Requisition Id : BCEJP00020430
Strong understanding of penetration and security testing methodologies and tools, Strong background in network protocols and design, Hands-on experience in conducting web appl
Seeking a candidate for the position of Senior Specialist, IS Protection – Testing and Incident Response. Reporting to the Senior Manager, the candidate is responsible for the development, coordination and performance of security tests as part of the vulnerability assessment and penetration testing program for Corporate Security’s Information Security organization. The specialist will assist with the identification and tracking of remediation of risk issues, advise on mitigation safeguards, processes and security best practices and act as a spokesperson and expert on related subjects. -Perform security testing of applications, web/mobile networks and infrastructures, including vulnerability assessments, penetration testing, manual testing techniques and source code reviews -Devise and create custom exploits, solutions and techniques to discover vulnerabilities and exploitability of targets. -Strong networking and security background in areas such as routing and switching, firewall management, analysis of logs and incident response. -Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders. -Track vulnerability risks to closure with GRC and participate in on going GRC use case development. -Analyse security information and artifacts such as scan results, logs, and files in all phases of incident response. -Participate and define incident handling methodologies to proactively manage security risk. -Ability to produce, review and advise on secure architectures, hardening guides and policies and configurations for incident response and event management. -Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that meet objectives. -High degree of initiative, dependability and ability to work with little supervision. -Experience on Vulnerability Assessment and Penetration Testing for Infrastructure, Networks, Web Application, Web Services, Databases, Mobile, etc -Good understanding of penetration testing methodologies such as OWASP and OTTSM. -Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc. -Hands-on experience in conducting web application testing using OWASP top 10. -Ability to analyze scan reports and suggest remediation / mitigation plan to asset owners Required qualifications: -Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent. -Seven (7) years’ experience in information security -Extensive experience in Vulnerability Assessment and Penetration Testing for Web Application, Web Services, Databases, Mobile, Infrastructure and Networks. -In-depth understanding of penetration testing methodologies (OWASP, OSSTMM etc.) and hands on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, core impact to name a few. -In depth knowledge of networking design, routing and firewall segmentation of networks. -The following certifications are an asset: CISSP, CEH, GPEN, OSCP, OPST, OSWE, GWAPT, AWAE or similar -Sound document writing skills -Good knowledge of common office tools. • Ability to communicate in French is an asset -Existing Secret clearance or ability to obtain is preferred Note: -The successful candidate must successfully go through extensive background verifications including but not limited to criminal record and reputational checks -All Security personnel are required to sign a letter of non-disclosure which prevents them from divulging sensitive information that they may be exposed to during their assignment. This policy is strictly enforced. Behaviour skills: -Initiative • Sense of collaboration (teamwork) -Interpersonal Skills -Ability to influence -Compliance with commitments -Results Orientation -Verbal and written -Supervision and monitoring
CDG ISO 14001:2004
Callas/Fort with Minority Supplier Development Council
NCTRCA Minority Buiseness Enterprise Certification
CDG OHSAS 18001:2007
Tech Titans
Deloitte
Best Employer
Graham Bell Innovation
Huawei Gold Partner
Fastest Growing Fastest