Senior Security Consultant Offensive Security

Join our team and what well accomplish together

We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.

Reporting to the Manager of the Offensive Security team we are seeking an experienced Senior Security Consultant to join the team mentor other consultants and support our Vulnerability Management Program. This work will combine aspects of 3rd party consulting with in-house security advisory penetration testing application security and vulnerability management. Youll get the opportunity to leverage enterprise grade tools and also develop in house security tooling and integrations. As TELUS Health is comprised of many mergers and acquisitions the goal is thorough security validation at scale across many disparate systems networks and technology stacks. Not only will you assist in identifying gaps youll also be a key contributor to our remediation efforts. When applicable youll help automate and create new processes to avoid the same issues in the future.

The TELUS Health CSO team is committed to providing excellence in securing our internal and customers data and systems ensuring world-class reliability of security networks and systems and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance assurance and oversight to secure our data.

Youll partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team all of which enables us to thrive in a dynamic environment.

What youll do

Please note we understand that this role does span/merge across many traditional security testing specializations. We welcome security testing specialists and generalists alike for this role we simply require the willingness to grow and learn.

• Reinforce TELUS Healths Customers First values in ensuring positive security outcomes for external customers and internal stakeholders
• Provide deep cyber security technical knowledge and support to business and development operations teams
• Lead projects and client engagements and write reports and prepare presentations making use of your communication skills to explain technical findings to non-technical crowds
• Help build the core Vulnerability Management Program working with various data sources and stakeholders from different lines of business.
• Youll get the opportunity to design and implement a wide range of testing scenarios that emulate different threat actor sophistications across different assets. A few examples below that will fall within the team:
  
  • Conduct penetration tests using OSINT PTES OSSTMM methodologies
  • Enhance the security data pipeline to streamline vulnerability remediation workflows including automated vulnerability scanning risk prioritization remediation tracking and metrics reporting to ensure timely resolution of security findings
  • An assumed breach scenario and applying the MITRE ATT&CK framework to assess our ability to detect and respond to a wide range of adversarial TTPs
  • Application security assessments using OWASP Web/Mobile application Security Testing Guide to verify an applications security posture related to the associated OWASP (M)ASVS Level
  • Review 3rd party penetration tests to validate the findings and ensure that the mitigations are properly implemented
  • Set up attacker infrastructure for C2 communications
  • Contribute to Offensive Security Tactics Techniques and Procedures and aid the SecOps team with the Incident Response playbook definition
  • Contribute to our shift left application security strategy by automating testing and reporting into the SDLC pipeline
  • Write clear reports that summarize findings detail and prioritize remediation strategies
• Guide and mentor others in offensive security practices

What you bring

• 5 years in a combination of vulnerability scanning penetration testing red teaming application (web mobile) security testing
• 7 years of demonstrable technical security and privacy experience in IT and networks ideally in a professional role or consultative capacity
• Demonstrate aptitude to automate aspects of our testing process (Python Powershell Javascript Perl Bash Ruby etc.)
• Flexibility and comfortable with ambiguity you enjoy working with others to figure it out when needed strong interpersonal and influencing skills to buildrelationships with key stakeholders
• Youll have experience working at least a few combinations of the following:
  
  • MITRE ATT&CK
  • OWASP ASVS and WSTG
  • MASVS MASTG
  • PTES OSSTMM
• Ideally you will possess two or more of the following certifications (or any credible security testing certifications):
  
  • Penetration Testing
    
    • CREST CRT OSCP OSCE OSEP GPEN eCPT eCPTX HTB CPTS OSWP PNPT
  • Red Teaming
    
    • CRTP CRTO (1 and/or 2) CRTE
  • Application Security
    
    • BurpSuite Certified Practitioner OSWE GWAPT eWPT
  • Mobile Application Security
    
    • GMOB EMAPT
  • Cloud Security
  • CCSP CARTP CAWASP PACSP
• Must possess or be able to obtain at least Government of Canada Reliability Status clearance

Great-to-haves

• Previous experience in IT administration or software development
• Background in exploit development and research
• Contributions to open-source projects or the security community

Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients suppliers candidates external partners etc.); interact in English with internal parties (colleagues internal partners stakeholders etc.); and work with IT tools whose interface is only accessible in English as part of this positions main responsibilities given its national scope.