Offensive Security Analyst
Ernst & Young Oman
The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr
- Ernst & Young Oman is seeking an Offensive Security Analyst for its Attack Surface Management team in Annapolis, Maryland. You will evaluate and mitigate EY's digital exposure through hands-on penetration testing and adversarial simulation, identifying and addressing vulnerabilities...Suggested
$148.7k - $183.6k
...Citizenship is required for this role. Key Responsibilities: Lead secure application development practices across the software... ...Penetration Tester (GWAPT); GIAC Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); Certified Ethical Hacker...SuggestedFull timeContract workTemporary workWork experience placement- ...analytical skills. Responsibilities Receive and process contractor, licensee, and employee clearance or access requests. Pre-screen all security forms to ensure accuracy. Conducting on-line credit checks, Federal Bureau of Investigation Fingerprint (FBIF) checks, Personnel...SuggestedFor contractorsWork at office
$100k - $120k
...Overview Public Trust Clearance requirement. BRMi is seeking a Security Analyst to support cybersecurity operations, risk management, compliance, and information assurance activities in support of NIH enterprise IT environments. The Security Analyst will work closely...SuggestedTemporary workLocal areaRemote workVisa sponsorshipWork visa- ...We are seeking a highly skilled and experienced Security Analyst to join our team. The Security Analyst will be responsible for ensuring the security and protection of our sensitive data and systems, as well as identifying and mitigating potential risks and threats. The...Suggested
- ...About the job Security Analyst We are seeking a highly motivated and experienced Security Analyst to join our team. The Security Analyst will be responsible for ensuring the security and integrity of our systems and data, as well as identifying and mitigating...
$100k
Description Are you searching for important work at the intersection of National Security Analysis and advanced Modeling & Simulation (M&S)? Are you passionate about using simulation tools to analyze complex operational problems and inform real-world decisions? If so...Interim role- ...days ago Be among the first 25 applicants Get AI-powered advice on this job and more exclusive features. FirstDiv is seeking a Security Analyst III to support security operations and classified information management for JPM CBRN Sensors. The analyst will enforce...Full timeFor contractorsWork at officeLocal area
- A security services company located in Rockville, Maryland, is seeking candidates for a responsible administrative role that requires strong communication and organizational skills. Candidates must have a high school diploma, be detail-oriented, and able to deal confidentially...
- Location Aberdeen, MD As a Personnel Security Analyst, you will provide personnel security support and resolution of issues of low and medium complexity in a collaborative team office environment. In this role, you will assist the Government in operating a responsive...Work at office
- A leading defense consultancy in Maryland seeks a Cooperative Foreign Military Sales Analyst/Management Analyst, Journeyman to support program management for Foreign Military Sales (FMS). This full-time role involves providing analytical support and coordinating activities...Full time
$81.58k - $179.48k
IntelliGenesis LLC® is seeking qualified candidates for a position requiring at least 8 years of experience in network engineering or systems engineering. Candidates must be US Citizens with TS/SCI clearance and possess a relevant degree. The compensation range for this...- The Johns Hopkins Applied Physics Laboratory is seeking a Modeling & Simulation Analyst in Laurel, MD. The candidate will utilize AFSIM tools to evaluate operations in national security. Key qualifications include a Bachelor's degree in a technical field and at least three...
- Cisive in Annapolis, Maryland is seeking a Security Operations & Tooling professional to ensure security integrity and compliance. You will monitor alerts across the SIEM platform, manage the vulnerability lifecycle, and conduct risk assessments. The ideal candidate has...
