Offensive Security Analyst
Ernst & Young Oman
The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr
- Ernst & Young Oman seeks an Offensive Security Analyst in Phoenix, Arizona, to evaluate and reduce digital exposure through penetration testing. You will lead efforts in identifying vulnerabilities across various technology levels while actively emulating threat actors...Suggested
$85k
Summary The Senior Security Operations Center Analyst will be responsible for planning and implementing security measures to protect computer systems... ...more experience in information security administration, offensive tactics, monitoring, and IR. required Three (3) years...SuggestedWork at office- EMCOR Group, Inc. is hiring a Security Analyst for Identity and Access Management (IAM) in Las Vegas, NV. This role supports EMCOR’s Security Program by managing identity systems, implementing solutions like single sign-on (SSO) and privileged access management (PAM)....Suggested
- Redman Equipment & Manufacturing Company is looking for a Security Analyst to enhance their Security Program. The position supports identity systems and involves using Microsoft Sentinel and Microsoft Defender for threat detection and incident response. Candidates should...Suggested
- ...Position Summary The Security Operations Analyst will be responsible for monitoring, analyzing, and responding to security events and incidents that flow through the Republic Services Operations Center (RSOC). The incumbent plays a critical part in protecting the organization...SuggestedContract workTemporary workRemote workShift workNight shift
- ...SOC Analyst Seeking a skilled and motivated SOC Analyst to support a major financial services client in a hybrid capacity based in Phoenix... ...will bring at least 3 years of hands‑on experience in security operations and a strong understanding of enterprise cybersecurity...Contract work3 days per week
$30 - $60 per hour
...Security Operations Analyst $30-60/hr Remote Freelance CODING About the Role We're partnering with leading AI research labs to build the next generation of intelligent security systems. As a Security Operations Analyst, your real-world SOC expertise will directly...Ongoing contractFreelanceRemote workFlexible hours$65.8k
...About the Position Responds to Information Security incidents working in a 24x7 operations department. Recommends risk mitigation, implements... ..., incident response and training junior security operations analysts. Serves as the primary interface to the Information Technology...Immediate startFlexible hoursShift work- ...you will assist the Program Manager and Cybersecurity Engineers with Risk Management Framework (RMF) related activities including Security Control Assessments (SCA) and assisting system owners in the transition to RMF compliance. In assuming this position, you will be...For contractorsWork at office
$40 per hour
A leading AI cybersecurity company is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical problems. You will work remotely, with flexible hours, and start with pay at $40+ per hour. Candidates should have at least...Remote jobHourly payFlexible hours$80k - $110k
...feasibility. Partner with and support various technology and business teams to drive and execute results in a timely manner Provide security expertise to the Cloud Program, including Software as a Service (SaaS), and Cloud Application Compensation Base Salary Range: $80...$40 per hour
A leading cybersecurity firm is seeking experienced professionals to evaluate AI-generated content and solve cybersecurity problems. This remote role requires over 2 years of hands-on experience in fields like penetration testing and incident response. Candidates should...Remote jobHourly payFlexible hours- Alignerr is seeking an AI / Emerging Tech Security Analyst to probe, evaluate, and stress-test cutting-edge AI models. You will identify vulnerabilities, misuse vectors, and adversarial scenarios that could impact real-world AI deployments. This fully remote, hourly contract...Remote jobHourly payContract workFlexible hours
- A cybersecurity solutions provider is looking for experienced professionals to evaluate AI-generated security content. You will solve technical cybersecurity problems while working with advanced AI models to improve their performance. This role is available remotely, offering...Remote jobHourly payFlexible hours
- GTN Technical Staffing is seeking a Security Analyst to support their client's Security Program, focusing on identity management systems. You will enhance security frameworks, manage identity systems, and monitor for threats. The ideal candidate has a minimum of five years...Remote job
$50 - $60 per hour
A technology company in the United States is seeking a Securities Analyst to enhance AI understanding of finance. This flexible remote role involves reviewing and improving AI outputs related to macro trends and capital markets. Candidates are preferred to have advanced...Remote jobHourly payFlexible hours$102k - $112k
...as electrical, mechanical, lighting, air conditioning, heating, security, fire protection, and power generation systems—in virtually... ...and government. Job Summary EMCOR Group, Inc. seeks a Security Analyst for Identity and Access Management (IAM) who will support EMCOR...Flexible hours- Security Analyst -Identity and Access Management (IAM) Location: REMOTE Position Type: Contract to Hire Hourly / Salary: Based on Experience Residency Status: US Citizen or Green Card Holder ONLY Our client is looking for a Security Analyst - IAM to join their team...Hourly payContract workRemote work
- EMCOR Group in Phoenix, AZ is seeking a Security Analyst specializing in Identity and Access Management (IAM). This role supports the Security Program by managing identity systems, focusing on Microsoft Sentinel, and utilizing Kusto Query Language (KQL) to enhance security...
