View all jobs
2026-33 - Security Analyst
Toronto, OntarioJob Description:
- Advanced Penetration Testing: Perform comprehensive, hands-on penetration tests (Black Box, Grey Box, White Box) on web applications, APIs, network infrastructure, and cloud environments, simulating real-world attack scenarios using tools like Burp Suite, Postman, and Kali Linux.
- Purple Team & Adversary Emulation: Design and execute targeted operations to test the company's security monitoring, detection, and response capabilities. Partner closely with the Blue Team to validate fixes and assist in designing preventative security controls.
TTX Technical Design: Design and build technically-grounded attack patterns and "injections" for strategic, company-wide enterprise crisis simulations and focused, operational TTXs.
- Vendor & External Testing Management: Lead the creation of detailed Statements of Work (SOWs) and Rules of Engagement (ROEs) for third-party penetration testing vendors, managing the full testing lifecycle through final report review and risk acceptance.
- Cross-Functional Risk Communication: Act as a bridge between the technical security team and non-cyber teams, clearly articulating technical vulnerabilities as business risks and driving remediation efforts with non-technical stakeholders.
- Vulnerability Reporting & Peer Review: Produce clear, detailed, and technically accurate reports outlining vulnerabilities, the exploit path, and risk-rated recommendations. Perform peer reviews of reports from other penetration testers to ensure accuracy and reproducibility.
- Documentation & SOPs: Develop and maintain high-quality operational documentation, including Standard Operating Procedures (SOPs), Job Aids, and technical runbooks for testing methodologies and post-exercise remediation processes.
- Tool Development: Develop and maintain custom tools and scripts (e.g., Python, PowerShell) to enhance the efficiency and scope of security assessments.
Top Skills:
- Seasoned Penetration Testing Expertise: Proven, hands-on experience in exploiting vulnerabilities in modern systems, including OWASP Top 10, API security flaws (CWE/CVE), and cloud misconfigurations (AWS/Azure/GCP).
- Programming/Scripting: Proficiency in at least one scripting language (Python, PowerShell) for automation, exploit development, and custom tool creation.
- Attack Frameworks: Strong knowledge of Burp Suite, Cobalt Strike, and other offensive frameworks.
Project Description: Pentesting, purple teaming & TTX logic, programming/scripting.
- Advanced Penetration Testing: Perform comprehensive, hands-on penetration tests (Black Box, Grey Box, White Box) on web applications, APIs, network infrastructure, and cloud environments, simulating real-world attack scenarios using tools like Burp Suite, Postman, and Kali Linux.
- Purple Team & Adversary Emulation: Design and execute targeted operations to test the company's security monitoring, detection, and response capabilities. Partner closely with the Blue Team to validate fixes and assist in designing preventative security controls.
TTX Technical Design: Design and build technically-grounded attack patterns and "injections" for strategic, company-wide enterprise crisis simulations and focused, operational TTXs.
- Vendor & External Testing Management: Lead the creation of detailed Statements of Work (SOWs) and Rules of Engagement (ROEs) for third-party penetration testing vendors, managing the full testing lifecycle through final report review and risk acceptance.
- Cross-Functional Risk Communication: Act as a bridge between the technical security team and non-cyber teams, clearly articulating technical vulnerabilities as business risks and driving remediation efforts with non-technical stakeholders.
- Vulnerability Reporting & Peer Review: Produce clear, detailed, and technically accurate reports outlining vulnerabilities, the exploit path, and risk-rated recommendations. Perform peer reviews of reports from other penetration testers to ensure accuracy and reproducibility.
- Documentation & SOPs: Develop and maintain high-quality operational documentation, including Standard Operating Procedures (SOPs), Job Aids, and technical runbooks for testing methodologies and post-exercise remediation processes.
- Tool Development: Develop and maintain custom tools and scripts (e.g., Python, PowerShell) to enhance the efficiency and scope of security assessments.
Top Skills:
- Seasoned Penetration Testing Expertise: Proven, hands-on experience in exploiting vulnerabilities in modern systems, including OWASP Top 10, API security flaws (CWE/CVE), and cloud misconfigurations (AWS/Azure/GCP).
- Programming/Scripting: Proficiency in at least one scripting language (Python, PowerShell) for automation, exploit development, and custom tool creation.
- Attack Frameworks: Strong knowledge of Burp Suite, Cobalt Strike, and other offensive frameworks.
Project Description: Pentesting, purple teaming & TTX logic, programming/scripting.