Our Client is looking for a Senior Security Specialist with strong experience across penetration testing, red team exercises, threat hunting, vulnerability assessments, source code review, and network and application security.
The successful candidate will support cybersecurity initiatives across Ontario Provincial Police and OPS province wide I&IT infrastructure, applications, systems, and information resources. This role requires hands-on offensive security
expertise, strong technical analysis, and the ability to document risks and provide recommendations to both technical and executive audiences.
Key Responsibilities
Conduct penetration tests, vulnerability assessments, source code reviews, network vulnerability assessments, threat hunting activities, and red team exercises
Identify, analyze, and exploit common vulnerabilities in web applications, networks, systems, and enterprise environments
Use manual testing techniques and enterprise-grade automated tools to assess security posture
Lead or support red team exercises to simulate cyber attack scenarios and identify exploitable weaknesses
Conduct network threat hunting and assess suspicious activity, attack paths, and potential compromise indicators
Define, evaluate, and assess security requirements and safeguards for system environments and IT projects
Identify gaps or weaknesses in security architecture and recommend mitigation strategies
Ensure IT security and contingency measures are incorporated into system development and secure deployment
Advise on security risks, privacy concerns, vulnerabilities, and compliance with relevant security standards
Support I&IT security projects and tasks as assigned by the OPP Chief Security Office and/or cluster I&IT management
Prepare clear reports, document risks, and provide recommendations for technical teams, business stakeholders, and executive management
Must-Have Experience
10 plus years of experience in penetration testing, red team tactics, threat hunting, or network and application security
Strong experience conducting penetration tests and vulnerability assessments
Strong experience with red team tools, techniques, tactics, and strategies
Strong experience with network threat hunting and network vulnerability assessments
Experience reviewing source code and identifying security weaknesses
Experience writing security reports, documenting risks, and presenting recommendations to diverse audiences
Strong understanding of security architecture, application security, and network security testing
Required Skills
Hands-on experience with web application security testing
Experience Identifying And Exploiting Common Application And Infrastructure Vulnerabilities
Knowledge of vulnerability assessment methodologies, tools, and techniques
Knowledge of secure system design, security safeguards, and security controls
Ability to assess security requirements across complex and distributed systems
Knowledge of security technologies such as encryption, access controls, firewalls, authentication, digital signatures, and malware protection
Working knowledge of security audit procedures and protocols
Experience establishing secure environments at the network, operating system, or application level
Strong analytical, problem-solving, and decision-making skills
Strong written and verbal communication skills
Ability to manage competing priorities, meet deadlines, and work with multiple stakeholders
Nice-to-Have Skills
Public sector experience
Experience in law enforcement, public safety, or highly sensitive environments
Experience with Windows and Linux operating systems
Experience with programming languages such as .NET and Java
Experience with DAST, SAST, source code review, log collection, and log analysis
Experience with IDS, IPS, SIEM, network monitoring, and threat hunting tools
Experience with incident response, forensic investigation, business recovery, and disaster recovery planning
Experience performing threat and risk assessments
Experience with Public Key Infrastructure
Knowledge of Information Management principles, concepts, policies, and practices
Experience with secure design frameworks and agile delivery environments