$40 per hour
...cybersecurity firm seeks experienced cybersecurity professionals for a remote position. The role involves evaluating AI-generated security content, solving technical cybersecurity problems, and improving AI models. Candidates should have 2+ years of experience in various...Hourly payRemote workFlexible hours$90k - $100k
...Job Title IT Security Analyst Location Baltimore, MD FLSA Status Exempt Department Information Technology (IT) Reports to Director, Information Technology Operations Compensation $90,000 – $100,000 + bonus Position Summary The Baltimore Orioles organization is a storied...Remote workFlexible hours$40 per hour
A leading AI security solutions provider is seeking experienced cybersecurity professionals to evaluate AI-generated security content. This remote role requires a minimum of 2 years of hands-on cybersecurity experience, including penetration testing and incident response...Hourly payRemote workFlexible hours- ...Junior Security Analyst The Junior Security Analyst will oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that IT systems meet the organization's security requirements: • Respond to crisis or urgent situations...Immediate start
$85k - $101k
...Sigma Defense is currently seeking an Information Security Analyst to work in support of the Army for the Network Modernization & Mission Network Technical Service Support program (NetMod). NetMod sets forth the work efforts required to provide product technical support...Work at officeRemote work$100k - $125k
...Zachary Piper Solutions is hiring an Information Security Analyst (Tier 2) for a leading cybersecurity operations team supporting secure government environments company located in Fulton, MD. The Information Security Analyst will support security operations by monitoring...2 days per week- ...Network Security Analyst We are looking for a detail-oriented and proactive Network Security Analyst to join our cybersecurity team. In this role, you will monitor, analyze, and protect the organization's network infrastructure against potential threats and vulnerabilities...Temporary workFor contractorsImmediate startFlexible hours
- ...INFORMATION SECURITY ANALYST The company is seeking a Information Security Analyst to support NIWC (Naval Information Warfare Center). This position can be supported either in Charleston, SC or Ft. Meade, MD. RESPONSIBILITIES Plan, implement, upgrade,...Work experience placementInterim role
- ...Senior Information Security Analyst As a Senior Information Security Analyst, you will be a key member of our security team, responsible for safeguarding our organization's systems and data from cyber threats. Your primary focus will be assessing security risks, developing...Contract workWork experience placementWork at office2 days per week
$110k - $150k
...Job Title: Information Systems Security Analyst Company: Altus Engineering Location: Aberdeen Proving Ground, MD Salary: $110,000-150,000 Position Overview: We are seeking an Information Systems Security Analyst to work with the Joint Technical Coordinating Group for...Work at office$80 per hour
...iQuasar is seeking to fill an Information Security Analyst IV position. At iQuasar, we strive to provide the next generation of cutting-edge technologies. Our growth means exciting career opportunities for talented professionals in engineering, software development,...Hourly payContract work$54.07k - $86.51k
...must be currently authorized to work in the US, as the College does not offer Visa sponsorships. JOB SUMMARY: The Information Security Analyst plays a key supporting role in the college's cybersecurity operations. Under the guidance of the Technical Manager, Information...Full timeTemporary workWork at officeLocal areaRemote workWeekend workAfternoon shift1 day per week$94.49k - $131.16k
...engage in meaningful work and grow your career. Let's see what we can achieve. Together. Summary The Senior Information Security Analyst is responsible for identifying, investigating, and addressing both internal and external threats. This position requires a...Work at officeRemote workRelocationVisa sponsorshipRelocation package- ...Information Security Analyst - SME Zantech is looking for a talented Information Security Analyst - SME to provide specialized cybersecurity expertise supporting risk management operations, conduct security assessments, implement continuous monitoring solutions, and...Contract work
- SilverEdge Government Solutions, LLC is seeking an Architectural Engineering Analyst in Bethesda, Maryland. The role focuses on ensuring compliance with security standards for various diplomatic buildings and requires an active TS/SCI clearance. Candidates should possess...
- VMD Corp seeks a Personnel Security Analyst in Aberdeen, MD. In this role, you will support personnel security and assist with resolving inquiries in a collaborative environment. Responsibilities include processing investigation requests and providing customer support....
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!
- bond analyst Maryland
- senior security analyst Maryland
- entry level security analyst Maryland
- IT security analyst Maryland
- security operations analyst Maryland
- security analyst intern Maryland
- network security analyst Maryland
- information security analyst Maryland
- junior security analyst Maryland
- security analyst Maryland

