View all jobs

Penetration Tester - Full Time - Remote

Toronto, Ontario
REPORTS TO: Vulnerability Management Lead
PURPOSE OF THE ROLE: A penetration-tester/red team member is a very hands-on representative of the information security team. This role is highly technical, and candidates must possess a solid understanding of information security, preferably with a strong computer science background. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up to date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.
Penetration-testers/red teamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy, such as purple teaming, to enhance skillsets for both red and blue team members.
While some automated tools will be leveraged, the penetration-tester/red teamer must realize this is not solely a point-and-click role but requires hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). When performing red team exercises, the penetration-tester/red teamer must strive to avoid detection. In addition to stealthy engagements, however, penetration-testers/red teamers must also participate in visible and announced assessments for new and existing services, infrastructure, and applications to help the team identify weaknesses before an attacker does.
Core Accountabilities
Penetration Testing
  • Document and formally report testing initiatives, along with remediation recommendations and validation.
  • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial products.
  • Develop and maintain tools and scripts used in penetration-testing and red team processes.
  • Train offensive and defensive colleagues on new TTPs and mentor junior teammates.
  • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
  • Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.
Stakeholder and Vendor Management
  • Support purple team exercises designed to build strength across disparate teams.
  • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
  • Occasionally attend and participate in change management policy discussions and meetings.
  • When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention).
Minimum Qualification and Skills
  • Bachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent
  • 10+ years’ experience in information security administration, offensive tactics, monitoring and IR
  • 5-7 years’ experience in pentesting with emphasis on purple teams.
  • Preferred to have one or more of the following relevant certifications.
    • Certified Information Systems Security Professional (CISSP)
    • Offensive Security Certified Professional (OSCP)
    • Offensive Security Certified Expert (OSCE)
    • GIAC Penetration Tester (GPEN)
  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit

More Openings

Helpdesk Level 2 Support
System Admin
Deployment Supervisor

Share This Job

Powered by