IT Security Consultant 3 / Conseiller en sécurité des TI 3 (12294)

Location: Toronto, ON, Canada
Date Posted: 28-08-2018
Client is looking for a senior Security Vulnerability Assessment and Penetration Tester to provide support to ongoing client engagements. 

Required Knowledge: 
• Knowledge of vulnerability assessment practices and procedures a must 
• Experience in penetration testing (ethical hacking) practices and procedures 
• Knowledge of penetration testing methodologies (PWASP, PTES, OSSTMM) 
• Knowledge of information and I.T. security best practices 
• Knowledge of social engineering and wireless testing 
• Knowledge of PCI standard an asset 
• Basic Knowledge of GRC standards an asset 

Tools Knowledge/Experience: 
• Vulnerability assessment experience with any of the following: Qualys, Nexpose, Nessus, NMAP NSE etc. 
• Penetration testing experience with any of the following: Kali, Metasploit, Powershell Empire, Medusa, Mimikatz etc. 
• Web Application assessment with any of the following: Acunetix, Appscan, Burpsuite, SQLMap, OWASP Zap etc. 

Required Skills & Abilities: 
• Ability to lead projects/engagements, report writing and presentation skills (ability to clearly explain technical findings to a non-technical audience) 
• Use of multiple security engagement tools, platforms and scripts in live client environments 
• Infrastructure vulnerability scanning including manual verification of findings 
• Goal based penetration testing, including privilege escalation, and lateral movement 
• Ability to work within in a geographically distributed team from home, office and client locales 
• Ability to work as part of a team or independent 
• Strong time and task management skills 
• Strong verbal and written communication skills 
• Ability to properly communicate technical threats to client is recommended 

Required Experience & Education: 
• A minimum of 5 years industry experience is required 
• University degree 
• Professional certificates (ie. OSCP) are an asset 

Desired Technical Skills: 
• Web application security assessments from both an automated and manual perspective 
• Knowledge of ICS/SCADA security controls and testing experience 
• PCI compliance knowledge and experience including the delivery of associated testing requirements 
• Experience with ICS testing would be considered an asset
this job portal is powered by CATS