Overview
Our client, a government entity in Saskatchewan, Canada, needs the services of a Penetration Testing Analyst(s) to join the Cyber Security and Risk Management Branch (CSRM). The Penetration Testing Analyst would be part of the CSRM and be responsible for managing all things related to IT security including, though not necessarily limited to:
- Provide interpretation and enforcement of the information security policy and standards.
- Providing information security, education and awareness;
- Responding to information security Incidents;
- Performing Threat Risk Assessments (TRAs) for IT-related business initiatives throughout Government;
- Providing security assessment and overall security requirements and oversight for IT-related Solution and Services Procurements;
- Providing information security advice and guidance for business areas; and,
- Evaluating new threats and vulnerabilities.
Mandatory Qualifications and Experience:
- At least 3 years proven experience working as a Penetration Tester.
- Candidate must be able to work 100% onsite in Regina, Saskatchewan, Canada upon contract start date.
- Demonstrated experience with a government entity in Saskatchewan or comparable entities
- Demonstrated experience with cybersecurity standards including the Open Web Application Security Project (OWASP) Application Security Testing Standard.
Other Required experience:
- Demonstrated experience with cloud security and cloud-based application architecture and different deployment models.
- Demonstrated experience with penetration testing tools.
- Demonstrated experience identifying and exploiting vulnerabilities.
- Demonstrated experience with common attack vectors and techniques, and how to defend against them.
- Demonstrated experience in regulatory compliance standards and ensuring compliance during penetration testing.
- Demonstrated experience in static and dynamic application security testing using automated tools and manual techniques.
- Demonstrated experience with white box testing and black box testing.
- Demonstrated experience with the ISO 27002:2022, or equivalent, code of practice for information security controls.
- Demonstrated experience writing and presenting detailed assessment reports.
- Valid certifications such as Certified Ethical Hacker (CEH) or Certified Information Systems Security Professional (CISSP) are considered significant assets. Related cybersecurity certifications will be considered.
Job Type: Fixed term contract
Contract length: 36 months
Pay: From $95.00 per hour
Expected hours: 40 per week
Experience:
- Demonstrated experience working as a Penetration Tester.: 3 years (required)
- Government entity in Saskatchewan or comparable entities: 2 years (required)
- OWASP Application Security Testing Standard: 3 years (required)
- ISO 27002:2022, or equivalent: 1 year (required)
Licence/Certification:
- Certified Ethical Hacker or CISSP (required)
Work Location: In person
