Offensive Security Analyst
Ernst & Young Oman
The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr Ernst & Young Oman
$76.4k - $138.6k
...central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost... ...to market and business value. The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key...SuggestedSummer holidayLocal areaFlexible hours$76.4k - $138.6k
...central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost... ...protect the EY brand and build client trust. Opportunity As an Offensive Security Analyst on the Vulnerability Management team, you will play a...SuggestedSummer holidayFlexible hours- Ernst & Young Oman is seeking an Offensive Security Analyst to evaluate and mitigate vulnerabilities across EY’s digital ecosystem. You will conduct penetration testing, identify vulnerabilities, and help prioritize remediation efforts. The ideal candidate should have...SuggestedFlexible hours
$76.4k - $138.6k
A global consulting firm is seeking an Offensive Security Analyst in Austin, Texas. The candidate will evaluate and manage vulnerabilities, ensuring security standards are upheld. This role requires at least 3 years of experience in vulnerability management and a strong...Suggested- ...CAPPS Program. Responsible for the IAM (TDIS) and ERP (CAPPS) security framework, which includes but is not limited to: Provides oversight... ...and processes. 5 Required Experience serving in a security analyst role with responsibility overseeing a Managed Services provider...SuggestedContract workWork at officeLocal area
- ...Position: Security Analyst 1 Location: Austin, TX 78701 Duration: 7+ years All work products resulting from the project shall be considered "works made for hire" and are the property of the TEA. TEA may include pre-selection requirements that potential...
- ...Security Analyst Austin, TX 12 Months The staff augmentation contractor will serve as an IT Security Analyst in support of the Upgrade Laboratory Information Management System (LIMS) project, an approved Exceptional Item. The project will modify multiple LIMs applications...For contractorsWork at office
$85k
Job Description The Senior Security Operations Center Analyst will be responsible for planning and implementing security measures to protect computer... ...more experience in information security administration, offensive tactics, monitoring, and IR. required. Three (3) years...Full timeWork at office- ...Entry-Level Security Engineer As an Entry-Level Security Engineer at Epicor, you will be part of a dynamic Security Engineering team where you will help protect enterprise systems, applications, and data-including AI-driven systems and services-while gaining hands-on...Permanent employmentRelocation
- ...NAVA Software solutions is looking for a Data Security Analyst Details: Data Security Analyst Location : Austin, TX (Hybrid, 3 days onsite) Duration: 12 months Details: Data Security analyst tasked with implementing and operating IT security...Bank staff
- ...Network Security Analyst II – System Security & Risk (GRC) Specialist A network security analyst ensures that information systems and computer networks are secure. This includes protecting the company against hackers and cyber-attacks, as well as monitoring network...Contract workFor contractorsWork at officeRemote work
- ...About the job Network Security Analyst Application Last date Deadline Date: December 7, 2023 @ 5PM CT Requirement details: Internal job ID:TWK_2002 Network Security Analyst State of Texas Austin, TX 78701 NOTE: Cybersecurity staff are currently...Local areaRemote work
- ...Network Security Analyst 1 Austin, Texas 78751 (Onsite) 7 months Contract with possibility to extension Administer and Operate a RSA Netwitness Platform, a SIEM cyber security tool. ** If applicable, please verify and note clearly in the response...Contract workTemporary work
- ...Job Title: Network Security Analyst I Employment Type: Full-Time Work Location: Hybrid (Onsite and Telework) - Austin, TX Duration: 12 Months Work Schedule: Monday - Friday, 8:00 AM - 5:00 PM (occasional evenings, weekends, or holidays may...Full timeRemote workMonday to FridayAfternoon shift
- ...business teams. The NSA II ensures Archer solutions align with organizational governance frameworks, regulatory obligations, and security control requirements. Essential Duties and Responsibilities The essential duties for this role include, but are not limited...Local areaRemote work
- ...external stakeholders, including business partners and/or external DSHS parties to identify, analyze, and resolve complex problems or security gaps. 3 Required Fulfill basic DSHS project management duties to ensure the successful completion of DSHS short-term...Temporary work
- ...Role: Network Security Analyst 2 Location: 701 W 51st Street Austin, TX 78751 - Onsite Job description: Level Description 4-7 years of experience in the field or in a related area. Familiar with standard concepts, practices, and procedures...
- ...Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: Network Security Analyst 2 Location(s): Austin, TX Position Overview: The client is seeking an experienced Network Security Analyst II...
- ...IDR is seeking a Network Security Analyst to join one of our top clients for a hybrid opportunity in Austin or San Antonio. This role is integral to cybersecurity efforts, focusing on incident response, threat analysis, and coordination across multiple agencies within...
- ...Network Security Analyst Location: Austin, TX Duration: 12 Months A network security analyst ensures that information systems and computer networks are secure. This includes protecting the company against hackers and cyber-attacks, as well as monitoring network...Shift work
- ...Business consulting services. We are in search of a highly motivated candidate to join our talented Team. Job Title: Network Security Analyst 1 Location(s): Austin, TX Summary: A public-sector transportation agency is seeking a Network Security Analyst I to...
- ...transferring information and funds to eliminate wire fraud and provide a secure, easy‑to‑use platform for title companies, law firms, and other... ...We are seeking a detail‑oriented Compliance & Security Analyst to support our Head of IT & Compliance in maintaining and...Work at office
$30 per hour
...the Oracle Government, Defense & Intelligence team supporting Federal Compliance and Federal Sales Teams. The Information Security Compliance Analyst is expected to work with the GDI Performance Management team to ensure documentation, processes and policies up to date...Hourly payTemporary workInternshipFlexible hours- ...Must Have Skills Skill 1 - Any recognized security certifications, e.g., CISSP, CISA, CISM Skill 2 - Monitor internal and external threat landscape to update strategy and intellectual protection program roadmap Skill 3 - Provide periodic reports to management team...
- ...Job Title Responsibilities may include, but are not limited to: Assist in analyzing data security incidents: Collaborate with the cybersecurity team to investigate and analyze potential security incidents using Crowdstrike and other technologies. Help identify...For contractors
$70k
Phase2 Technology is seeking an Epic Security and Access Analyst II for the Dell Medical School in Austin, Texas. This role involves optimizing and supporting Epic security access, ensuring compliance, and managing user provisioning in a healthcare setting. The ideal candidate...- Innovee Consulting LLC is seeking a CAPPS Security Analyst based in Austin, TX, with extensive experience in Texas public sector environments. This hybrid role involves ensuring security compliance related to the CAPPS Program and managing IAM frameworks. The ideal candidate...
$70k
Job Title and Department Epic Security and Access Analyst II - Dell Medical School Location and Working Hours Austin, TX; 40 weekly scheduled hours; FLSA exempt; expected to continue; immediate start. Purpose The Epic Security and Access Analyst II is responsible for...Work at officeImmediate start$70k
The University of Texas at Austin seeks an Epic Security and Access Analyst II for the Dell Medical School. This role involves managing Epic security access and ensuring compliance with HIPAA and internal policies. Key responsibilities include supporting user access workflows...- RESPEC is seeking a highly experienced CAPPS Security Analyst to support the Texas state fiscal agency's ERP and IAM program. This is a senior-level position requiring in-depth knowledge of the CAPPS ecosystem and a track record of technical support within Texas state...Remote job
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!
- bond analyst Austin, TX
- senior security analyst Austin, TX
- entry level security analyst Austin, TX
- IT security analyst Austin, TX
- security operations analyst Austin, TX
- security analyst intern Austin, TX
- network security analyst Austin, TX
- information security analyst Austin, TX
- junior security analyst Austin, TX
- security analyst Austin, TX

