Description
IMPORTANT
Top 3 skills
Penetration testing ability Good knowledge of the end to end vulnerability management process Strong communication skillThe Network SOC VM team is a fast-paced and dynamic team within the Client Network organization. The Network SOC VM team is a strategic security planning, governance and operational team that is responsible for the operations of the VA scan programs. Our team is currently seeking a candidate for the position of a Cyber Security specialist (pentester) who will report to the Vulnerability Testing team leader. The Cyber Security specialist (pentester) will assist in the execution of the security testing program that will serve to improve the security posture of the Client Network factory and by executing manual pentests on applications, servers and network resources. He will regularly conduct vulnerability assessments, provide feedback on issues related to the execution of the VA programs, assist with the creation of action plans, assist with the identification and tracking of risk remediation, provide advice on mitigation safeguards, processes and security best practices and act as a spokesperson on security related subjects.
Job Duties/Accountabilities:
Support the Network SOC VM testing program;Ability to configure, implement, and maintain security testing tools as well as the configuration of data sources for metric reporting/tracking;Working knowledge of Risk and Compliance (GRC) tools as well as collaboration tools such as JIRA and Confluence Perform security testing of applications, networks and infrastructures, including vulnerability assessments, and manual testing techniques, penetration testing;Identify new and emerging cyber risks and prepare recommendations for appropriate countermeasures, including, but not limited to, new technology investments, new standards, changes in policy or reconfiguration of existing systems or business processes.Collaborate with various Client’s internal stakeholders as well as external partners;Produce security assessment reports and distribute to Network Support teams (for remediation);Ability to document and educate stakeholders on the findings;Ability to research, recommend, and implement changes to procedures and systems to enhance application and systems security;Provide feedback on operational and procedural documentation as required;Ability to serve as subject matter expert on Network security tools, polices, and controls; Take an active role in security-related audits and inquiries;Ability to keep up to date on the latest security regulations, advisories, alerts and vulnerabilities; andSupporting member as required to the Network SOC VM team.Sufficient coding language understanding to conduct secure code reviewCritical Qualifications/Competencies:
Minimum of 3 years professional work experience in information security as a pentester or similar role Experience with security testing tools and methodologies in conducting vulnerability and application security assessmentsWorking knowledge with scripting or/and programmatic language (ex: Python, Powershell, c#, Java, etc.)Ability to analyze IT solutions and technology infrastructure to identify and assess security vulnerabilities, threats, and risks.A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles.Think analytically and synthesize technical information from various sourcesHigh level of personal integrity, and the ability to professionally handle confidential matters and demonstrate a high level of judgment and maturity.Excellent skills of verbal and written communications, relationship building, and influencing others.Preferred Qualifications/Competencies:
A security based professional qualification desirable (e.g. CISM, CISA, OPST, CEH, OSCP)Bachelor’s degree in technology-related field or the equivalent work experienceStrong knowledge operating system internals and operationsKnowledge of offensive and defensive security operational tactics.Understanding of industrial framework such as NIST, MITRE ATT&CK, OWASP,PCI-DSS, ITIL and/or other compliance frameworks.Bilingual in French and English would be an asset.Experience as a developer in enterprise or/and part of a open source project on a public code repository (ex: Github)
