Senior Security Consultant

TELUS•Vancouver, BC

7d•Remote

About The Position

Prevent. Protect. Prevail. We live in a fast-paced cyber-world where protecting our information has become paramount. At TELUS Cyber Security, we strive to always be steps ahead, tackling the toughest security challenges head-on with top talent and cutting edge technology. Define your career today as a Senior Consultant with our Security Professional Services team! Here’s the impact you’ll make and what we’ll accomplish together Reporting to the Principal, Cyber Security Professional Services as part of the TELUS Cyber Security Professional Services team, Senior Consultant, Penetration Testing supports client security testing engagements. If you possess extensive experience in offensive security and penetration testing and its underlying principles and have strong working experience in the field with current, effective and advanced technical skills in web application security, infrastructure testing, cloud security, vulnerability management, red/blue team engagements and making recommendations for remediation, this role might be just for you!

Requirements

Proficient with current application vulnerabilities, particularly those listed in the OWASP Top 10 and CWE Top 25.
Practical expertise with commercial and open-source intrusion testing tools (e.g.: Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, CANVAS, SQLMap, Empire, etc.).
Good knowledge of Linux and Windows operating systems.
Some experience with programming languages (Python, PowerShell, Ruby or other relevant languages).
Familiar with industry standard methodologies and standards in penetration testing (PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, etc.).
5+ years of experience in penetration testing, development and/or technical support in cybersecurity.
Cybersecurity is your passion and you have an "ethical hacker" mindset.
Master offensive security tools such as Qualys, Nessus, Nmap and others.
Comfortable with web application assessment using Burp Suite, SQLMap and OWASP Zap.
Strong interest in continuous learning of new technologies.
Strong oral and written communication skills, collaborative spirit and report writing abilities.
Experience working with clients from various business sectors and types of organizations.
Capable of analyzing complex problems and discussing them in a simple, logical and thoughtful manner.
Advanced knowledge of English is required.

Nice To Haves

Concrete practical experience in the field.
Understanding of Internet of Things (IoT) security.
At least 8 years of experience in information technologies.
University degree or equivalent experience in a relevant discipline.
Knowledge of social engineering techniques and wireless security testing.
Professional certifications (e.g.: OSCP) or willingness to obtain them.
Basic knowledge of GRC (Governance, Risk and Compliance) standards.
Contributions to open-source projects.
Experience with CTF (Capture The Flag) competitions and/or "bug bounty" programs.
Experience in software development.
Knowledge of current cloud infrastructures (AWS, Azure, GCP, etc.).
Bilingualism (French and English).
GIAC Web Application Penetration Tester (GWAPT)
GIAC Certified Penetration Tester (GPEN)
Offensive Security Certified Expert (OSCE)
Certified Secure Software Lifecycle Professional (CSSLP)
Certified Security Analyst (ECSA)

Responsibilities

Support client security testing engagements.
Support client projects and mandates.
Write reports and prepare presentations.
Leverage communication skills to popularize technical findings to a non-specialized audience.
Perform infrastructure and web application security assessments, both automated and manual.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume