We’re currently looking to a hire an experienced Ethical Penetration Tester. The successful candidate will help lead and develop a practice and services that will expertly evaluate the security posture of organizations through advanced testing techniques that simulate real-world attack scenarios. If you are a passionate security tester who is looking for challenging environments and are interested in building an innovative and high quality service, then this is the opportunity for you.
As part of the Control Gap team, you work with high-profile clients in various industries with various technologies and collaborate with a team of highly-skilled professionals as well as mentor and coach junior security professionals dedicated to becoming strong security testers and ethical hackers.
As the principal penetration testing resource, you’ll evaluate the security of large organizations. Testing environments to include external and internal networks, wireless networks, web applications, mobile devices, mobile applications, databases, data coding standards and APIs. Testing will be conducted through various methods including identifying and exploiting vulnerabilities with the goal of compromising the target systems to gain access to confidential data and being able to present and document how and which vulnerabilities, configurations, and weaknesses where exploited to provide clients with a means to effectively remediate and protect themselves from the possibility of real world attacks conducted by bad actors and organizations.
We value innovative individuals who are motivated to take on a leadership role in a growing this professional services practice.
Our people are our most valuable assets and we believe in fostering career development and growth opportunities for every individual on our team. We also offer a competitive benefits package and an excellent work environment that encourages team work.
Perform network and application level internal and external penetration testing assessments using industry methodologies against a pre-determined scope of systems
Creating professional reports for clients that detail assessment findings, and recommendations
Mentoring junior security professionals with desire to learn the security testing trade
Manage and oversee vulnerability programs to detect and remediate vulnerabilities in organizations
Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion
Strategize in developing innovative security testing services for emerging technologies and standards
Assisting sales team with pre-sales activities, needs analysis, and solution design
Attending industry events and leading webinars
Travel to company offices and client work sites across Canada
Perform web application scanning and using various tools to discover vulnerabilities such as cross-site scripting, SQL injection, cross site request forgery, remote code execution
Perform segmentation testing to validate integrity of segmentation and network boundary controls
Knowledge of OWASP standards and assessing web applications and software development again the OWASP Top 10
Working knowledge of symbolic execution, malware analysis, pivoting, source code scanning, exploit writing
Experience and knowledge with industry tools, security threats, attacks & countermeasures, sources of industry information and standards
Configuration review of information technology systems including network devices, applications, databases, virtual environments
Knowledge of cloud security platforms and relevant security measures
Knowledge of encryption algorithms, techniques, deployments
Develop and test exploits and scripts
Experience with Social Engineering techniques
Education and Work Experience:
Degree in Information Security or related field is an asset
At least 3 years of experience in penetration testing
Minimum 5 years of experience in an Information Technology field
Minimum 5 years of experience working in Information Security domains
Minimum 5 years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience
Industry Certifications: (or equivalent penetration testing certifications)
Certified Information Systems Security Professional (CISSP)
GIAC Web Application Penetration Tester (GWAPT)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
GIAC Mobile Device Security Analyst (GMOB)
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Expert (OSCE)
Exceptional customer service, communication and interpersonal skills
Strong written and verbal communication skills.
Strong organizational skills
Strong time management skills
Honesty and integrity
Dedication to providing solutions to meet or exceed client's needs and expectations
Ability to execute, problem-solve, and deliver successful engagements
Ability to handle challenges and project work loads
Company paid medical and dental benefits
Company paid cellular phone, phone service, and data plan
Company paid continuing professional education and certification maintenance
3 weeks of paid vacation, with 4 weeks of paid vacation after 5 years of service
Company team building events throughout each year
Control Gap offers custom-built state of the art tools and a proven processes that allows our assessors to be comfortable, efficient, and organized while providing excellent audit quality.
You must be located within reasonable travelling distance of the Control Gap Headquarters in Mississauga, Ontario, Canada
You must possess reliable transportation to travel to company offices and to client work sites