Penetration Tester

Penetration Tester

Description of Assignment

The Specialist is expected to collaborate with our offensive security team and contribute to the execution of assigned projects as an integral member of the Office of the CISO Division.

The services required pertain primarily to penetration testing.

The Specialist will support the Office of the CISO division in the delivery of multiple cyber initiatives mainly related to offensive security.

The Specialist is required to assist with the planning and execution of vulnerability assessment and penetration testing.

The current hybrid work arrangement is subject to potential changes based on City mandates and / or at the discretion of Office of the CISO Senior Management.

Assignment Duties

• Delivers expert capabilities and direction to conduct offensive security services.
• Conducts authorized assessment of infrastructure and applications to proactively identify security weaknesses.
• Verifies weaknesses by leveraging attacker techniques to evaluate the difficulty and effectiveness of potential attack from various threat actors.
• Provides comprehensive and actionable recommendations to counter the threat posed by identified security weaknesses, given the applicable threat landscape.
• Leads and delivers reporting and metrics including Key Risk Indicators (KRIs).
• Develops and reports enterprise-level metrics for vulnerabilities and remediation progress.
• Understands, demonstrates, and educates stakeholders on the real-world impact of threats and vulnerability exploitation in a given environment.
• Leads, coordinates, and executes assigned projects, ensuring effective teamwork and communication, high standards of work quality and organizational performance and continuous learning.
• Provides expertise in identification, analysis, testing, and remediation of cyber threats.
• Assesses cyber security requirements of business strategies in order to provide appropriate advice, guidance, and technical solutions.
• Maintains an up-to-date and in-depth knowledge of cyber security, current and emerging application security threats, trends, and associated techniques and technologies.
• Anticipates, analyzes and identifies organizational impacts of emerging requirements; recommends and coordinates innovative solutions using conflict resolution and negotiation skills to successfully manage sensitive and controversial matters.
• Provides technical project coordination, support, and ensures comprehensive and effective information communication across various functional and project team.
• Organizes and works with multidisciplinary business and technical teams from across the organization to formulate and execute project plans and tasks according to established project management principles and methodologies.

Experience and Qualifications

• Post-secondary degree in Computer Science, Information Security or a related discipline.
• Over 5 years of experience in penetration testing.
• Extensive penetration testing experience with operating systems, web applications and network infrastructure.
• Strong experience with using Penetration Testing Tools. NMap, Nessus, Metasploit, BurpSuite, Nikto, Tcpdump.
• Administrator level knowledge of Server Operating Systems, specifically Unix and Windows
• Intricate technical knowledge of TCP / IP Networking / Routing, Intranet / Internet Architectures and Segregation Technologies / VLANs, Firewalls, Intrusion Detection, Intrusion Prevention, SQL Databases
• Ability to test web technologies web applications, containers, container managers
• Programming ability to create, read and modify exploit code to achieve system penetration. C, C++, Java, C#, scripting knowledge is an asset.
• Experience scaling security testing capabilities
• Demonstrate a current and working knowledge of Information Security best-practices, methodologies, and techniques.
• Preferred Certifications (any in the list) : OSCP, OSEP, OSCE, OSWE, CRTP, CRTE, GWAPT, GMOB
• Ability to lead efficient communication between all project stakeholders, including internal teams and clients.
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors).
• Strong analytical skills and ability to prioritise and multitask.

Deliverables

• Assessment Reports.
• Management Reports.
• Project plans and timelines.

Job 70608