Facebook pixel

Lead Penetration Tester
Confirmed live in the last 24 hours
Locations
Canada • Remote
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
AWS
Google Cloud Platform
JavaScript
Java
Research
Python
Requirements
  • 8+ years of application-focused offensive security experience in supporting a variety of technologies
  • Understanding of cryptographic concepts and applied cryptography (SSL, AES etc.)
  • Additional experience in IT, security engineering, system and network security, authentication and security protocols
  • Scripting/programming skills (Python, Java, JavaScript, etc.) preferred
  • Experience with AWS and/or GCP cloud environments preferred, understanding its major technologies such as IAM, EC2, VPC, EBS, S3, and Lambdas
  • Network and web-related protocol knowledge (e.g., TCP/IP, UP, IPSEC, HTTP, HTTPS, routing protocols)
  • Familiarity with security tools & frameworks like Burpsuite, Metasploit, Kali, Canvas, etc
  • Strong communication skills (i.e., written and verbal) - including the ability to work as a mentor
  • OSCP/E, OSWP, CEH, PenTest+, Licensed Pen Tester, GWAPT, GPEN, or GXPN certifications are helpful, but not required
  • Advanced relevant academic training is a definite bonus but not required, i.e., Bachelor's in Computer Science
  • Candidate needs to be passionate about offensive security and has an unstoppable drive to innovate
  • Red Team Experience as an operator
  • Web Application Penetration Testing: 6-8+ years (Required)
  • Cloud Pen testing: 2-3 years (Required)
  • Network Pen testing: 2-3 years (Preferred)
  • Attack Simulation: 2-3 years (Preferred)
  • C2 Infrastructure Creation: 2-3 years (Preferred)
  • C2 & TTP Development: 2-3 years (Preferred)
  • Full Scope Red Team: 2-3 years (Preferred)
  • MITRE ATT&CK: 1-2 years (Preferred)
  • Physical Security: 1-2 years (Preferred)
  • Security conference speaking, blog posts, or presentations (preferred)
Responsibilities
  • Apply state of the art methodologies, tooling, and skills to demonstrate real vulnerabilities, and help internal teams improve security posture and technical controls to mitigate the issues. We're looking for passionate individual who goes beyond finding vulnerabilities identified by vulnerability scanners/tools
  • As an Offensive Security Expert, you will conduct ongoing research into latest attack TTPs, collaborate with teams for vulnerability remediation and discover dangerous flaws and major security vulnerabilities for our products and infrastructure before they're found by attackers
  • Expertise and experience in web application and/or network penetration testing
  • Vulnerability assessments including manual testing to further evaluate the security of applications
  • Knowledge of exploit development, execute and chain TTP's, vulnerability research/reporting
  • Penetration testing and code review (including DAST and SAST; experience with JAVA and JavaScript based environments)
  • Understanding security fundamentals and common vulnerabilities (e.g., OWASP Top Ten and SANS Top 25) in addition to more modern web app and enterprise app vulnerabilities
Five9

1,001-5,000 employees

Cloud based call and contact center software
Company mission
Five9's mission is to empower organizations to transform their contact centers into customer engagement centers of excellence. The company provides software for managing omnichannel customer interactions including voice, SMS, chat, email, social, video, and more.
Company Values
  • Do the right thing for the customer
  • Treat it like you own it
  • Service guides us
  • Act with integrity and humility
  • Relentless learning
  • Bias toward action
  • Diversity