View all jobs
Offensive Security Engineer-2026-4
Calgary, AlbertaResponsible for proactively identifying, exploiting, and documenting security vulnerabilities across the organization's enterprise applications, infrastructure, and physical security controls.
1. Primary Focus
The role focuses on identifying technical weaknesses through active testing, logical analysis, and proactive detection.
Penetration Testing: Performing hands-on, comprehensive tests across infrastructure, networks, and applications.
Minimum Toolset: Utilizing industry-standard tools such as Burp Suite, Postman, and Kali Linux to identify and exploit vulnerabilities.
Red Team Injection Logic: Planning and executing technical "injections" and simulated attack steps within larger red team exercises.
Canary Administration: Managing and administering Canary tokens/devices to detect unauthorized presence or activity.
Threat Hunting: Executing threat hunts designed by the Threat Intelligence team to proactively search for adversary activity.
2. Engagement
The team follows strict internal standards that are subject to continuous improvement. Each engagement follows established SOPs and standards which are constantly updated to improve efficiency.
Most penetration tests are project-based "test-and-report" engagements, which may be performed in-house or via a vendor depending on project classification.
TTX Scope Exercises include both company-wide simulations and custom, focused scenarios with internal teams.
Punctual red team activities are an increasing requirement for validating defensive controls.
3. Threat Intelligence
While the teams work closely, the offensive team focuses on the technical application of intelligence. The Offensive Security team has access to TTPs and internal threat intelligence tooling.
Threat hunting is a collaborative effort with the Threat Intelligence team; while knowing their specific tooling is only a "nice-to-have," it is not a mandatory requirement.
4. Required Technical Proficiency
Candidates must possess a deep technical background to support complex testing and tabletop design.
Attack Frameworks: Strong knowledge of Burp Suite and other attack tooling/frameworks is highly desired.
Vulnerability Frameworks: Proficiency in identifying the correct CWE, calculating CVSS scores, and applying OWASP Top 10 lists and attack patterns.
5. Key Deliverables
The candidate is responsible for the full lifecycle of security assessments and documentation. Scoping plans based on demo meetings/technical docs, executing tests per the scope document, and delivering findings to all organizational levels, including Executive Summaries.
Table-Top Exercises (TTX): Investigating technical documentation and playbooks to design attack patterns and injections; facilitation is not required.
Threat Hunt: Performing threat hunts supported by or in conjunction with the Threat Intelligence team/tooling.
Documentation & Peer Review: Producing high-quality technical documentation for all tests and performing peer reviews of reports from other penetration testers.
1. Primary Focus
The role focuses on identifying technical weaknesses through active testing, logical analysis, and proactive detection.
Penetration Testing: Performing hands-on, comprehensive tests across infrastructure, networks, and applications.
Minimum Toolset: Utilizing industry-standard tools such as Burp Suite, Postman, and Kali Linux to identify and exploit vulnerabilities.
Red Team Injection Logic: Planning and executing technical "injections" and simulated attack steps within larger red team exercises.
Canary Administration: Managing and administering Canary tokens/devices to detect unauthorized presence or activity.
Threat Hunting: Executing threat hunts designed by the Threat Intelligence team to proactively search for adversary activity.
2. Engagement
The team follows strict internal standards that are subject to continuous improvement. Each engagement follows established SOPs and standards which are constantly updated to improve efficiency.
Most penetration tests are project-based "test-and-report" engagements, which may be performed in-house or via a vendor depending on project classification.
TTX Scope Exercises include both company-wide simulations and custom, focused scenarios with internal teams.
Punctual red team activities are an increasing requirement for validating defensive controls.
3. Threat Intelligence
While the teams work closely, the offensive team focuses on the technical application of intelligence. The Offensive Security team has access to TTPs and internal threat intelligence tooling.
Threat hunting is a collaborative effort with the Threat Intelligence team; while knowing their specific tooling is only a "nice-to-have," it is not a mandatory requirement.
4. Required Technical Proficiency
Candidates must possess a deep technical background to support complex testing and tabletop design.
Attack Frameworks: Strong knowledge of Burp Suite and other attack tooling/frameworks is highly desired.
Vulnerability Frameworks: Proficiency in identifying the correct CWE, calculating CVSS scores, and applying OWASP Top 10 lists and attack patterns.
5. Key Deliverables
The candidate is responsible for the full lifecycle of security assessments and documentation. Scoping plans based on demo meetings/technical docs, executing tests per the scope document, and delivering findings to all organizational levels, including Executive Summaries.
Table-Top Exercises (TTX): Investigating technical documentation and playbooks to design attack patterns and injections; facilitation is not required.
Threat Hunt: Performing threat hunts supported by or in conjunction with the Threat Intelligence team/tooling.
Documentation & Peer Review: Producing high-quality technical documentation for all tests and performing peer reviews of reports from other penetration testers.