Job Title: Full Time Penetration tester
Location: Work From Home - Attend meetings in client locations in the Toronto Area
As a Penetration Tester, you will play a crucial role in assessing and fortifying the security infrastructure of our clients' fintech systems. Your responsibilities will include identifying vulnerabilities, conducting penetration tests, and providing strategic recommendations to enhance the overall security posture of financial applications and platforms. This role entails leading security assessments and conducting penetration tests for Infrastructure, Network, Cloud, SDK’s, web & mobile application security testing.
Qualifications
• Graduate of Information Security or Computer Science degree program.
• 5-7+ years of experience in a similar role.
• Professional qualifications (one or more): CISSP, CCSP, OSCP, OSCE, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, CEH
• Candidate must have OSCP certification
Skills
• Experience in leading security/vulnerability assessments and conducting penetration tests.
• Conduct penetration tests to discover and exploit vulnerabilities.
• Help review, assess, and prioritize vulnerabilities.
• Document findings and communicate their relevance efficiently to technical teams and senior management.
• Produce high-quality reports for clients.
• Work closely with the development and infrastructure teams and act as a subject matter expert on vulnerabilities and the best ways to mitigate them.
• In-depth knowledge of relevant cybersecurity frameworks and standards (e.g., NIST, ISO 27001, PCI DSS, Cloud security benchmark).
• Scripting and Programming Skills: Proficiency in scripting languages (e.g., Python, Bash) and programming languages (e.g., C, Java, JavaScript) for custom tool development and automation of tasks.
• In-depth Understanding of Secure Coding Practices: Knowledge of secure coding techniques and code review processes to identify vulnerabilities in software.
• Advanced Network Analysis and Forensics Skills: Skills in network traffic analysis, digital forensics, and incident response to understand attack vectors and trace malicious activities.
• Excellent verbal and written communication skills to effectively report and explain findings to both technical and non-technical stakeholders.