Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Offensive Security Analyst

Ernst & Young Oman

The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key role in evaluating and reducing EY’s digital exposure through hands‑on penetration testing and adversarial simulation. Working under the guidance of the Exposure Management Lead, you will identify, assess and help mitigate vulnerabilities across EY’s global attack surface. This role goes beyond traditional scanning by actively emulating threat actors, performing penetration testing and assessing the true impact of security weaknesses. Your responsibilities will include supporting the validation of third‑party risk assessments, identifying misconfigurations and exposed assets, and ensuring security standards are applied across EY’s digital ecosystem. You will also contribute to strengthening Continuous Threat Exposure Management and Attack Surface Management efforts by providing actionable insights that improve proactive defense and reduce overall business risk. Your key responsibilities The Analyst will apply offensive security techniques to assess EY’s external and internal attack surface, identifying vulnerabilities across web applications, APIs, cloud environments, networks, and infrastructure. This includes testing proof‑of‑concepts to validate exploitability and determine real‑world impact. The role involves emulating adversary tactics to test detection and response capabilities, as well as conducting reconnaissance and asset discovery to uncover unmanaged or exposed assets. The candidate will support third‑party and supply chain risk validation efforts by reviewing assessments or conducting targeted testing where required. Collaborating closely with security engineering, blue teams and business stakeholders, the analyst will help prioritize remediation efforts based on risk severity and exploitability. Additionally, the role will contribute to enhancing processes, playbooks and reporting standards within the Vulnerability Discovery and offensive security functions. Skills and attributes for success Capability to identify and exploit vulnerabilities beyond automated scanning tools like Qualys, Nessus etc. Strong attention to detail with a methodical approach to identifying complex attack paths Critical thinking and analytical skills to evaluate vulnerabilities in a business risk context Ability to manage high volumes of testing requests without compromising depth or quality Flexibility to work across diverse technologies, including cloud, applications and infrastructure Effective communication skills to convey technical findings to both technical and non‑technical audiences Familiarity with research techniques and threat intelligence to support proactive risk identification To qualify for the role you must have A minimum of 4 years of experience in penetration testing, red teaming, purple teaming or offensive security Hands‑on experience testing applications, APIs, cloud environments and network infrastructure Strong understanding of common vulnerability classes such as OWASP Top 10 and exploitation techniques Familiarity with offensive security methodologies and frameworks Experience supporting or performing third‑party risk assessments Strong analytical and problem‑solving skills with the ability to prioritize risks effectively Strong communication and stakeholder management skills Ideally, you’ll also have OWASP training Incident response experience What we look for We are looking for a developing Offensive Security Analyst that can operate with supervision and bring new approaches to discovering and evaluating the business’s externally‑exposed vulnerabilities. We are seeking a seasoned analyst to improve the organization’s ability to reduce the attack surface while enabling the business. The ideal candidate will seek to improve others while continuously learning and identifying ways to strengthen the organization. What we offer you We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is 76,400 to 138,600. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is 91,700 to 157,500. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team‑led and leader‑enabled hybrid model. Our expectation is for most people in external, client‑serving roles to work together in person 40‑60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial and emotional well‑being. EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at View email address on click.appcast.io. #J-18808-Ljbffr Ernst & Young Oman

Vacancy posted 5 days ago
Similar jobs that could be interesting for youBased on the Offensive Security Analyst in Raleigh, NC vacancy
  • $76.4k - $138.6k

     ...central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of almost...  ...to market and business value. The opportunity As an Offensive Security Analyst on the Attack Surface Management team, you will play a key... 
    Suggested
    Summer holiday
    Local area
    Flexible hours

    EY

    Raleigh, NC
    3 days ago
  • Ernst & Young Oman in Raleigh, North Carolina is seeking an Offensive Security Analyst to evaluate and mitigate digital exposure through penetration testing and adversarial simulation. The ideal candidate will have at least 4 years of experience in security roles, with... 
    Suggested

    Ernst & Young Oman

    Raleigh, NC
    5 days ago
  •  ...The Workday Security Administrator is a Senior Workday HRIS Analyst responsible for the administration, maintenance, and optimization of the security configuration in Workday, the Human Resources Information System (HRIS). They develop and manage custom security roles,... 
    Suggested
    Work at office

