CTC005283 - Security Analyst Senior - PENTESTER

Secteur industriel: Telecommunications
Type d'emploi: Contract
Durée:
Mode de travail: On Site

Description

IMPORTANT

No need to be fully bilingual, but a minimum of English understanding is required for those in Quebec. Interviews can be conducted in their preferred language – English of French.

3 Top skills must be seen on the resume -

  • Strong understanding of penetration and security testing methodologies and tools.
  • Strong written and verbal communication skills including the ability to explain the nature and impact of vulnerabilities both at a technical and management/business level
  • Strong background in network protocols and design
  • Senior role (could be Intermediate with mix of education and experience)

    No testing in interviews

    Projects candidates will be working on? Web Applications mainly with possibilities to move system level if project is successful

    Typical hours worked? Core 9 to 3, flexible on the rest. Right now it’s a given, preference to be office based, but could be negotiated.

    Why has this position arisen? We are looking to augment our pentesting Red Team to conduct pentests and improve current process

    Any potential to hire Full time? Yes, but as of today no. The intent is to grow the team, so the idea would be to keep them long term. The contract says Dec 31, but the odds are extremely high to continue into 2021 as this should be a minimum year long project. Also, funding is for contractors for now, but things can change into HC in the future.

    We are seeking a professional Pentester to come and augment our Red Team to perform pentesting. We are seeking people who are independent and can work with minimal supervision, with a sense of initiative, continuous improvement and good at problem solving. Our initial pivot is to work on Web Applications, and once the Pentester is familiar with process, to support internal team to work on internal applications.It is part of a project to improve automation and making the process leaner. The budget is approved for 2020 and if the project is a success, there is a possibility for extension.

    Our client is currently seeking a candidate for the position of Senior Specialist, IS Protection – Testing and Incident Response. Reporting to the Senior Manager, the candidate is responsible for the development, coordination and performance of security tests as part of the vulnerability assessment and penetrationtesting program for Corporate Security’s Information Security organization. The specialist will assist with the identification and tracking of remediation of risk issues, advise on mitigation safeguards, processes and security best practices and act as a spokesperson and expert on related subjects.

  • Perform security testing of applications, web/mobile networks and infrastructures, including vulnerability assessments, penetration testing, manual testing techniques and source code reviews
  • Devise and create custom exploits, solutions and techniques to discover vulnerabilities and exploitability of targets.
  • Strong networking and security background in areas such as routing and switching, firewall management, analysis of logs and incident response.
  • Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders. Track vulnerability risks to closure with GRC and participate in on going GRC use case development.
  • Analyse security information and artifacts such as scan results, logs, and files in all phases of incident response. Participate and define incident handling methodologies to proactively manage security risk.
  • Ability to produce, review and advise on secure architectures, hardening guides and policies and configurations for incident response and event management.
  • Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that meet objectives.
  • High degree of initiative, dependability and ability to work with little supervision.
  • Experience on Vulnerability Assessment and Penetration Testing for Infrastructure, Networks, Web Application, Web Services, Databases, Mobile, etc
  • Good understanding of penetration testing methodologies such as OWASP and OTTSM.
  • Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc.
  • Hands-on experience in conducting web application testing using OWASP top 10.
  • Ability to analyze scan reports and suggest remediation / mitigation plan to asset owners
  • Required qualifications:

  • Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent.
  • Seven (7) years’ experience in information security
  • Extensive experience in Vulnerability Assessment and Penetration Testing for Web Application, Web Services, Databases, Mobile, Infrastructure and Networks.
  • In-depth understanding of penetration testing methodologies (OWASP, OSSTMM etc.) and hands on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, core impact to name a few.
  • In depth knowledge of networking design, routing and firewall segmentation of networks.
  • The following certifications are an asset: CISSP, CEH, GPEN, OSCP, OPST, OSWE, GWAPT, AWAE or similar
  • Sound document writing skills
  • Good knowledge of common office tools.
  • Ability to communicate in French is an asset
  • Existing Secret clearance or ability to obtain is preferred
  • Note:

  • The successful candidate must successfully go through extensive background verifications including but not limited to criminal record and reputational checks
  • All Security personnel are required to sign a letter of non-disclosure which prevents them from divulging sensitive information that they may be exposed to during their assignment. This policy is strictly enforced.
  • Behaviour skills:

  • Initiative
  • Sense of collaboration (teamwork)
  • Interpersonal Skills
  • Ability to influence
  • Compliance with commitments
  • Results Orientation
  • Verbal and written
  • Supervision and monitoring
  • Notre barre latérale

    Bienvenue sur le nouveau site web de la CTC.