The IT Security team is a fast-paced and dynamic team within the Information Technology organization. The IT Security team is a strategic security planning and operational team that is a conduit between the Client stakeholders and our service providers. The IT Security team is responsible for the program management, execution and supervisor of IT’s penetration testing program.
Client is currently seeking a candidate for the position of Cyber Security Contractor who will report to the Senior Manager, Cyber Security. They will assist in the execution of an application penetration testing program that will serve to improve the security posture of Information Technology Infrastructure applications, servers and network applications. They will regularly conduct vulnerability and application security assessments, provide feedback on issues related to the execution of the program, assist with the creation of action plans, assist with the identification and tracking of risk & remediation, provide advice on mitigation safeguards, processes and security best practices and act as a spokesperson on security related subjects.
- Support the IT application penetration testing program
- Ability to configure, implement, and maintain security testing tools as well as the configuration of data sources for metric reporting/tracking
- Working knowledge of Risk and Compliance (GRC) tools as well as collaboration tools such as JIRA and Confluence
- Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques, penetration testing;
- Identify new and emerging cyber risks and prepare recommendations for appropriate countermeasures, including, but not limited to, new technology investments, new standards, changes in policy or reconfiguration of existing systems or business processes.
- Collaborate with various Client’s internal stakeholders as well as external partners;
- Produce security assessment reports and distribute to IT Support teams (for remediation);
- Ability to document and educate stakeholders on the findings;
- Ability to research, recommend, and implement changes to procedures and systems to enhance application and systems security;
- Provide feedback on operational and procedural documentation as required;
- Ability to serve as subject matter expert on IT security tools, polices, and controls;
- Take an active role in security-related audits and inquiries;
- Ability to keep up to date on the latest security regulations, advisories, alerts and vulnerabilities; and
- Supporting member as required to the IT Security team
- Contribute to the team skills development and knowledge sharing
- Minimum of 5 years professional work experience in security testing
- Experience with security testing tools and methodologies in conducting vulnerability and application security assessments
- Working knowledge with Python or other scripting knowledge
- Ability to analyze IT solutions and technology infrastructure to identify and assess security vulnerabilities, threats, and risks.
- A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles.
- Think analytically and synthesize technical information from various sources
- High level of personal integrity, and the ability to professionally handle confidential matters and demonstrate a high level of judgment and maturity.
- Excellent skills of verbal and written communications, relationship building, and influencing others.
- Solid understanding of IT, Network and Security environments
- Strong hands-on experience with vulnerability assessment and penetration testing tools
- Extensive experience with advanced security testing techniques
- A security based professional qualification desirable (e.g. OSCP, Security+, GPEN, GCIH...)
- Bachelor’s degree in technology-related field or the equivalent work experience
- Strong knowledge operating system internals and operations
- Knowledge of offensive and defensive security operational tactics.
- Understanding of industrial framework such as NIST, MITRE ATT&CK, OWASP, PCI-DSS, ITIL and/or other compliance frameworks.
- Bilingual in French and English would be an asset.
- Strong and structured scripting/coding skills.
- Knowledge of code repositories, automation technologies, cloud and containers
- Strong knowledge of Metasploit Framework, Burpsuite, Kali Linux, Python