    Tom Trese

    Raleigh, NC
    5 days ago
  •  ...Summary Our client, a large enterprise organization with a recently implemented Workday environment, is seeking a Senior Workday Security Administrator to serve as the final addition to its HRIS team. This role owns the administration, optimization, and governance of... 
    Suggested
    Full time
    H1b
    Relocation package

    Twenty80 llc

    Raleigh, NC
    3 days ago
  • $40 per hour

    A cybersecurity training company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity problems. You will work remotely, assessing accuracy, and contributing to the development of AI security tools. Candidates... 
    Suggested
    Hourly pay
    Remote work
    Flexible hours

    DataAnnotation

    Raleigh, NC
    5 days ago
  •  ...SAP Security Analyst/Admin job at The Maven Group, LLC. Raleigh, NC. SAP Security Analyst/Admin Direct Hire REMOTE but must reside within 3 hours of Raleigh US Citizens, Green Card, Perm Resident (no sponsorship) This primarily remote role involves SAP Security Administration... 
    Permanent employment
    Remote work

    Payfuture Technologies

    Raleigh, NC
    4 days ago
  • $50 - $60 per hour

    A leading AI development company is looking for a Securities Analyst to join their team remotely. This role involves reviewing AI Assistant outputs related to finance, providing feedback, and ensuring quality in AI reasoning and performance. Candidates should have fluency... 
    Remote job
    Hourly pay

    DataAnnotation

    Raleigh, NC
    3 days ago
  • $40 per hour

     ...cybersecurity firm is seeking experienced cybersecurity professionals for a remote position. The role involves evaluating AI-generated security content, solving technical problems, and providing valuable feedback to improve AI systems. Candidates should have 2+ years of... 
    Remote job
    Hourly pay
    Flexible hours

    DataAnnotation

    Raleigh, NC
    1 day ago
  • Tom Trese is seeking a Senior Workday Security Administrator responsible for managing the security configuration within Workday HRIS. This role involves developing security roles, troubleshooting access issues, and ensuring data integrity. The ideal candidate will have... 

    Tom Trese

    Raleigh, NC
    1 day ago
  • $40 per hour

    A cybersecurity firm is seeking experienced professionals to evaluate AI-generated content and solve technical cybersecurity challenges. The role is remote, flexible, and offers the freedom to choose projects. You must have hands-on cybersecurity experience, some coding...
    Hourly pay
    Remote work
    Flexible hours

    DataAnnotation

    Raleigh, NC
    4 days ago
  • IT Security Analyst needs 3+ years experience IT Security Analyst requires: IT security Cyber security Finance industry IT Security Analyst duties: Supports Information Security and Cyber Threat management programs within the Bank at an advanced level of ability. Analyzes... 

    Global Channel Management, Inc

    Raleigh, NC
    1 day ago
  • $50 - $55 per hour

     ...Job Title: Security Compliance Analyst Job Description The Security Compliance Analyst leads the full certification lifecycle for key security frameworks, acting as the primary bridge between technical engineering teams and external auditors. This role focuses... 
    Contract work
    Temporary work
    Remote work
    Flexible hours

    Actalent

    Raleigh, NC
    2 days ago
  • $40 per hour

    A cybersecurity company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity problems. This role can be performed remotely and offers flexible hours, with hourly pay starting at $40+. The ideal candidates will... 
    Remote job
    Hourly pay
    Flexible hours

    DataAnnotation

    Raleigh, NC
    1 day ago
  •  ...About the role: Eagle Creek Renewable Energy is seeking an experienced Information Security Compliance Analyst to join our team and help safeguard our organization's regulatory standing and the security of the critical generation assets across our fleet of hydropower facilities... 

    Eagle Creek Renewable Energy

    Raleigh, NC
    1 day ago
  • A financial services company in Raleigh seeks an experienced IT Security Analyst. This role includes supporting information security programs, analyzing threats, and enhancing security measures. Ideal candidates will have over 3 years of experience in IT security, preferably... 

