Expert IT Architecture Security Consultant - Offensive

Beneva•Saguenay, QC

13d•Hybrid

About The Position

Under the responsibility of the Director - Cyber Defense and Operations, the Expert Consultant will contribute to defining Beneva's offensive security directions. They will design, implement, and oversee the offensive security domain's penetration testing roadmap for Beneva, in addition to ensuring the smooth operation of services within the team. Their primary role is to guarantee the security and protection of technological infrastructures against internal and external threats. Through their extensive skills and knowledge, as well as their understanding of security issues, they can recommend a set of actions or work to implement appropriate security measures and controls. They also act as an expert to collaborate in defining Beneva's target security architecture. Through their pedagogical approach, they ensure a better understanding of security needs, risks, and their impacts.

Requirements

University degree in computer science or equivalent.
Hold one or more offensive security certifications.
A minimum of 10 years of professional experience, including 5 years in the field.
Knowledge of security frameworks: OWASP, Mitre Attack, NIST CSF, NIST SP 800, CIS 18 CSC.
Knowledge of operational security processes and activities, particularly vulnerability management and offensive security.
Knowledge of Agile methodology (SAFe).
Proficiency in French, both spoken and written.
Functional knowledge of English, both spoken and written, is required due to the nature of the tasks, interactions with English-speaking colleagues, partners, clients, or suppliers, as well as the company's growth outside of Quebec.

Nice To Haves

Hold a security certification is an asset.

Responsibilities

Act as the expert in the field and discipline of offensive security.
Design, document, communicate, and evolve the cybersecurity ecosystem to meet the company's challenges related to their area of expertise.
Validate technologies proposed by product teams and ensure their integration with other enterprise solutions.
Establish offensive security domain roadmaps: Penetration tests, 'purpleteam' exercises, training, mitigation plans leading to the achievement of the company's desired results, in collaboration with cybersecurity teams.
Lead penetration testing missions against a variety of web applications, services, and infrastructures of advanced complexity.
Develop attack strategies to simulate real attacks conducted by threat actors.
Ability to identify and exploit complex vulnerabilities in IT systems, networks, and applications to simulate attacks by threat actors.
Analyze security assessment results, report on them, and formulate recommendations to improve the organization's security level.
Advise management on non-compliance with defined standards in tested applications.
Clearly communicate the problem to product and development teams and verify the effectiveness of the correction.
Consider the specific contexts of different business sectors to propose effective and innovative security solutions.
Collaborate in documenting initiatives and champion them in various committees.
Identify necessary measures to optimize security controls.
Understand security issues, know and identify risks related to an information system, and consider all dimensions (technical, organizational, human, legal, regulatory).
Coaching and influencing role with expert security architecture consultants and members of their squad.
Collaborate with internal teams to interpret, understand, and communicate real business risks in relation to technological risks.