eSentire® is the global leader in Managed Detection and Response (MDR), keeping organizations safe from cyber attacks that technology alone cannot prevent. Our 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events.
We want to cut through the hype and overblown claims surrounding AI and ML to help our customers successfully tackle their biggest challenges utilizing human expertise at machine scale. We value each person’s unique contribution, so if you love to solve difficult problems--together--eSentire is the place for you.
eSentire has been recognized in Deloitte’s Technology Fast 50™ and Fast 500™, Canada’s Top Small and Medium Employers, and Gartner’s Market Guide for Managed Detection and Response. For more information, visit www.eSentire.com and follow @eSentire.
What are we looking for?
As a key member of our Red Team, the Penetration Tester will be responsible for testing and assessing customer environment and solutions.
- Performing penetration tests against internal and/or external environment of different organizations including network, servers, workstations, applications, API and online/cloud services.
- Evaluating and attempting to bypass the organization’s current information security controls.
- Conduct network and application vulnerability assessments.
- Write reports including technical details, risk analysis and providing remediation recommendations for identified issues.
- Participate in project related meetings: information gathering, solution design, project checkpoints and
- Serve as subject matter expert in areas of network security, application security, and attack and defense techniques and countermeasures.
Education And Work Experience
- Must have a minimum of 3+ years of as a network and application penetration tester.
- Have OSCP/OSCE, CREST or equivalent certification.
- University Degree or College Diploma in Computer Sciences, Information Technology or a related field or equivalent combination of education and experience.
- Demonstrated experience (minimum 3 years) in performing hands-on penetration tests against external and internal networks, operating systems, web applications and more.
- Demonstrated experience running and managing network and application vulnerability scanning and assessment tools.
- Demonstrated technical knowledge of current vulnerabilities, exploits and tools (commercial and open-source).
- Experience in developing advanced attacking capabilities and methods.
- Extensive technical knowledge of security industry best practices and procedures.
- Demonstrated experience with security assessment frameworks and procedures, including following industry best practice methodologies for penetration testing and the ability to perform both manual and automated testing.
- Experience in researching evolving exploits, techniques, and tools in support of penetration testing efforts.
- Experience in developing security tools, using scripts and utilities to automate assessment and analysis activities,
- Excellent verbal and written communication skills including the ability to write clear and concise assessment reports that include of findings, recommendations, road maps, and actionable plans.
- Exceptional customer service, communication and interpersonal skills.
- Ability to communicate and work closely with executives, peers and employees at all levels.
- Ability and willingness to work outside of business hours (weekends/evenings)
- Strong time management and organizational
- High degree of integrity, competence, adaptability, resilience and initiative.
- Maintain relevant industry certifications and demonstrate a willingness to work toward additional credentials.
- Experience testing mobile applications, social engineering, phishing, vishing, physical security, wireless networks, and more.
- Consulting experience leveraging offensive methodologies during red teaming and penetration testing.
- Experience with curating technical and non-technical documentation with reference to internal processes, procedures and.
- Knowledge of security compliance policy, programs, processes, and metrics.
- Researching and learning about information security trends, new testing techniques, and best practices, and knowledge sharing with the team.
- Professional offensive security certifications including OSWE, OSCE are beneficial.
- Non-vendor specific certifications such as:
- GIAC security certifications (GPEN, GWAPT, GXPN)
- Licensed Penetration Tester (LPT)
- Certified Penetration Tester (CPT)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified Risk Management Professional (CRMP)
- Certified in Risk and Information Systems Control (CRISC)
- Information Systems Security Management Professional (ISSMP)
We thank all applicants in advance for applying. Only individuals selected for interviews will be contacted.
eSentire is committed to creating a fair work environment that is aligned withthe Accessibility for Ontarians with Disabilities Act (AODA). We guarantee equal treatment and provide opportunities regardless of race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these basis. If you have any accessibility requirements during the recruitment process, please reach out to our HR team at firstname.lastname@example.org and any accommodation needs will be addressed upon request.