    Global Channel Management, Inc

    Raleigh, NC
    3 days ago
  • $78.9k - $123.3k

     ...system authorization and continuous monitoring activities within a Federal environment. This role is responsible for managing the security authorization lifecycle for one or more information systems, ensuring compliance with Federal cybersecurity requirements, and maintaining... 
    Permanent employment
    Full time
    Part time
    Work at office
    Local area
    Remote work

    Noblis

    Raleigh, NC
    4 days ago
  • $50 - $60 per hour

    DataAnnotation is committed to creating high-quality AI. We are looking for a Securities Analyst to join our team to help train the next generation of AI while enjoying the flexibility of remote work and the freedom to set your own schedule. This role is designed to fit... 
    Hourly pay
    Full time
    Contract work
    Part time
    Work experience placement
    Remote work
    Flexible hours

    DataAnnotation

    Raleigh, NC
    5 days ago
  • Teradata Corporation (SE) is seeking a Compliance Analyst to support security compliance programs across global cloud offerings. The role includes maintaining certifications like FedRAMP Moderate and assisting with compliance activities related to CMMC and ISO standards... 
    Flexible hours

    Teradata Corporation (SE)

    Raleigh, NC
    4 days ago
  • $70k - $90k

     ...play a critical role in our Public Key Infrastructure (PKI) for our global key management initiatives. You will execute critical security operations activities - incident response, vulnerability management, analysis, event management, and recovery. This hands‑on position... 
    Temporary work
    Work experience placement
    Work at office
    Local area
    3 days per week

    MetLif

    Cary, NC
    3 days ago
  •  ...to manage key operations globally. You will support various initiatives related to digital certificates, ensuring compliance with security policies. The role requires excellent collaboration skills to engage with cross-functional teams effectively. The ideal candidate... 
    Work at office

    MetLif

    Cary, NC
    3 days ago
  • Job Description Computer World Services Corp (CWS) is seeking an experienced Security Analyst/Data Security Specialist to support the planning, coordination, and implementation of the organization's information security programs. This role involves maintaining and enhancing... 
    Local area

    Cwsc

    Morrisville, NC
    2 days ago
  •  ...application due to a disability, contact this employer to ask for an accommodation or an alternative application process. IT Security Operations Analyst Full-time Regular Cary, NC, US 1 Attachments Position Overview This role serves as the internal bridge between the... 
    Full time

    GenWorks Group

    Cary, NC
    4 days ago
  • MaintainX is seeking an Information Security professional to enhance its security posture by managing vulnerabilities and conducting assessments. This role requires expertise in AWS and various security frameworks to support compliance programs. The ideal candidate has... 

    MaintainX

    Raleigh, NC
    1 day ago
  •  ...Information Security Specialist Hybrid - 3 days a week onsite. Responsibilities: Identify and evaluate potential areas of Information Security threat by assessing the probability and impact, and implementing associated mitigations. Monitor and contribute... 
    3 days per week

    Axelon

    Cary, NC
    2 days ago
  • A leading consulting firm located in Cary, North Carolina seeks an IT Business Analyst with over a year of experience. Key responsibilities include running monthly security reports, establishing reporting schedules, and contributing to security vendor relationships. The... 
    Work at office

    Arete Technologies, Inc.

    Cary, NC
    4 days ago
  • Computer World Services Corp (CWS) is seeking an experienced Security Analyst/Data Security Specialist to support planning, coordination, and implementation of information security programs. You will maintain and enhance security infrastructure including firewalls, IDS... 

    Cwsc

    Morrisville, NC
    2 days ago
  • Computer World Services Corp. (CWS) is looking for an experienced Security Analyst/Data Security Specialist in Morrisville, NC. The role involves maintaining security infrastructure and responding to potential threats. Key tasks include managing firewall systems, threat... 

    Computer World Services

    Morrisville, NC
    3 days ago
  •  ...100% remote. Our direct client has a new opening for a Lead Security Analyst 141809 This job is 14 months to start, and the client is located in Augusta, ME Please send your rate and resume. Top 3 Skills... 
    Local area
    Remote work

    FHR

    Morrisville, NC
    1 day ago
  •  ...assistance in the state government complex. Investigates criminal offenses involving state property, state employees, or visitors to state...  ...buildings during non-working hours and at night to ensure security of property and equipment. Completes investigative reports pertaining... 
    Work experience placement
    Night shift

    NC-AOCR

    Raleigh, NC
    5 days ago
  • $61.42k - $71.2k

     ...within 3 years from the date of your application? Yes No 09 Have you ever committed or been convicted of the offense of death by motor vehicle? Yes No 10 Have you acquired 5 or more points on your driver's license within 1... 
    Full time
    Temporary work
    Internship
    Seasonal work
    Work at office
    Immediate start
    Monday to Friday

    City of Raleigh, NC

    Raleigh, NC
    5 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Offensive Security Analyst. Be the first to apply!