Pay at Intact is about much more than just salary.
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Salary range (but not limited to):
118,700 - 145,100Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance):
15%As part of our commitment to Win As A Team, we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.
Our pension offerings provide flexibility and long-term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan.
Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35-hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well.
About the role
The Security Specialist, Offensive Security is responsible for testing the security controls, the network, and threat response for Intact Financial globally (All regions and all affiliate companies). He/she works as a specialist employing techniques, tactics and protocols to test security controls, working as part of a global offensive security team.
The Specialist, Offensive Security reports to the Director, Offensive Security and works with a team of technical advisors across multiple locations and time zones.
If you can think outside of the Kali box, and love to think like an attacker (with a track record to prove your capabilities) we want to talk to you about joining our team!
What you'll do here:
Conduct reconnaissance on network environment to build external landscape using industry standard tools, threat intelligence feeds, OSINT and other readily available information sources
Conduct offensive security testing to ensure security controls and response actions are effective. If you are detected, shifting from a red team focus to a purple team approach – your purpose isn’t to create a “Gotcha!” moment – our mission is to strengthen our controls throughout the entire attack chain across the enterprise.
Employ attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterprise.
Ability to identify and exploiting vulnerabilities in computer systems, networks and applications to simulate attacks by threat actors – you have a proven track record of evading modern EDR (eg. Crowdstrike, MDE, SentinelOne) while elevating privileges/hitting your target.
Analyze and report on the results of security assessments and make recommendations to improve the security posture of the enterprise.
You understand the TCP/IP stack in depth and know how to exploit it to create covert beacons, C2 channels, exfiltrate data across DNS. Understanding how routing tables work (eg. BGP) and how they can be exploited is an asset.
Work with regional cyber governance and risk teams to ensure that findings are properly tracked for remediation
Generate the required metrics and reports to support the CISO IFC Affiliates in reporting on enterprise security control effectiveness
Leverage industry standard and emerging tools to evaluate emerging threats to the financial services space and benchmark regions and affiliate companies to peers.
Able to consume threat intelligence and apply the attack surface to crown jewel assets for target and tactic development, proposing clear rules of engagement for testing activities (either one time or perpetual) and ensuring compliance to the ROE through all phases of testing.
Maintain and update all offensive security tools, technologies and processes in line with company rules of engagement
Provide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagement.
What you bring to the table:
Advanced knowledge in the following areas: computer networks, operational security platforms, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, Threat intelligence, Incident Response, technical writing, information risk.
Bachelor's degree in Computer Technology, Information Security, an asset.
A minimum of five (5) years of relevant professional experience in information technology.
A minimum of three (3) years of experience in information security.
Knowledge of offensive security operations, tools and techniques.
Knowledge of information security standards, regulations and legislation (NIST, COBIT5, ISO 27001), an asset.
Python scripting comes naturally, and have a history of using it in blue/red/purple team engagements
Proficiency in manual testing techniques beyond automated scanning.
Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS scoring.
You can take many vectors of technical vulnerability information (Pentest reports, vulnerability scanning data, SAST/DAST reports) and build an attack plan on critical assets.
You must have the ability to take highly technical data and results and translate them to business-friendly language to help non-technical stakeholders understand the approach, impact and outcome from offensive security operations.
If you’ve joined capture the flag competitions (even better if you won) we want to hear about it!
Recognized certification in information security (CEH, CISM or other), an asset.
Analytical mind, pragmatic approach to IT security issues and problems.
Strong partner in all areas, internally and externally, to provide a secure solution.
Ability to reduce stress in situations that are stressful to you and others.
Positive attitude, initiative with strong analytical and interpersonal skills to lead work groups, negotiate and build consensus.
Ability to write and present material to communicate difficult concepts and gain consensus.
Ability to work in a dynamic environment with multiple objectives.
Highly motivated and self-directed, with attention to detail.
