My 2 cents (read rants) on Information security
My 2 cents (read rants) on Information security

My Interview experience with EY as Senior Penetration Tester

Its been 2 years and 8 months I was working as a Penetration tester looking after application security for the most part of my day. As it was an in-house work the job got boring as not much new and exciting was coming up, although it was well paying job and best part of it was laid back work culture, I decided to look for new a challenge. I wanted to get into a niche field in Penetration testing. Due to the advancements in framework oriented applications (built-in security) and tons of defensive products I feel few years down, traditional penetration testing would be saturated, it would cut down to social engineering or zero-days. anyways my top 2 choices were either to get into IOT Security or Financial Security. Cutting it short,  I applied at  Ernst & Young Cyber Center of Excellence Madrid, Spain as a Senior Penetration tester.  Ernst & Young is one of the Big4 firms that deals with financial services, taxation, accounting etc.  It has 260k+ employees, 700 offices in 150 countries.

After a couple of days, I got a detailed email from FSO CoE cyber hub lead.

EY Interview questionaire

attached to it is one long questionnaire, about 30 questions of different nature (non-technical), along with detailed guide on how to answer them, do you know how to answer situational interview questions like “Describe a time when….”? Neither did I, thanks to the guide a good way to answer situational interview questions is to use is STAR: Situation you were in; Task at hand; Action you performed; Result is produced. Some of the questions are as follow:-

  • What do you consider to be your key strengths in communicating  your views and opinions?
  • How do you stay motivated? How do you keep those around you and working with you motivated?
  • We live in a globalised era. How would you make sure a remote team communicates well?
  • Describe a time when you gave constructive feedback to someone. What worked well, and what might you improve next time? What did you learn from the experience?
  • Why do you want to work in FSO? What is it in the sector that interests you?
  • In what type of scenarios do you perform best?
  • Innovation: describe a time when you improved a way of working, a process or similar. What impact did your improvement make?

Being a techie (POC or GTFO), I am not very good at answering behavioral questions, good for me it was written so I had plenty of time to think. I submitted the questionnaire and in about a week got an email to schedule phone call technical interview.

The Phone call technical interview was of about 45 minutes, 2 Penetration testing managers were on the other side, it was interesting, they asked the right questions that should be asked when you are hiring a penetration tester.  Sorry I am not going to share specific questions because they are continuously hiring and I don’t want to leak out anything.

After 4-5 days I got an email to schedule a second interview with FSO CoE cyber hub lead, that interview lasted a good 40-45  minutes, discussing mostly about what they do, some situational questions, my interests and motivation to work there.

At the end, I got an offer letter, I researched about the living expenses in Madrid and the salaries offered by other companies as well as EY. The offer I got was above average, but I was already getting a handsome salary in my current job at that time,  I needed a push! So I sent a salary negotiation email.

after few days they accepted my counter offer.

Ey Penetration tester offer letter

So EY Madrid Here I come!! Overall it was a smooth and positive experience.



Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
arpan Dasgupta

I have applied for the exact same post in EY can you please help me with the interview QA

Would love your thoughts, please comment.x