Sr Security Cnslt

About The Position

Requirements

• 5+ years of experience in penetration testing, development, and/or technical support in cybersecurity
• Passionate about cybersecurity and adopt an "ethical hacker" mindset
• Desire to evolve in a dynamic, innovative, and modern technological environment
• Proficiency with offensive security tools such as Qualys, Nessus, Nmap, and others
• Comfortable with web application assessment using Burp Suite, SQLMap, and OWASP Zap
• Desire to join a team that conducts security assessments of infrastructures and web applications, both automated and manual
• Strong interest in continuous learning of new technologies
• Strong oral and written communication skills, collaborative spirit, and report writing abilities
• Experience working with clients from various sectors and types of organizations
• Ability to analyze complex problems and discuss them in a simple, logical, and thoughtful manner
• Ability to manage multiple projects simultaneously, manage time effectively, and work with minimal supervision
• Valid Secret II level security clearance or the ability to obtain it (mandatory)

Nice To Haves

• Hands-on practical experience in the field
• Understanding of Internet of Things (IoT) security
• At least 8 years of experience in information technology
• University Bachelor's degree or equivalent experience in a relevant discipline
• Knowledge of social engineering techniques and wireless security testing
• Professional certifications (e.g., OSCP) or willingness to obtain them
• Basic knowledge of GRC (Governance, Risk, and Compliance) standards
• Contributions to open-source projects
• Experience with CTF (Capture The Flag) competitions and/or bug bounty programs
• Software development experience
• Knowledge of common cloud infrastructures (AWS, Azure, GCP, etc.)
• Bilingualism (French and English)
• Certifications (Considered assets): Offensive Security Certified Professional (OSCP), Certified Red Team Operator (CRTO), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Penetration Tester (GPEN), Offensive Security Certified Expert (OSCE), Certified Secure Software Lifecycle Professional (CSSLP), Certified Security Analyst (ECSA)

Responsibilities

• Mastery of common application vulnerabilities, including those listed in the OWASP Top 10 and CWE Top 25
• Practical expertise with commercial and open-source penetration testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, CANVAS, SQLMap, Empire, etc.)
• Support client projects and mandates, write reports, and prepare presentations, leveraging your communication skills to simplify technical findings for a non-specialized audience.
• Good knowledge of Linux and Windows operating systems
• Programming skills (Python, PowerShell, Ruby, or other relevant languages)
• Knowledge of recognized penetration testing methodologies and standards (PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, etc.)