Description
The IT Security team is a fast-paced and dynamic team within the Information Technology organization. The IT Security team is a strategic security planning and operational team that is a conduit between the client stakeholders and our service providers. The IT Security team is responsible for the program management, execution and supervisor of IT’s penetration testing program. Client is currently seeking a candidate for the position of Cyber Security Contractor who will report to the Senior Manager, Cyber Security. They will assist in the execution of an application penetration testing program that will serve to improve the security posture of Information Technology Infrastructure applications, servers and network applications. They will regularly conduct vulnerability and application security assessments, provide feedback on issues related to the execution of the program, assist with the creation of action plans, assist with the identification and tracking of risk & remediation, provide advice on mitigation safeguards, processes and security best practices and act as a spokesperson on security related subjects.
Job Duties/Accountabilities:
Support the IT application penetration testing programAbility to configure, implement, and maintain security testing tools as well as the configuration of data sources for metric reporting/trackingWorking knowledge of Risk and Compliance (GRC) tools as well as collaboration tools such as JIRA and Confluence Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques, penetration testing;Identify new and emerging cyber risks and prepare recommendations for appropriate countermeasures, including, but not limited to, new technology investments, new standards, changes in policy or reconfiguration of existing systems or business processes.Collaborate with various client’s internal stakeholders as well as external partners;Produce security assessment reports and distribute to IT Support teams (for remediation);Ability to document and educate stakeholders on the findings;Ability to research, recommend, and implement changes to procedures and systems to enhance application and systems security;Provide feedback on operational and procedural documentation as required;Ability to serve as subject matter expert on IT security tools, polices, and controls; Take an active role in security-related audits and inquiries;Ability to keep up to date on the latest security regulations, advisories, alerts and vulnerabilities; andSupporting member as required to the IT Security teamContribute to the team skills development and knowledge sharingCritical Qualifications/Competencies:
Minimum of 5 years professional work experience in security testing Experience with security testing tools and methodologies in conducting vulnerability and application security assessmentsWorking knowledge with Python or other scripting knowledgeAbility to analyze IT solutions and technology infrastructure to identify and assess security vulnerabilities, threats, and risks.A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles.Think analytically and synthesize technical information from various sourcesHigh level of personal integrity, and the ability to professionally handle confidential matters and demonstrate a high level of judgment and maturity.Excellent skills of verbal and written communications, relationship building, and influencing others.Solid understanding of IT, Network and Security environmentsStrong hands-on experience with vulnerability assessment and penetration testing toolsExtensive experience with advanced security testing techniquesPreferred Qualifications/Competencies:
A security based professional qualification desirable (e.g. OSCP, Security+, GPEN, GCIH...)Bachelor’s degree in technology-related field or the equivalent work experienceStrong knowledge operating system internals and operationsKnowledge of offensive and defensive security operational tactics.Understanding of industrial framework such as NIST, MITRE ATT&CK, OWASP, PCI-DSS, ITIL and/or other compliance frameworks.Bilingual in French and English would be an asset.Strong and structured scripting/coding skills.Knowledge of code repositories, automation technologies, cloud and containersStrong knowledge of Metasploit Framework, Burpsuite, Kali Linux, Python