Red Team Operator
Job description
EY's people in more than 150 countries are committed to operating with integrity, quality and professionalism in the provision of audit, tax, transaction and advisory services. We strive to help all our people achieve their professional and personal goals through an inclusive environment that values everyone's contributions, appreciates diversity of thought, fosters growth, and provides continuous opportunities for development. Recognized as one of Canada's top employers, EY continually strives to be a great place to work.
The opportunity
With rapidly changing cybersecurity threats, clients from all industries look to us for trusted solutions for their increasingly complex risks. EY’s Cyber Security Professional Services team is a highly skilled technical team dedicated to replicating the tools and techniques used by new and emerging threats and utilizing them to provide quality insights to client engagements. The team places a strong emphasis on continuous learning and personal growth for each member in an ever-evolving industry.
We are actively seeking a Red Team Operator to join our Cyber Security Professional Services team. You’ll work on a highly skilled technical team dedicated to performing offensive security operations, ranging from infrastructure penetration testing, web application security assessments, and full-scope red team assessments with a focus on covertly obtaining and maintaining access to enterprise networks. As a member, you'll develop, deliver, and lead cybersecurity client engagements as well as internal development projects.
Your key responsibilities
As a Senior Red Team Operator your primary focus is to emulate a threat actor attempting to penetrate an enterprise network and complete defined objectives, such as obtaining domain admin privileges, gaining access to sensitive information, or simulating a ransomware attack. You will be responsible for remaining up to date on current threat actor groups and their techniques/tools in order to replicate during client engagements.
Client Responsibilities
- Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to assimilate new knowledge.
- Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and industry trends to identify vulnerabilities and communicate this information to the engagement team and client management through written correspondence and verbal presentations.
People Responsibilities
- Contribute to people-related initiatives, including development, coaching, recruiting, training, and retaining staff.
- Maintain an educational program to continually develop the personal skills of yourself and other operators.
- Understand and follow workplace policies and procedures.
Skills and attributes for success
Desired qualifications include:
- Undergraduate or masters’ degree preferably in one of the following areas: Information Systems, Computer Science, Engineering, or other related majors
- 3+ years of recent offensive security experience (internal and external penetration testing, Red Teaming, social engineering, etc.)
- Possession of certifications such as OSCP, OSCE, GPEN, RTO, ePTX, etc.
- Experience in working independently or as part of a large team to deliver offensive Cyber services as standalone deliverables or within large, complex projects.
- Expertise in developing malware and custom tooling that remains undetected by enterprise endpoint protections
- Experience with performing manual and automated OSINT collection and organizing findings
- Strong knowledge of modern offensive security tools and frameworks, such as Bloodhound, nmap, Impacket, etc.
- Familiarity with all stages in the Cyber Kill Chain and the MITRE ATT&CK Framework
- Excellent interpersonal, written, verbal, communication, and presentation skills
- Practical experience with conducting penetration tests and red team assessments
- Excellent analytical skills and knowledge of data analytics methods
- Demonstrated leadership abilities
- Security Clearance is preferred
What we look for
We’re interested in intellectually curious people with a genuine passion for cybersecurity. If you have the confidence in your technical abilities to grow into a leading expert here, this is the role for you.
What working at EY offers
At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.
We offer a competitive compensation package where you’ll be rewarded based on your performance and recognized for the value you bring to our business. In addition, our Total Rewards package allows you decide which benefits are right for you and which ones help you create a solid foundation for your future. Our Total Rewards package includes a comprehensive medical, prescription drug and dental coverage, a defined contribution pension plan, a great vacation policy plus firm paid days that allow you to enjoy longer long weekends throughout the year, statutory holidays and paid personal days (based on province of residence), and a range of exciting programs and benefits designed to support your physical, financial and social well-being. Plus, we offer:
- Support and coaching from some of the most engaging colleagues in the industry
- Learning opportunities to develop new skills and progress your career
- The freedom and flexibility to handle your role in a way that’s right for you
Diversity and Inclusion at EY
Diversity and inclusiveness are at the heart of who we are and how we work. We’re committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. From our actions to combat systemic racism and our advocacy for the LGBT+ community to our innovative Neurodiversity Centre of Excellence and Accessibility initiatives, we welcome and embrace the diverse experiences, abilities, backgrounds and perspectives that make our people unique and help guide us. Because when people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.