Specialist, Offensive Security

JOB SUMMARY:
Performs Penetration Testing and Red Team exercises as part of the Threat Management unit’s Offensive Security section, identifying cyber security weaknesses and assisting with remediation efforts. Contributes to the development of the Threat Management unit’s ethical hacking capabilities, supporting the execution of the Chief Information Security Officer’s (CISO) mandate, cyber vision, and strategy.

Provides operational support for Penetration Testing and Red Team activities, working closely with senior team members to enhance the organization’s security posture.

MAJOR RESPONSIBILITIES:
 

• Offensive Security Support: Assists in conducting offensive security services, performing tasks under guidance from senior team members.
• Infrastructure & Application Testing: Conducts authorized assessments of infrastructure and applications to identify security weaknesses, with oversight from senior testers.
• Attack Simulation & Validation: Supports the identification and verification of weaknesses using attacker techniques, evaluating potential threats under the direction of senior staff.
• Risk-Based Recommendations: Assists in providing actionable recommendations to mitigate security weaknesses, considering the current threat landscape, with guidance from senior team members.
• Process & Tool Improvement: Contributes to the improvement of security processes, tools, and techniques. Assists in researching and developing testing tools, techniques, and processes.
• Security Reporting & Metrics: Supports the preparation and delivery of security reports and metrics, including Key Risk Indicators (KRIs), working under the supervision of senior staff.
• Vulnerability & Remediation Tracking: Assists in developing and reporting metrics for vulnerabilities and remediation progress, contributing to overall security tracking efforts.
• Stakeholder Education & Awareness: Helps educate stakeholders on the real-world impact of threats and vulnerabilities, demonstrating how risks may be exploited in the given environment.

QUALIFICATIONS/CERTIFICATIONS:

• Post-secondary degree in Business or Technology or a related discipline.
• 2+ years experience in penetration testing.
• Penetration testing experience with operating systems, web applications and network infrastructure.
• Strong experience with using Penetration Testing Tools. e.g. NMap, Nessus, Metasploit, BurpSuite, Kali Linux.
• Administrator level knowledge of Server Operating Systems specifically Linux and Windows
• Intricate technical knowledge of TCP/IP Networking/Routing, Intranet / Internet Architectures and Segregation Technologies/VLANs, Firewalls, Intrusion Detection, Intrusion Prevention, SQL Databases
• Ability to test web technologies e.g. web applications, containers, container managers
• Programming ability to create, read and modify exploit code to achieve system penetration. C, C++, Java, C#, scripting knowledge is an asset.
• Experience scaling security testing capabilities
• Demonstrate a current and working knowledge of Information Security best-practices, methodologies, and techniques.
• Preferred Certifications (any in the list):  CISSP, OSCP, CRTO, CRTP, GPEN

SOFT SKILLS:

• Ability to work in transformative programs.
• Ability to lead efficient communication between all project stakeholders, including internal teams and clients
• Ability to achieve business objectives through influencing and effectively working with key stakeholders.
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors.
• Excellent problem-solving skills with capability to identify solutions to unusual and complex problems.
• Keen attention to detail and strong organizational skills.
• Highly organized, proactive, self-motivated team player who takes initiative and is able to work independently.
• Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
• Strong analytical skills and ability to prioritise and multitask.
• Ability to prioritize and effectively manage competing priorities and projects.
• Ability to manage multiple initiatives while adhering to strict deadlines.
• Able to work extremely well under pressure while maintaining a high level of professionalism
• Self-motivated person with desire to go above and beyond tasks
• Transferable skills, like communication and decision-making, are equally important.
• Being able to think on your feet and show good judgment are especially valuable in this field. “Security pros should always be ready to react to cyber-related incidents quickly.