Consulting - Technology Consulting, Cyber Security, Penetration Testing Manager / Senior - Hong Kong

Diversity is a core value at EY. We are passionate about building and sustaining an inclusive and equitable working environment for all of our people. We believe every member in our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions.

The opportunity

Do you like to create and innovate?

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing

regulatory landscape are some of the challenges that customers face. EY teams are seeking people to join the fast growing EY businesses in helping our clients implement provable

security at scale to combat these challenges. In particular, EY teams need people with proven experience and passion in penetration testing to help clients secure their application and infrastructure. If this is you, you will also have the opportunity to innovate on new

ideas, techand nologies and explore new challenges.

Your key responsibilities

• Lead a team to perform vulnerability scanning and penetration testing of web applications, mobile

applications (Android and iOS), web services, API, network, thick client etc.

• Prepare and review testing reports and findings tracker sheets based on the provided template

• Lead a team to perform intelligence-led cyber attack simulation and run red teaming operations

• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and govern the mitigation of the identified vulnerabilities

• Research the latest security best practices and stay abreast of new threats and vulnerabilities

• Coach / mentor junior team members on VSPT and read teaming related knowledge and skills

• Participate in a fast-paced delivery in challenging projects of other cyber security domains

• Involve in customer relationship management, project management and team management

• Candidates with less experience will be considered as Senior Associate

Requirements:

To qualify for the role you must have:

• College degree or equivalent with minimum 5 years' related experience in penetration testing

• Mandatory Certification - any one of OSCP, CREST, GPXN, GPEN or equivalent

• Proven skills and knowledge in penetration testing and red teaming experiences and strong track records of projects delivered

• Good experience in using VSPT and red teaming tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.) and Risk Rating Standards like DREAD, CVSS etc.

• Proficiency in written and oral English communication skills. Cantonese is an advantage

• Experience in static and dynamic secure code review will be an advantage

• Experience in application security architecture and assessment will be an advantage

• Experience in threat intelligence and threat modeling will be an advantage

What working at EY offers

• Exposures to working with industry leading organizations

• Opportunities to develop new skills by working together with leading professionals in penetration testing and red teaming fields

• Opportunity to fast track your career and achieve your initiatives

• The freedom and flexibility to handle your role in a way that’s right for you

• Support, coaching and feedback from some of the most engaging colleagues around

About EY

As a global leader in assurance, tax, strategy and transactions and consulting services, we’re using the finance products, knowledge and systems we’ve developed to build a better

working world. That starts with a culture that believes in giving you the training,

opportunities and creative freedom to make things better. Whenever you join, however

long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to

hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

If you can demonstrate that you meet the criteria above, please contact us as soon as

possible.

Join us in building a better working world.