Manager Cybersecurity (Offensive Sec. / Red teaming)

Due to globalisation and developments within technology, the structure of organisations is undergoing significant changes. As a technical solution architect at EY, you will support organisations with these transformations. Our teams consist of specialised consultants with diverse backgrounds involved in various projects, from developing to implementing strategies across different industries. Our core areas include Customer Experience Technology, Experience Design, Organisational Transformation, and Data Analytics.

The opportunity - What future are you building towards?

With rapidly changing cybersecurity threats, clients from all industries look to us for trusted solutions to their increasingly complex risks. As a member of our Cyber team, you will help clients gain insights into their cybersecurity programs and strategies. You will have access to our robust solutions to advise clients on managing cybersecurity risk, enhancing maturity, and improving efficiency. You will belong to an internationally connected team of specialists, helping our clients with their most complex cybersecurity needs and contributing to their business resilience.

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. As part of our Cyber Threat Management team, you will identify potential threats and vulnerabilities to operational environments. Projects here could include penetration testing, red teaming, and simulating physical breaches to identify vulnerabilities.

Our team - Do great minds always think alike?

Within the Cybersecurity department, we focus on reliable solutions for increasingly complex cybersecurity risks in operational environments. We are an international team of specialists who help our clients with their most complex cybersecurity needs. We work from the Advanced Security Center in Amsterdam in collaboration with our Advanced Security Centers around the world to access the most advanced tools to combat cybercrime.

Responsibilities – How can you make a lasting impact in a rapidly changing world?

• Work with our practice in Amsterdam and take a leading role on threat management projects.
• Lead penetration testing projects, including internet, intranet, wireless, web application, social engineering, and physical penetration testing.
• Execute red team scenarios to highlight gaps impacting organizations' security postures.
• Work independently and lead a team of technical testers on penetration testing and red team engagements.
• Provide technical leadership and advice to consultants and senior consultants on attack and penetration test engagements.
• Analyze code (security code review).
• Identify and exploit security vulnerabilities in various systems.
• Review and perform in-depth analysis of penetration testing results and oversee reporting that describes findings, exploitation procedures, risks, and recommendations.
• Lead penetration testing projects using established methodology, tools, and rules of engagement.
• Convey complex technical security concepts to technical and non-technical audiences, including executives.

Job requirements – Where do you start if you want to change the world?

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering, or a related major with a minimum of 5 to 10 years of related work experience in penetration testing.
• Experience with manual attack and penetration testing.
• Experience with scripting/programming skills (e.g., Python, PowerShell, Java, Perl, etc.).
• Updated and familiar with the latest exploits and security trends.
• Experience leading a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
• Familiarity with performing network penetration testing in a stealth manner.
• Any two of the following certifications: OSCP, GPEN, GWAPT, OSCE, OSEE, GXPN.
• A valid driver’s license in The Netherlands.
• Willingness and ability to travel within The Netherlands to meet client needs.
• Strong client services orientation and accustomed to taking a proactive role in engagements.
• Flexible, responsible, and self-confident personality, comfortable in client environments.
• Knowledge of Windows, Linux, Unix, and other major operating systems.
• Familiarity with the latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation, and security trends in Cloud implementations.
• Deep understanding of TCP/IP network protocols.
• Deep understanding and experience with various Active Directory attack techniques.
• Understanding of network security and popular attack vectors.
• Understanding of web-based application vulnerabilities (OWASP Top 10).

Already interested? Apply now!

We offer an attractive employment package that rewards individual and team achievements:

• Vitality: the choice is yours. An online session with an external vitality coach, practical tips on topics such as nutrition, energy, sleep, and mindset, and/or a voucher card to rent a padel court.
• Flexible working: you decide where and when you work in consultation with your team.
• Home office arrangement: EY provides resources to optimally set up your home office.
• Laptop and smartphone: you are entitled to a laptop and smartphone with a business subscription.
• Salary: in addition to your fixed salary, you may be eligible for a bonus and an expense allowance.
• Time off: you are entitled to 29 vacation days per year when full-time employed.
• Sabbatical: the option to take unpaid leave after consultation.
• Birth leave: EY will pay 100% of the birth leave.
• Training and education: EY offers opportunities for further development.
• Mobility: contribute to reducing EY's carbon footprint.
• Bicycle arrangement: finance the purchase cost of your new bicycle from your gross monthly salary.
• Pension scheme: you will build up pension capital directly after your start at EY.

For more information about our employment terms, visit our page here.

The office

Our office in Amsterdam is located on the Zuidas: a bustling area where many companies are based.

Recruitment procedure

The selection procedure generally consists of 2 interview rounds and/or a business case. An (online) assessment and pre-employment screening will also be part of the process.

Due to laws and regulations, every new employee will be screened. Depending on your rank, the pre-employment screening could include a Certificate of Conduct or a Criminal Background Check.