Security Consultant I - Penetration Tester

Description

Join our team

Prevent. Protect. Prevail. We live in a fast-paced cyber-world where protecting our information has become paramount. At TELUS Cybersecurity, we strive to always be steps ahead, tackling the toughest security challenges head-on with top talent and cutting edge technology. Define your career today as a Security Consultant with our Security Professional Services team!

Here’s the impact you’ll make and what we’ll accomplish together

Reporting to the Manager, Cybersecurity Professional Services as part of the TELUS Cybersecurity Professional Services team, Security Consultant, Penetration Testing supports client security testing engagements.
If you possess entry-level experience in offensive security and penetration testing and its underlying principles and have strong working experience in the field with current, effective and advanced technical skills in web application security, infrastructure testing, cloud security, vulnerability management, red/blue team engagements and making recommendations for remediation, this role might be just for you!

Here’s How

• Knowledge of common application-level vulnerabilities including those found in the OWASP Top 10 and CWE Top 25
• Hands-on expertise with commercial and open-source penetration testing tools (ex: Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, CANVAS, SQLMap, Empire, etc.)
• Support projects and client engagements and write reports and prepare presentations, making use of your communication skills to explain technical findings to non-technical crowds
• Understanding of Linux/Windows-based operating systems
• Programming skills in Python, Powershell, Ruby, or other relevant languages
• Knowledge of common penetration testing methodology and standards (PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, etc.)

Please note: This is a remote/hybrid work environment.

Qualifications

You’re the missing piece of the puzzle:

• You have at least 2 years of experience in penetration testing
• You are passionate about cybersecurity with an Ethical Hacker mindset.
• You have a desire to work in a fast moving, forward leaning, and modern technological environment
• You are familiar with offensive security tools such as Qualys,Nessus, NMAP and others
• You are familiar with Web Applications assessments using Burpsuite, SQLMap and OWASP Zap
• You are looking to join a team conducting Infrastructure and Web Applications security assessments from both an automated and manual perspective
• You have a strong desire to continually learn about newtechnologies
• You are recognized for your strong verbal and written communication, collaboration and report writing skills
• You have experience working with clients in a variety of verticals and organizations
• You have the ability to analyze complex problems and discuss them in a simple, logical and thoughtful manner
• You are able to work on multiple projects concurrently, manage time effectively, while requiring minimal supervision
• Current or ability to achieve Secret Level II clearance required

Nice-to-haves:

• You have hands-on working experience in the field
• 3+ years in Information Technology
• University Bachelor’s degree or equivalent experience in a related discipline 
• Knowledge of social engineering and wireless testing
• Professional certificates or the desire to obtain (ie. OSCP)
• Basic Knowledge of GRC standards 
• Open-source contributions
• Experience with CTFs and/or bug bounties
• Experience with software development
• Knowledge of common cloud-based infrastructure (AWS, Azure, GCP etc.)
• Bilingual (English & French)

• Certifications (Nice-to-haves)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Certified Penetration Tester (GPEN)
  • Offensive Security Certified Expert (OSCE)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Security Analyst (ECSA)

The successful candidate will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Advanced knowledge of English is required, because you will, most of the time, interact in English with external parties (clients, suppliers, candidates, external partners, etc.), interact in English with internal parties (colleagues, internal partners, stakeholders, etc.), as part of this position's main responsibilities, given its national scope.