Offensive Security Analyst
Ernst & Young Oman
The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr
- Ernst & Young Oman is seeking an Offensive Security Analyst to evaluate and reduce digital exposure through penetration testing. The role requires identifying vulnerabilities across various environments and collaborating with stakeholders to prioritize remediation efforts...SuggestedFlexible hours
- ...triage and investigation (EDR alerts, email security, identity)Incident response support... ...support / help desk / junior SOC or security analyst work (any combination)Strong Microsoft 3... ...(KnowBe4, Hoxhunt, etc.)Curiosity about offensive security there's real room to grow...SuggestedRemote work
- HackerOne is looking for a Product Security Analyst who will work closely with security researchers to assess and remediate security vulnerabilities... ...findings. Join HackerOne and be part of a team that is at the forefront of offensive security. #J-18808-Ljbffr hackeroneSuggestedRemote job
- ...mission to unlock human performance and extend healthspan. The security organization supports this mission by protecting the systems, data... ...enable trusted member experiences. WHOOP is seeking a Security Analyst to support day-to-day security operations and maintain...SuggestedWork at officeRelocation
- ...Role: Security Analyst Duration: 6-12+ Months Contract Need Green Card or US Citizen Candidates Only Required Qualifications Bachelor's degree in Business with IT audit or compliance experience, or Computer Science with business and IT audit/compliance experience desired...SuggestedContract work
$124.2k - $186.2k
...About the team: The Information Security organization advances the overall state of security at Rubrik through purposeful initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams...Local areaRemote work- ** Due to client requirements, applicants must be able to work on a w2 basis Zscaler Analyst/Administrator Job Overview We are seeking a Secure Access Administrator to support and maintain a modern remote access environment built on Zscaler. This position is ideal for...Remote work
- ...human work, shift people up, and finally focus on achieving the security outcomes that teams have been searching for. We are seeking... ...world’s first Agentic Security Platform. As a Tier 3 Security Analyst at 7AI, you will serve as the technical leader and point of escalation...Shift work
$40 per hour
A leading AI cybersecurity firm is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical cybersecurity problems. This remote role allows flexible scheduling and offers projects paid hourly starting at $40+ USD. Candidates...Hourly payRemote workFlexible hours- ...Industry, Public Administration, Healthcare, Financial Services, Security and Defense and Telecom and Media sectors. With sales... ...corporate security policies with guidance from senior IT security analysts. Work with business units, technical units, and vendors on data...WorldwideFlexible hours
$91.47k - $143.73k
## Sr Security AnalystApplylocations: Bostontime type: Full timeposted on: Posted Yesterdayjob requisition id: R26\_00079**Position Summary**Reporting to the CISO, the Senior Security Analyst, Compliance & Risk serves as a key member of the Security team and acts as the...Full time$55 - $60 per hour
...Direct message the job poster from Akkodis Sr. Recruiter - GRC (Global Recruitment Center) at Akkodis Akkodis is seeking an IT Security Analyst for a Contract position with a client located in Quincy, MA. Rate Range: $55-$60/hr on W2 without benefits, The rate may be...Contract workTemporary workWork experience placementLocal areaRemote workEarly shift- Boston University is seeking a Security Analyst II to respond to cyber security events. This role involves analyzing data from multiple security sources, monitoring threats, and collaborating with cross-functional teams to enhance security. Candidates should have at least...
$135k - $182.1k
...governance and operations. This role involves ensuring that privileged access controls are enforced across platforms, partnering with security leads, and influencing technology owners for enhanced solutions. The ideal candidate will have strong expertise in Active...- ...investigations by AI Agents. The role involves mentoring junior analysts, investigating malicious activity, and collaborating with... ...various teams. Required qualifications include over 5 years in cyber security operations, hands-on experience with security monitoring tools,...
