Strong understanding of penetration and security testing methodologies and tools, Strong background in network protocols and
Seeking a candidate for the position of Senior Specialist, IS Protection – Testing and Incident Response. Reporting to the Senior Manager, the candidate is responsible for the development, coordination and performance of security tests as part of the vulnerability assessment and penetration testing program for Corporate Security’s Information Security organization. The specialist will assist with the identification and tracking of remediation of risk issues, advise on mitigation safeguards, processes and security best practices and act as a spokesperson and expert on related subjects.
-Perform security testing of applications, web/mobile networks and infrastructures, including vulnerability assessments, penetration testing, manual testing techniques and source code reviews
-Devise and create custom exploits, solutions and techniques to discover vulnerabilities and exploitability of targets.
-Strong networking and security background in areas such as routing and switching, firewall management, analysis of logs and incident response.
-Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders.
-Track vulnerability risks to closure with GRC and participate in on going GRC use case development.
-Analyse security information and artifacts such as scan results, logs, and files in all phases of incident response.
-Participate and define incident handling methodologies to proactively manage security risk.
-Ability to produce, review and advise on secure architectures, hardening guides and policies and configurations for incident response and event management.
-Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that meet objectives.
-High degree of initiative, dependability and ability to work with little supervision.
-Experience on Vulnerability Assessment and Penetration Testing for Infrastructure, Networks, Web Application, Web Services, Databases, Mobile, etc
-Good understanding of penetration testing methodologies such as OWASP and OTTSM.
-Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc.
-Hands-on experience in conducting web application testing using OWASP top 10.
-Ability to analyze scan reports and suggest remediation / mitigation plan to asset owners
-Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent.
-Seven (7) years’ experience in information security
-Extensive experience in Vulnerability Assessment and Penetration Testing for Web Application, Web Services, Databases, Mobile, Infrastructure and Networks.
-In-depth understanding of penetration testing methodologies (OWASP, OSSTMM etc.) and hands on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, core impact to name a few.
-In depth knowledge of networking design, routing and firewall segmentation of networks.
-The following certifications are an asset: CISSP, CEH, GPEN, OSCP, OPST, OSWE, GWAPT, AWAE or similar
-Sound document writing skills
-Good knowledge of common office tools. • Ability to communicate in French is an asset
-Existing Secret clearance or ability to obtain is preferred
-The successful candidate must successfully go through extensive background verifications including but not limited to criminal record and reputational checks
-All Security personnel are required to sign a letter of non-disclosure which prevents them from divulging sensitive information that they may be exposed to during their assignment. This policy is strictly enforced.
-Initiative • Sense of collaboration (teamwork)
-Ability to influence
-Compliance with commitments
-Verbal and written
-Supervision and monitoring