Penetration Tester

Charter • Contract • Regina, SK, CA • 5d ago

About the Role

Charter is seeking a seasoned Penetration Tester / Application Security Specialist to lead end-to-end security assessments across applications, infrastructure, and cloud environments. The ideal resource will plan and execute white-box and black-box testing, identify and exploit vulnerabilities, provide pragmatic remediation guidance, and ensure all activities align with regulatory and industry standards. Location: Regina, SK. Term: 24 months.

Key Responsibilities:

Penetration Testing & Exploitation
Conduct comprehensive penetration tests (network, application, API, mobile, cloud) using both automated tools and manual techniques.
Identify, validate, and exploit vulnerabilities to demonstrate business impact and prioritize remediation.
Perform red-team style assessments where appropriate (e.g., phishing simulations, lateral movement, privilege escalation).
Application Security Testing
Execute Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools.
Partner with engineering teams to embed security into the SDLC, including secure code reviews, threat modeling, and secure design reviews.
Attack Vectors & Defense
Analyze and communicate common attack vectors (e.g., injection, authentication/authorization flaws, deserialization, misconfigurations).
Provide actionable defense strategies and hardening guidance to reduce risk and improve security posture.
Compliance & Standards
Ensure testing practices meet regulatory compliance requirements (e.g., SOC 2, PCI DSS, HIPAA, GDPR depending on scope).
Apply and align security controls to ISO/IEC 27002:2022 (or equivalent), documenting control coverage and gaps.
Reporting & Communication
Produce detailed, executive-ready assessment reports including methodology, findings, risk ratings, exploit details, business impact, and remediation recommendations.
Present results to technical and non-technical stakeholders; facilitate remediation workshops and retesting.
Governance & Continuous Improvement
Contribute to security policies, playbooks, and testing methodologies.
Track metrics, trends, and lessons learned to continuously improve testing effectiveness and control maturity.

Qualifications:

Demonstrated Experience
Identifying and exploiting vulnerabilities across applications and infrastructure.
Common attack vectors and techniques, and how to defend against them.
Regulatory compliance standards and ensuring compliance during penetration testing.
SAST/DAST using automated tools and manual techniques.
White-box and black-box testing methodologies.
Applying the ISO/IEC 27002:2022 code of practice for information security controls (or equivalent).
Writing and presenting detailed assessment reports to diverse audiences.
Certifications (Assets)
Valid certifications such as CEH (Certified Ethical Hacker) or CISSP (Certified Information Systems Security Professional) are considered significant assets.
Related cybersecurity certifications (e.g., OSCP, GWAPT, GPEN, GWEB, CCSP, Security+) will be considered.
Technical Stack & Tools (Typical)
SAST/DAST: SonarQube, Checkmarx, Fortify, Veracode, Burp Suite, OWASP ZAP
Infra/Cloud: Nmap, Metasploit, Kali, BloodHound, Cloud-specific tools (Azure, AWS, GCP)
Code Review & DevSecOps: GitHub/GitLab CI, SCA tools (e.g., Snyk), threat modeling (e.g., STRIDE)
Soft Skills
Strong analytical and problem-solving skills; able to translate technical risk into business impact.
Clear written/verbal communication,
Ability to influence cross-functional teams.
High attention to detail, integrity, and discretion handling sensitive information.

Our Company:

Charter is an award-winning Canadian IT Solutions and Managed Services Provider founded in 1997 in Victoria, BC, Canada. With offices nationwide, Charter offers innovative IT solutions, managed services, project delivery, and consulting. Our mission is to align people, processes, and technologies to enhance communication, boost performance, and modernize businesses. Using a business architecture methodology and human-centered design, we drive successful digital transformations, unlock new opportunities, and promote growth. We empower our clients to focus on core operations with our comprehensive support.