Penetration tester
National Bank of Canada
Montréal, QC
Join a world-class information security team!

We're looking for new talent to expand our security team. We live in a digital world. Things change every day, requiring us to adopt a pragmatic, agile, and proactive approach to ensuring security when it comes to new opportunities, technologies, and processes.

If you'd like to:
Influence change
Have input in information security
Join a dynamic, innovative team
Explore new ideas

If you can:
Find vulnerabilities that no one else has been able to find and uncover system security flaws
Develop, as necessary, your own tool or portion of code to carry out testing
Provide clear, coherent written reports as well as remediation guidance based on an overview of risk
Propose solutions proactively

Then we want to hear from you!

Want to make a positive impact in our organization?

Inspire a positive work environment and be a champion and innovator of team work and support.
Have a good understanding of system and network architectures
Be able to critically examine an organization and system from the perspective of a malicious actor and articulate the risk in clear and precise terms
Conduct in-depth penetration testing, including identifying and reporting security flaws, making clear, consistent recommendations, and providing remediation guidance
Identify vulnerabilities that cannot be identified by scanners or automated tools
Keep current on the latest security trends and developments
Perform manual security tests for web applications, APIs, mobile apps (iOS and Android), infrastructure, and manual code and configuration code review activities

Qualifications:
Bachelor's degree in a related field and seven years' relevant experience OR Master's degree in a related field and five years' relevant experience OR University certificate and nine years' relevant experience
Certification: OSCP, OSCE, GPEN, CEH, definite assets
3-5 years of experience in the field of information security
3 years of proven experience working with penetration testing tools and manual attacks (Metasploit, Burp Suite, Cobalt Strike, etc.)
Proven experience creating and communicating reports on vulnerabilities to various levels of personnel within a large organization
Experience with penetration testing in at least three of the following areas: network, system, application, mobile, web, wireless network
Experience in programming: able to code and use scripting languages (Python, Perl, etc.), an asset
Exploit research and mitigation
Knowledge of the tactics, techniques, and procedures associated with the activity of malicious actors (organized crime, fraud groups, etc.)
Bilingualism both spoken and written - English and French
Diversity is an integral part of the Bank's values and commitments. In this document, the masculine gender designates both sexes with no discrimination intended, and is used only to facilitate reading.

#LI-AR1
Particular Condition:Please note that the position can be fill in Montreal or Toronto according to preference.