- A leading multinational consulting firm seeks IT professionals to participate in innovative projects focused on security architecture. Candidates must have thorough knowledge of Windows and UNIX platforms along with an understanding of Internet technologies. This role...Worldwide
$28.85 per hour
Title: Security Operations Center Supervisor Schedule: Thursday-Saturday (10:30pm-6:30am) Location: Hingham, MA (Free Parking) Pay: $28... ...property, and assets. The supervisor is responsible for managing SOC Analysts, ensuring compliance with post orders, coordinating incident...Work at officeLocal areaShift workNight shift- ...Technology (IS&T) is seeking applicants with diverse skills and experiences to join our innovative and inclusive community as a Security Analyst II. In this role you will respond to cyber security events at the university, analyze data from a variety of sources—including...For contractors
$40 per hour
A cybersecurity tech company is seeking experienced cybersecurity professionals to evaluate AI-generated content and solve technical problems. Ideal candidates will have over 2 years of hands-on experience in the cybersecurity field, with strong writing and analytical skills...Hourly payRemote work$71.5k - $104k
POSITION SUMMARY The Applications Security Analyst professional will participate in the day-to-day execution and continuous improvement of Epic application access provisioning and deprovisioning in a high-volume hospital environment. This role will also be an application...Full timeFixed term contractFlexible hours$40 per hour
A cybersecurity firm is looking for experienced professionals to evaluate AI-generated security content. The role involves solving technical cybersecurity problems, providing feedback to improve AI systems, and writing clear technical explanations. Candidates should have...Remote jobHourly payFlexible hours- Boston University is seeking a Security Analyst II for its Information Services & Technology team. This role involves monitoring, analyzing, and processing security events to protect university assets. You will work with cross-functional teams to mitigate risks and maintain...
$40 per hour
A cybersecurity company seeks experienced professionals to evaluate AI-generated security content and solve technical problems. The role is remote and offers flexible scheduling with projects paid hourly starting at $40+. Candidates should have 2+ years of cybersecurity...Remote jobHourly payFlexible hours- A cybersecurity firm is seeking experienced professionals to provide evaluations of AI-generated security content and to resolve technical issues related to cybersecurity. The role offers flexibility as it can be performed remotely, allowing you to choose your projects...Remote job
$71.7k - $86k
SECURITY ANALYST II, IS&T Information Security Location: BOSTON, MA, United States Position Type: Full-Time/Regular Grade: 49 - Salary Range: $71,700.00 - $86,000.00 Full Description: The University seeks a Security Analyst II responsible for responding to cyber security...Full timeFor contractorsWork at office- SECURITY ANALYST II, IS&T Information Security Job Location: BOSTON, MA, United States Posting: 4/14/2026 | Position Type: Full-Time/Regular | Salary Grade: 49 Boston University Information Services & Technology (IS&T) is seeking applicants with diverse skills and experiences...Full timeFor contractors
- Overture Partners is in search of a Zscaler Analyst/Administrator located in Boston, MA. This role focuses on supporting and maintaining a secure remote access environment built around Zscaler, suitable for candidates with hands-on experience. The successful candidate will...Remote work
$70k - $110k
WHOOP is seeking a Security Analyst in Boston, MA to support security operations and maintain visibility across security environments. The role involves investigating security alerts, managing incident response activities, and collaboration with security teams. The ideal...- Boston University is seeking a Security Analyst II to join its Cyber Security Operations Center. The role involves monitoring and responding to security events, analyzing data from various security tools, and collaborating with teams to mitigate risks. Candidates should...
- Boston Medical Center in Boston, MA is seeking an Applications Security Analyst II to manage Epic access provisioning and deprovisioning in a high-volume hospital environment. You will partner with IAM/IGA automation efforts, define Epic roles and approvals, and support...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!
- security analyst remote Boston, MA
- information security compliance analyst Boston, MA
- cloud security analyst Boston, MA
- rate analyst Boston, MA
- senior information security analyst Boston, MA
- entry level information security analyst Boston, MA
- security analyst intern Boston, MA
- security analyst Boston, MA
- security operations analyst Boston, MA
- entry level security analyst Boston, MA

