Apply now »

Penetration Tester - Cyber Security - Technology Consulting

Location:  Auckland
Other locations:  Anywhere in Country
Salary: Competitive
Date:  15-Jan-2023

Job description

Requisition ID:  1080181

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 



Our EY Advanced Security Centre (ASC) is a well-established, dedicated and vibrant team that was established to help our clients protect the confidentiality, integrity and availability of their information. Our vision is to build and bring the strongest, most diverse and highly skilled team to the market. We strive to be the market leaders in security testing services, ready to tackle any challenge that comes our way. 


The ASC provides the following services to our clients: 


  • Web, Web services, mobile and thick client penetration testing

  • Internal/External network penetration testing

  • Red Team/Purple Team assessments

  • Social Engineering assessments

  • Application Security consulting and secure code review

  • Wireless assessments

  • Vulnerability assessments

  • Security configuration reviews 

Our mission is to provide long-term careers for security testers, not just a job. Our team is structured to allow you to grow in your role and progress your career. 


What you’ll do: 


  • Lead and manage technical cybersecurity testing engagements end to end (web applications, mobile applications (Android and iOS), web services, API, network, thick client, external/internal network penetration testing)

  • Work effectively as a self-managed team member, share responsibility, provide support, maintain communication and update management on engagement process

  • Supervise and provide coaching and training to junior team members

  • Prepare client reports and presentations to an exceptional standard

  • Excellent communication skills and be able to present technical findings to technical team (as and when required)

  • Manage and develop client stakeholder relationships

  • Research the latest security best practices and stay abreast of new threats and vulnerabilities and share these with the team

  • Contribute to internal research and development projects to help build custom red team tools

  • Contribute and/or lead and drive cyber security staff recruitment, retention and development activities

  • Execute and contribute to the ASC strategy and vision to build the strongest and most diverse team within security testing market.  


On your first day, we'd love for you to have: 


  • A minimum of 4+ years cybersecurity experience majority of it being penetration testing or application security experience beyond automated tools.

  • Strong project management, negotiation and interpersonal skills.

  • A commitment to build and grow your technical cybersecurity career to the next level.

  • Experience in web and mobile application security testing and specialisation in one other domain would be favourable (thick application or internal/external network)

  • Demonstrable proficiency of at least 2 following security assessment methodologies:

    1. Web, Web services, mobile and thick client penetration testing

    2. Internal/External network penetration testing

    3. Application Security consulting and secure code review

    4. Wireless assessments

    5. Social engineering/red team assessments

  • Demonstrable technical understanding of at least 2 of following domains:

    1. Common web technologies and frameworks

    2. Application architecture

    3. Cloud computing

    4. Networking and Network protocols

    5. DevOps methodology and pipelines 


It's great, but not required, if you have: 

  • Relevant (or be willing to pursue) professional certifications such as OSCP, SANS, CREST, CISSP etc.

  • A Bachelors and/or post graduate degree in computer science, information systems, engineering, or a related major is advantageous.

  • The ability to translate technical jargon to non-technical people

  • A methodical approach to attack and penetration testing (above running automated tools)

  • Technical security operations or software development experience 


What we offer 

  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

  • Continuous learning: personalised career development including coaching, experiences and formal learning so you’ll develop the mindset and skills you’ll need to thrive in the future.

  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. 


At EY, you’ll be rewarded and recognised based on your performance and our comprehensive benefits package can be tailored to your individual needs.   


We hold a collective commitment to foster an environment where all differences are valued and respected, practices are equitable and everyone experiences a sense of belonging. If you require any adjustments to the recruitment process in order to equitably participate, we encourage you to advise us at the time of application via or  phone +61 3 8650 7788 (option 2). 


We understand the importance of social distancing at this time so our recruitment and onboarding process may be managed virtually so we can continue to prioritise the safety and wellbeing of EY people, clients, guests and the broader public.  

Regarding this role, the minimum salary is NZD 64,000 including 10% superannuation. 


The exceptional EY experience. It’s yours to build.



EY | Building a better working world 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.  

Apply now »