Senior Penetration Tester / Red Team Consultant – EY GDS Spain - Hybrid
Desplácese hacia abajo para encontrar los detalles completos de la oferta de trabajo, incluyendo la experiencia requerida y las funciones y tareas asociadas.
As a Senior Penetration Tester / Red Team Consultant, you are part of the EY Cyber Security team delivering offensive security services that help clients validate and improve their security posture. You execute structured penetration tests and, where applicable, threat‑led adversary simulations across applications, infrastructure, and cloud/hybrid environments, translating technical findings into clear, actionable risk reduction.
As a member of our team in the EY GDS Spain office in Malaga, you’ll have a chance to extend your knowledge and experience by working on interesting projects with the newest technologies and approaches. You’ll support clients in choosing the most suitable business solution and take part in digital transformation.
Your Key Responsibilities
Plan and execute penetration tests (internal/external), including web applications/APIs, network/infrastructure, and cloud environments.
Define scope, rules of engagement, and test strategy with stakeholders; ensure safe execution and minimal operational impact.
Perform security testing using a balanced approach of manual techniques and validated tooling; document evidence and reproduce findings reliably.
Deliver high‑quality reporting (executive summary, technical details, risk rating, remediation guidance); support retesting and closure.
Conduct (or support) red team / purple team exercises where applicable, aligning scenarios to business risks and adversary techniques.
Collaborate with defensive teams (SOC/Blue Team/IR) while ensuring appropriate separation and independence of offensive and defensive activities.
Contribute to continuous improvement: refine methodologies, reusable playbooks/checklists, and knowledge sharing.
Skills And Attributes For Success
Strong understanding of common attack paths and security weaknesses across web, infrastructure, identity, and cloud.
Structured and disciplined working style: documentation, evidence handling, clear communication, and quality focus.
Ability to translate technical findings into business‑relevant risk language and actionable remediation steps.
Client‑facing mindset with strong stakeholder management and a proactive, ownership‑driven attitude.
Qualifications
3-4 years of hands‑on experience in penetration testing and/or red teaming with proven delivery of professional reports.
Solid knowledge of testing methodologies (e.g., OWASP for web/API testing; structured engagement planning and execution).
Hands‑on experience with common offensive security tooling (e.g., Burp Suite, Nmap, scripting for automation/validation).
Strong understanding of Windows/Linux and networking fundamentals; comfortable with troubleshooting and evidence capture.
English at least B2 - C1 (written and spoken) is required.
Preferred Qualifications
Relevant certifications (e.g., OSCP/OSWE/GPEN/PNPT or comparable) are a plus.
Experience with specialized testing domains such as cloud pentesting, mobile, thick client, wireless, or social engineering (depending on engagement model).
Experience with threat‑led red teaming and purple teaming approaches (where applicable).
German B2 (if applicable).
What We Look For
We look for ethical attackers who combine technical depth with maturity and discipline—clear scoping, clean execution, and crisp communication. You care about impact: delivering findings that teams can fix and running engagements that measurably improve resilience.
What We Offer
Empowering Career Development: Unlock your potential with tailored training and development programs designed to elevate your skills and propel your career forward. We invest in your growth because your success is our success.
Flexible Work‑Life Integration: Enjoy the freedom of our hybrid work model, allowing you to blend professional responsibilities with personal passions. We understand that life is more than just work, and we support you in achieving that balance.
Comprehensive Well‑Being Programs: Prioritize your health with our extensive wellness initiatives, including psychological support sessions and health resources. At EY GDS Spain, your well‑being is at the heart of what we do.
Meaningful Volunteering Opportunities: Make a difference in your community through our engaging volunteering programs. Join us in giving back and creating a positive impact while building connections with like‑minded colleagues.
Recognized Performance and Rewards: Celebrate your achievements with our recognition programs that honor both individual and team successes. xpzdshu We believe in acknowledging hard work and dedication, ensuring you feel valued every step of the way.
Equal Opportunity Statement
EY GDS is an equal opportunity employer; all qualified applicants will receive consideration for employment regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic, as required by law.
#J-18808-Ljbffr
Hay opciones de teletrabajo/trabajo desde casa disponibles para este puesto.