Security Consultant I Penetration Testing

Description

Join our team

Prevent. Protect. Prevail. We live in a fast-paced cyber-world where protecting our information has become paramount. At TELUS Cybersecurity we strive to always be steps ahead tackling the toughest security challenges head-on with top talent and cutting edge technology. Define your career today as a Senior Consultant with ourSecurity Professional Services team!

Heres the impact youll make and what well accomplish together

Reporting to the Manager Cybersecurity Professional Services as part of the TELUS Cybersecurity Professional Services team Security Consultant Penetration Testing supports client security testing engagements.

If you possess entry-level experience in offensive security and penetration testing and its underlying principles and have strong working experience in the field with current effective and advanced technical skills in web application security infrastructure testing cloud security vulnerability management red/blue team engagements and making recommendations for remediation this role might be just for you!

Heres How

• Knowledge of common application-level vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
• Hands-on expertise with commercial and open-source penetration testing tools (ex: Burp Suite OWASP ZAP Nessus Nmap Metasploit CANVAS SQLMap Empire etc.)
• Support projects and client engagements and write reports and prepare presentations making use of your communication skills to explain technical findings to non-technical crowds
• Understanding of Linux/Windows-based operating systems
• Programming skills in Python Powershell Ruby or other relevant languages
• Knowledge of common penetration testing methodology and standards (PTES OWASP CREST OSSTMM CWE CAPEC CVE CVSS etc.)

Qualifications

Youre the missing piece of the puzzle:

• You have at least 2 years of experience in penetration testing or related field
• You are passionate about cybersecurity with an Ethical Hacker mindset
• You have a desire to work in a fast moving forward leaning and modern technological environment
• You are familiar with offensive security tools such as QualysNessus NMAP and others
• You are familiar with Web Applications assessments using Burpsuite SQLMap and OWASP Zap
• You are looking to join a team conducting Infrastructure and Web Applications security assessments from both an automated and manual perspective
• You have a strong desire to continually learn about new technologies
• You are recognized for your strong verbal and written communication collaboration and report writing skills
• You have experience working with clients in a variety of verticals and organizations
• You have the ability to analyze complex problems and discuss them in a simple logical and thoughtful manner
• You are able to work on multiple projects concurrently manage time effectively while requiring minimal supervision
• Current or ability to achieve Secret Level II clearance required

Nice-to-haves:

• You have hands-on working experience in the field
• 3 years in Information Technology
• University Bachelors degree or equivalent experience in a related discipline
• Knowledge of social engineering and wireless testing
• Professional certificates or the desire to obtain (ie. OSCP)
• Basic Knowledge of GRC standards
• Open-source contributions
• Experience with CTFs and/or bug bounties
• Experience with software development
• Knowledge of common cloud-based infrastructure (AWS Azure GCP etc.)
• Bilingual (English & French)
• Certifications (Nice-to-haves)
  
  • Offensive Security Certified Professional (OSCP)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Certified Penetration Tester (GPEN)
  • Offensive Security Certified Expert (OSCE)
  • Practical Network Penetration Tester (PNPT)
  • Certified Security Analyst (ECSA)

The successful candidate will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients suppliers candidates external partners etc.); interact in English with internal parties (colleagues internal partners stakeholders etc.); and work with IT tools whose interface is only accessible in English as part of this positions main responsibilities given its national scope.