Ability to prioritize and execute tasks in a high-pressure environment.
Ability to deal diplomatically and effectively at all levels of the organization.
Ability to challenge the status quo.
Customer focused approach.
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
No Canadian work experience required however must be eligible to work in Canada.
#LI-Hybrid
Il s'agit d'un nouveau rôle au sein de notre équipe en plein croissance | This role is a new member of our growing team.Security Advisor Specialist, Offensive Security (Global Red Team) • Montréal, Quebec, CAN
This role sits at the intersection of.You’ll work closely with Sales, Product, and Leadership to support scoping, improve delivery processes, and help evolve our service offerings as the business s... Show more
A top virtual care provider is seeking an IT Operations & Security Advisor in Montreal, Quebec.The ideal candidate will have over 5 years of IT experience with a focus on security and application s... Show more
Our Krakenites are a world‑class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.Kraken is a mission‑focused company roote... Show more
Location: Montreal, QC (Hybrid - 4 days/week in the office).Duration: 06 Months Contract on T4 (possibility of extension or temporary to permanent).Bilingualism (French/English): Bilingual - Both w... Show more
Contract (6 Months) | Potential Extension.Millenilink is partnering with a large enterprise organization seeking an experienced Endpoint Security Lead to support a major endpoint hardening, applica... Show more
Cyber Security Supply‑Chain Risk Specialist.Fluent written and spoken English and Spanish (required).The Cyber Security Supply‑Chain Risk Specialist ensures that third‑party services across North, ... Show more
Our employees are at the heart of everything we do.Together, we help people, businesses, and society prosper in good times and be resilient in bad times.Our employee promise represents Intact’s com... Show more
A leading video game company in Montreal is seeking a Senior Physical Security Manager to oversee and enhance security operations across Canada.This role involves ensuring compliance with security ... Show more
We are looking for self-motivated, highly driven and entrepreneurial individuals to join our Field Sales team at RBC Insurance.As an accredited Life, Health & Wealth Advisor (HLLQP/LLQP) you provid... Show more
A leading Canadian insurance company is seeking a Financial Security Advisor to join their team in Montreal.This full-time role offers the opportunity to help families protect their assets through ... Show more
Cyber Security Vendor/3rd party risk specialist.The Cyber Security Supply Chain Risk Specialist ensures that third party services across North, Central, and South America meet business, regulatory,... Show more
The Cyber Security Risk Specialist ensures that third party services across North, Central, and South America meet clients’ business, regulatory, and security standards.The role partners with Relat... Show more
Join Morgan Stanley in Montreal as an Offensive Security Specialist focused on vulnerability mitigation.Your role will emphasize reducing scans' false positives while working collaboratively with t... Show more
Senior Security Specialist – Clinia.Secure the systems that power digital health.At Clinia, we build the search and data infrastructure that powers digital health.We move with purpose, solve comple... Show more
GDI) is a Montréal-based, public company held house of integrated omni-channel brands, designing and distributing accessible, trend-forward fashion for women since 1975.Our mission of "Empowering Y... Show more
Drive innovation as a DevSecOps Advisor focusing on security in a hybrid work setting.Collaborate on creating robust security solutions across platforms.As a tech pioneer since 2004, our mission is... Show more
Defend store assets as a professional Retail Security Specialist.Leverage surveillance and engagement to mitigate theft and support a safe shopping experience in a part-time capacity.Your role is c... Show more
Join an international team as a Senior Active Directory Expert, ensuring top-notch operational performance and security for complex environments.Engage in transformative projects and enhance your s... Show more
Lead AI security initiatives as a Senior Advisor for AI Security Frameworks.Focus on developing comprehensive strategies to govern the use of generative AI while minimizing inherent risks.Bringing ... Show more
Take on a key role in compliance within the securities sector in Montreal, featuring a hybrid work model.This position emphasizes teamwork, technology, and advisor engagement.As a Compliance Specia... Show more
