CGI Cybersecurity is recruiting skilled Penetration Testers for full-time employment to join their Offensive Security Operations practice in the Greater Toronto Area (GTA). The Offensive Security Operations practice is responsible for handling adversary-based assessments in unique, complex or challenging environments, requiring quick turnaround and a higher degree of skill and sophistication.
This role will participate in activities ranging from threat and adversary modelling, security architecture reviews to vulnerability research and analysis, web application assessments and penetration testing. Qualified candidates for this role must possess scripting or coding experience, be familiar with reverse engineering concepts, principles or tools and demonstrate knowledge of common network protocols and modern application stacks. Candidates should also be comfortable with API fuzzing, popping shells, privilege escalation techniques and pivoting.
Your future duties and responsibilities:
- Plan, coordinate, manage and run penetration testing activities against mission critical networks, applications and systems both for internal and external CGI clients.
- Participate in management, maintenance and deployment of penetration testing tools and technologies within AWS cloud services and physical lab environment.
- Participate in the development and testing of customised penetration testing tools and exploits in support of red team engagements.
- Provide consultative guidance and advice to customers of CGI regarding vulnerability remediation including recommending workarounds or risk mitigation strategies and approaches.
- Provide secure systems and network architecture assessments and reviews in support of proposal bid processes and large-scale, technology deployment engagements.
- Develop vulnerability intelligence reports, summaries and bulletins that articulate the associated risks to client stakeholders.
Required qualifications to be successful in this role:
- Bash and/or Python, PowerShell scripting skills is essential.
- Experience with Metasploit, Tenable suite of products, Cobalt Strike or Core Impact is essential.
- Experience with BurpSuite, Peach Fuzzer, CyberFlood, beSTORM, Defensics or afl-fuzz, VUzzer, Domato, Sulley, SPIKE or related technologies is strongly desired.
- Familiarity with SAST/IAST technologies and approaches is desirable.
- Understanding of ASLR/DEP bypass, ROP exploitation is desirable.
- Familiarity with emerging security analysis approaches such as symbolic and concolic execution testing is desirable.
- Advanced knowledge of common network protocols and TCP/IP stack is essential.
- Familiarity with progressive web application development technologies such as Node.js, ReactJS, Ionic, Polymer, Angular an asset.
- Experience with SharePoint security analysis is an asset.
- Experience with cloud service environments such as Amazon AWS and understanding of cloud native security concepts and principles is an asset.
- Strong communications and writing skills is essential.
- Operationally focused and results oriented mindset and approach is essential.
- Candidates with resilience, perseverance and grit are valued above all else.
- Web Development
Interested candidates can apply through the CGI Website.
This entry was posted on February 6, 2019