure penetration testing and vulnerability assessments
- Perform web/mobile/API penetration testing.
- Perform threat modelling, security code reviews and architecture reviews
- Perform security configuration reviews for OS, Databases, Network & Security devices, applications etc.
- Perform Active directory assessments
- Perform Red Team assessments/Attack Simulations aligned to cyber kill-chain and MITRE ATT&CK
- Experience with AV evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc.
- Experience with both commercial & open-source tools mapped to the different stages in the cyber kill-chain
- Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events
- Analysis of the patches released by the vendors
- Prepare reports and convey the observations to the top management in layman's language emphasizing on the business risks.
- Mentor junior resources or managing a group of resources.


Skills and attributes for success

- Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
- Good Communication skill and willingness to travel at a short notice
- Demonstrating and applying strong project management skills, inspiring teamwork and responsibility with engagement team members
- Hands on experience will tools/frameworks like Kali, Burp Suite, Nessus, Qualys, Acunetix scanners (DAST and SAST)
- Good knowledge of OWASP and Secure SDLC standards
- Hands on experience with programming using Python/Perl/PowerShell/C++
- Hands on experience with exploit development and VS code compilation.
- Hands on experience with C2 frameworks (e.g.PoshC2, Covenant, Metasploit etc.)
- Hands on experience with setting-up phishing and red teaming infrastructure
- Good knowledge of encryption technologies & MiTM attacks
- Good understanding of MITRE ATT&CK framework and how to leverage it.
- Good understanding of AD administration, different authentication mechanisms, trust boundaries etc.
- Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model

To qualify for the role, you must have

- A bachelor's or master's degree
- 5+ years of experience working as an Information security professional with cyber security assessment background in a professional services firm.
- Excellent communication skills with consulting experience preferred
- A valid passport for travel.

Ideally, you'll also have

- Experience with performing assessment related to Red Teaming, Network Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Secure Code review, AD Security Assessments, Vulnerability Management, Social Engineering Assessments, Wireless Penetration Testing.
- OSCE, OSCP, GPEN, LPT, ECSA, CEH, CompTIA Security+ (at least two certifications are desired)

What we offer

We offer a competitive compensation package where you'll be rewarded based on performance and recognized for the value you bring to our business. Plus, we offer:

- Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It's yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

About the Company

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available on our site.

The MENA practice of EY has been operating in the region since 1923. For over 95 years, we have grown to over 7,500 people united across 21 offices and 16 countries, sharing the same values and an unwavering commitment to quality. As an organization, we continue to develop outstanding leaders who deliver exceptional services to our clients and who contribute to our communities. We are proud of our accomplishments over the years, reaffirming our position as the largest and most established professional services organization in the region

Get personalised updates on latest vacancies
Job Alerts by Email
  • Personalised updates on latest career opportunities
  • Insights on hiring and employment activity in your industry
  • Typically sent twice a month