- Republic Services is seeking a Security Operations Analyst who will monitor security events across the RSOC, analyze incidents, and coordinate responses to protect assets across locations in the enterprise. The role requires experience with CCTV, access controls, and incident...Shift workNight shift
$40 per hour
A leading cybersecurity firm is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical problems. Candidates should have a minimum of 2 years of hands-on experience in cybersecurity, coding skills, and strong analytical...Remote jobHourly payFull timePart time$145.6k - $209.3k
Role Overview As a Senior Staff SOC Analyst, you will be part of UKG’s Global Security Operations team. This team is responsible for detecting, investigating, responding to, and leading containment of sophisticated cyber threats and major security incidents. Your role...$40 per hour
A leading AI training company is seeking experienced cybersecurity professionals to evaluate AI-generated security content and provide technical solutions. In this remote role, you can work on your schedule, choosing from various projects with hourly pay starting at $4...Remote jobHourly pay$80k - $110k
Tata Consultancy Services Limited is looking for a professional in Phoenix, Arizona with a strong background in cloud security to drive risk assessments on Third-Party SaaS providers. The candidate will ensure compliance with financial industry standards and regulations...- Gilbane Building is seeking an Information Security Analyst to plan and implement security measures for our networks and systems. The role supports growth across offices and remote work possibilities, with opportunities to work on diverse projects and cutting-edge security...Remote jobWork at office
- Roles & Responsibilities Conduct comprehensive risk assessments of third-party SaaS providers, including evaluating security documentation, reviewing evidence, interviewing technical stakeholders, and assessing both control design and operating effectiveness Analyze user...
$78.9k - $123.3k
...system authorization and continuous monitoring activities within a Federal environment. This role is responsible for managing the security authorization lifecycle for one or more information systems, ensuring compliance with Federal cybersecurity requirements, and maintaining...Permanent employmentFull timePart timeWork at officeLocal areaRemote work- Empower AI is hiring an Information Security Analyst I to assist with Risk Management Framework efforts, located in Fort Huachuca, Arizona. The successful candidate will work closely with Project Managers and Cybersecurity Engineers, ensuring compliance and managing cybersecurity...
- ...with these platforms. The ideal candidate will have strong knowledge in data protection solutions and a deep understanding of SaaS security risks. The responsibilities include developing operational documentation and collaborating with cross-functional teams to enhance...
$50 - $60 per hour
DataAnnotation is committed to creating high-quality AI. We are looking for a Securities Analyst to join our team to help train the next generation of AI while enjoying the flexibility of remote work and the freedom to set your own schedule. This role is designed to fit...Hourly payFull timeContract workPart timeWork experience placementRemote workFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!
- security operations analyst Phoenix, AZ
- application security analyst Phoenix, AZ
- entry level information security analyst Phoenix, AZ
- cloud security analyst Phoenix, AZ
- network security analyst Phoenix, AZ
- entry level security analyst Phoenix, AZ
- information security compliance analyst Phoenix, AZ
- security analyst Phoenix, AZ
- senior security analyst Phoenix, AZ
- IT security analyst Phoenix, AZ

