HomeAbout UsCareersPenetration Tester

Penetration Tester

We currently have a unique opportunity for a Senior Penetration Tester to join our Security Consulting team. Our team is an experienced and highly skilled group of penetration testers that takes direction from recognizable industry subject matter experts. We will consider experienced applicants at various career levels so read on to learn what we are looking for.

Department: Audit & Assurance
Project Location(s): Winnipeg, Canada
Education: Bachelor’s Degree

Responsibilities

  • Perform penetration testing against many different types of applications and networks.
  • Identify and exploit vulnerabilities in applications and networks.
  • Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications.
  • Research emerging security topics and new attack vectors.
  • Work independently to meet customer and project deadlines.
  • Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on penetration testing findings.

Skills/Experience

  • Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major
  • Current holder of penetration testing certifications such as OSCP, OSWP, CEH
  • 5 or more years of penetration testing with 3 or more years of specific application and network / red team penetration testing experience in a consulting environment.
  • Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
  • Development and/or source code review experience in at least several of the following languages/Scripting languages: C/C++, C#, VB.NET, ASP, PHP, Powershell, Python or Java.
  • Understanding of how data flows through an application and/or network and connected components (SMTP, LDAP, Database servers).
  • Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.).
  • Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Familiar with documenting and communicating results that may be consumed by both developers and management-level audiences.
  • Familiar with testing web applications, natively compiled binary applications, mobile applications, web services, and testing networks.
  • Familiar with common Windows/Linux commands and scripting.
  • Familiarity with general application and network security concepts.
  • Ability to communicate effectively both written and verbal.
  • Ability to travel for company related events and potential onsite client work.
  • Familiar with OWASP Top 10 and CWE/SANS Top 25 classification systems.
  • Familiar with profiling an application or network, identifying threats, and developing test cases to target identified threats
apply now