Our large IT client, is recognized by customers as Canada’s leading Telecommunication company.
We are looking for an Information Security Tester to support the team.
Duration: 7 months
Location: Montreal, Quebec, Canada
We are currently seeking a candidate for the position of Senior Specialist, IS Protection – Testing and Incident Response. Reporting to the Senior Manager, the candidate is responsible for the development, coordination and performance of security tests as part of the vulnerability assessment and penetration testing program for Corporate Security’s Information Security organization. The specialist will assist with the identification and tracking of remediation of risk issues, advise on mitigation safeguards, processes and security best practices and act as a spokesperson and expert on related subjects.
WHAT WE ARE LOOKING FOR
- Bachelor’s degree in technology-related field, or in computer science with a specialization in telecommunications, or the equivalent.
- Seven (7) years’ experience in information security.
- Extensive experience in Vulnerability Assessment and Penetration Testing for Web Application,
- Web Services, Databases, Mobile, Infrastructure and Networks.
- In-depth understanding of penetration testing methodologies (OWASP, OSSTMM etc.) and hands on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, core impact to name a few.
- In depth knowledge of networking design, routing and firewall segmentation of networks.
- The following certifications are an asset: CISSP, CEH, GPEN, OSCP, OPST, OSWE, GWAPT, AWAE or similar.
- Sound document writing skills.
- Good knowledge of common office tools.
- Ability to communicate in French is an asset.
- Existing Secret clearance or ability to obtain is preferred.
- Perform security testing of applications, web/mobile networks and infrastructures, including
- vulnerability assessments, penetration testing, manual testing techniques and source code reviews
- Devise and create custom exploits, solutions and techniques to discover vulnerabilities and exploitability of targets.
- Strong networking and security background in areas such as routing and switching, firewall management, analysis of logs and incident response.
- Document analysis results, identify security risks, produce reports and present to technical and executive stakeholders. Track vulnerability risks to closure with GRC and participate in on
- going GRC use case development.
- Analyze security information and artifacts such as scan results, logs, and files in all phases of incident response. Participate and define incident handling methodologies to proactively
- manage security risk.
- Ability to produce, review and advise on secure architectures, hardening guides and policies and configurations for incident response and event management.
- Possesses proven track record and experience delivering cyber security testing services and mitigation recommendations taking constraints into account, and oversee implementation that
- meet objectives.
- High degree of initiative, dependability and ability to work with little supervision.
- Experience on Vulnerability Assessment and Penetration Testing for Infrastructure, Networks,
- Web Application, Web Services, Databases, Mobile, etc
- Good understanding of penetration testing methodologies such as OWASP and OTTSM.
- Hands-on experience of Security Testing tools such as Burp Suite, Metasploit, Kali, Nessus, etc.
- Hands-on experience in conducting web application testing using OWASP top 10.
- Ability to analyze scan reports and suggest remediation / mitigation plan to asset owners.
LOOKING FOR MEANINGFUL WORK? WE CAN HELP
If you're a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.
We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at email@example.com. We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.