Offensive Security Analyst
Ernst & Young Oman
The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr Ernst & Young Oman
$76.4k - $138.6k
...central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost... ...to market and business value. The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key...SuggestedSummer holidayLocal areaFlexible hours- Ernst & Young Oman in Raleigh, North Carolina is seeking an Offensive Security Analyst to evaluate and mitigate digital exposure through penetration testing and adversarial simulation. The ideal candidate will have at least 4 years of experience in security roles, with...Suggested
- .... The Workday Security Administrator is a Senior Workday HRIS Analyst and is responsible for the administration, maintenance, and optimization of the security configuration in Workday, the Human Resources Information System (HRIS). The Workday Security Administrator develops...SuggestedWork at office
- ...Summary Our client, a large enterprise organization with a recently implemented Workday environment, is seeking a Senior Workday Security Administrator to serve as the final addition to its HRIS team. This role owns the administration, optimization, and governance of...SuggestedFull timeH1bRelocation package
$40 per hour
A cybersecurity training company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity problems. You will work remotely, assessing accuracy, and contributing to the development of AI security tools. Candidates...SuggestedHourly payRemote workFlexible hours- ...SAP Security Analyst/Admin job at The Maven Group, LLC. Raleigh, NC. SAP Security Analyst/Admin Direct Hire REMOTE but must reside within 3 hours of Raleigh US Citizens, Green Card, Perm Resident (no sponsorship) This primarily remote role involves SAP Security Administration...Permanent employmentRemote work
$40 per hour
...cybersecurity firm is seeking experienced cybersecurity professionals for a remote position. The role involves evaluating AI-generated security content, solving technical problems, and providing valuable feedback to improve AI systems. Candidates should have 2+ years of...Remote jobHourly payFlexible hours$40 per hour
A cybersecurity firm is seeking experienced professionals to evaluate AI-generated content and solve technical cybersecurity challenges. The role is remote, flexible, and offers the freedom to choose projects. You must have hands-on cybersecurity experience, some coding...Hourly payRemote workFlexible hours$50 - $60 per hour
A leading AI development company is looking for a Securities Analyst to join their team remotely. This role involves reviewing AI Assistant outputs related to finance, providing feedback, and ensuring quality in AI reasoning and performance. Candidates should have fluency...Remote jobHourly pay- Tom Trese is seeking a Senior Workday Security Administrator responsible for managing the security configuration within Workday HRIS. This role involves developing security roles, troubleshooting access issues, and ensuring data integrity. The ideal candidate will have...
- IT Security Analyst needs 3+ years experience IT Security Analyst requires: IT security Cyber security Finance industry IT Security Analyst duties: Supports Information Security and Cyber Threat management programs within the Bank at an advanced level of ability. Analyzes...
$50 - $55 per hour
...Job Title: Security Compliance Analyst Job Description The Security Compliance Analyst leads the full certification lifecycle for key security frameworks, acting as the primary bridge between technical engineering teams and external auditors. This role focuses...Contract workTemporary workRemote workFlexible hours$40 per hour
A cybersecurity company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity problems. This role can be performed remotely and offers flexible hours, with hourly pay starting at $40+. The ideal candidates will...Remote jobHourly payFlexible hours- ...About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities...
- A financial services company in Raleigh seeks an experienced IT Security Analyst. This role includes supporting information security programs, analyzing threats, and enhancing security measures. Ideal candidates will have over 3 years of experience in IT security, preferably...
$78.9k - $123.3k
...system authorization and continuous monitoring activities within a Federal environment. This role is responsible for managing the security authorization lifecycle for one or more information systems, ensuring compliance with Federal cybersecurity requirements, and maintaining...Permanent employmentFull timePart timeWork at officeLocal areaRemote work$50 - $60 per hour
DataAnnotation is committed to creating high-quality AI. We are looking for a Securities Analyst to join our team to help train the next generation of AI while enjoying the flexibility of remote work and the freedom to set your own schedule. This role is designed to fit...Hourly payFull timeContract workPart timeWork experience placementRemote workFlexible hours- Teradata Corporation (SE) is seeking a Compliance Analyst to support security compliance programs across global cloud offerings. The role includes maintaining certifications like FedRAMP Moderate and assisting with compliance activities related to CMMC and ISO standards...Flexible hours
$70k - $90k
...play a critical role in our Public Key Infrastructure (PKI) for our global key management initiatives. You will execute critical security operations activities - incident response, vulnerability management, analysis, event management, and recovery. This hands‑on position...Temporary workWork experience placementWork at officeLocal area3 days per week- ...to manage key operations globally. You will support various initiatives related to digital certificates, ensuring compliance with security policies. The role requires excellent collaboration skills to engage with cross-functional teams effectively. The ideal candidate...Work at office
- Job Description Computer World Services Corp (CWS) is seeking an experienced Security Analyst/Data Security Specialist to support the planning, coordination, and implementation of the organization's information security programs. This role involves maintaining and enhancing...Local area
- ...application due to a disability, contact this employer to ask for an accommodation or an alternative application process. IT Security Operations Analyst Full-time Regular Cary, NC, US 1 Attachments Position Overview This role serves as the internal bridge between the...Full time
- MaintainX is seeking an Information Security professional to enhance its security posture by managing vulnerabilities and conducting assessments. This role requires expertise in AWS and various security frameworks to support compliance programs. The ideal candidate has...
- ...Information Security Specialist Hybrid - 3 days a week onsite. Responsibilities: Identify and evaluate potential areas of Information Security threat by assessing the probability and impact, and implementing associated mitigations. Monitor and contribute...3 days per week
- A leading consulting firm located in Cary, North Carolina seeks an IT Business Analyst with over a year of experience. Key responsibilities include running monthly security reports, establishing reporting schedules, and contributing to security vendor relationships. The...Work at office
- Computer World Services Corp (CWS) is seeking an experienced Security Analyst/Data Security Specialist to support planning, coordination, and implementation of information security programs. You will maintain and enhance security infrastructure including firewalls, IDS...
- Computer World Services Corp. (CWS) is looking for an experienced Security Analyst/Data Security Specialist in Morrisville, NC. The role involves maintaining security infrastructure and responding to potential threats. Key tasks include managing firewall systems, threat...
- ...100% remote. Our direct client has a new opening for a Lead Security Analyst 141809 This job is 14 months to start, and the client is located in Augusta, ME Please send your rate and resume. Top 3 Skills...Local areaRemote work
- ...assistance in the state government complex. Investigates criminal offenses involving state property, state employees, or visitors to state... ...buildings during non-working hours and at night to ensure security of property and equipment. Completes investigative reports pertaining...Work experience placementNight shift
$61.42k - $71.2k
...within 3 years from the date of your application? Yes No 09 Have you ever committed or been convicted of the offense of death by motor vehicle? Yes No 10 Have you acquired 5 or more points on your driver's license within 1...Full timeTemporary workInternshipSeasonal workWork at officeImmediate startMonday to Friday
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!
- security analyst remote Raleigh, NC
- information security compliance analyst Raleigh, NC
- cloud security analyst Raleigh, NC
- rate analyst Raleigh, NC
- senior information security analyst Raleigh, NC
- entry level information security analyst Raleigh, NC
- security analyst intern Raleigh, NC
- security analyst Raleigh, NC
- security operations analyst Raleigh, NC
- entry level security analyst Raleigh, NC

