Offensive Security Advisor (Red Team)

Determined imaginative curiousif these are some of the ways you describe yourself we want to learn more about you!

At TC Energy we are proud to connect the world to the energy it needs. Guided by our values of safety in every step personal accountability one team and active learning we deliver the critical energy that North America and the world rely on while balancing reliability affordability and sustainability.

The Opportunity

TC Energys Enterprise Security (ES) requires an Offensive Security Advisor (Red Team) to work within our Governance Risk Compliance and Resilience team. As an Offensive Security Advisor you will serve as a critical defender by thinking like an attacker. Youll rigorously test our security controls network infrastructure and incident response capabilities through simulated advanced threat scenarios.

The Offensive Security Advisor employs techniques tactics and protocols (TTPs) to test security controls working as part of the red team. You will plan and execute remote operations dynamically emulating advanced threat actors to improve the detection and response capabilities of TC Energy. Our mission is to strengthen our controls throughout the entire attack chain across the enterprise.

If you are interested in breaking into anything and everything and love to think like an attacker (with a track record to prove your capabilities) we want to talk to you about joining our team!

What youll do

• Conduct offensive security testing to ensure security controls and response actions are effective

• Conduct reconnaissance on network environment to build external landscape using industry standard tools threat intelligence feeds and other readily available information sources

• Employ attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterprise

• Identify and exploit vulnerabilities in computer systems networks and applications to simulate attacks by threat actors

• Collaborate with our internal blue team to improve detection and response capabilities

• Drive findings and improvements with teams to ensure that they move to completion

• Work with teams to ensure that findings are properly tracked for remediation

• Deploy and manage red team attack infrastructure for operations

• Administer and guide third-party service providers

• Analyze and report on the results of security assessments and make recommendations to improve the security posture of the enterprise

• Remain informed about latest security trends advisories publications and adversary activities

• Leverage industry standard and emerging tools to evaluate emerging threats and benchmarks

• Apply trends and historical data to identify map and track TTP utilization in penetration tests

• Maintain and update all offensive security tools technologies and processes in line with company rules of engagement

• Provide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagement

• Develop and Contribute to Red Team procedures templates and frameworks

• Support an event response by providing subject matter expertise and coordination when requested

Minimum Qualifications

• A minimum of five (5) years of relevant professional experience in information technology or industrial control systems

• A minimum of three (3) years of experience in information security

• Bachelors degree in Computer Science Information Security Computer Engineering or a technical diploma in a related discipline

Preferred Qualifications

• Proven track record of evading modern EDR (eg. Crowdstrike MDE SentinelOne) while elevating privileges/hitting your target

• Advanced knowledge in the following areas: computer networks operational security platforms information security principles TCP/IP DNS UDP BGP SOC IAM SIEM DLP EDR Threat intelligence Incident Response technical writing information risk

• Knowledge of information security standards regulations and legislation (NIST COBIT5 ISO 27001)

• Proficiency in manual testing techniques beyond automated scanning

• Strong knowledge of OWASP Top 10 MITRE ATT&CK and CVSS scoring

• Can take many vectors of technical vulnerability information (Pentest reports vulnerability scanning data SAST/DAST reports) and build an attack plan on critical assets

• Recognized certification in information security (CEH CISM or other)

• Ability to take highly technical data and results and translate them to business-friendly language to help non-technical stakeholders understand the approach impact and outcome from offensive security operations

• Positive attitude initiative with strong analytical and interpersonal skills to lead work groups negotiate and build consensus

• Ability to prioritize and execute tasks in a high-pressure environment

• Knowledge of offensive security operations tools and techniques

To remain competitive support our high-performance culture and allow for more flexibility in the way we work we offer a hybrid work model and flexible dress code for our eligible office-based workforce in Canada the U.S. and Mexico. #LI-Hybrid

About our business

We are a leader in North American energy infrastructure spanning Canada the U.S. and Mexico. Every day our dedicated team proudly connects the world to the energy it needsmoving over 30 per cent of the cleaner-burning natural gas used across the continent. Complemented by strategic ownership and low-risk investments in power generation our infrastructure fuels industries and generates affordable reliable and sustainable power across North America while enabling LNG exports to global markets.

TC Energy is an equal opportunity employer and participates in the E-Verify program supervised by the US government. We welcome applications from all qualified individuals regardless of race religion age sex color national origin sexual orientation gender identity veteran status or disability. We are also committed to providing accommodations throughout the recruitment process. Applicants requiring accommodations or accessible formats are encouraged to contact us at for support.

All applicants must have legal authorization to work in the country where the position is based without restrictions. Background screening is required for all positions which may include criminal and/or credit checks. Offers may be extended at a different level or job title that best aligns with the successful candidates qualifications.

Learn more

Visit us at and connect with us on our social medial channels for our latest news employee stories community activities and other updates.

Thank you for considering TC Energy in your career journey.