Senior Penetration Tester

· Toronto, Ontario
Employment Type Full-Time
Minimum Experience Experienced

About Us: 


ISA is a cybersecurity-focused technology firm, with almost three decades of experience helping organizations of all sizes solve complex challenges relating to IT security.  We act as trusted advisors in providing services to help our clients define, implement and manage their strategies to minimize IT security related risk, and to provide a secure business environment for their employees and customers. We also deliver state-of-the-art cybersecurity solutions thanks to strong partnerships with the industry’s leading Technology Vendors.


Why Join Us? At ISA, every employee makes a P.A.C.T. to Embody Our Corporate Core Values, everyday.  Our core values (Passion for Excellence, Accountability, Commitment, Trust) shape the community and culture we have built and are an active part of everything that we do. We also believe that what will make you great is your individual contributions to your team; think of your team as a start-up that learn from each other. If you’re looking for autonomy and no old-fashioned hierarchy, ISA and you could be a match made in heaven.


Principal Duties:


As a Senior Consultant, you will perform various activities with respect to Penetration Testing and application security, including, but not limited to:


  • Experience conducting Vulnerability Assessments and Penetration Testing
  • Performing web and mobile application security assessments
  • Cloud Technologies (e.g. Azure, AWS, Google, IBM, etc.)
  • Expert knowledge of ethical hacking principles and techniques
  • Ability to articulate, document and communicate risk effectively
  • Experience conducting Security Assessment exercises including SANS Top 20 Audits
  • Experience with architecture and design of security solutions within large, complex enterprise environments
  • Researching and learning about information security trends, new testing techniques, and best practices, and knowledge sharing with the team
  • Providing clear and concise communication (written and oral) to clients that consists of findings, recommendations, road maps, and actionable plans
  • Familiarity with network and endpoint security point products configuration best practices
  • Open-source threat intelligence research, analysis and application
  • Cloud Security Gap Assessments
  • Application Threat Modeling
  • Running DAST, SAST and SCA and performing analysis
  • Helping clients to build security automation testing into CI/CD pipelines and develop DevSecOps practices
  • Offensive security exercises related to Application and Cloud Security
  • In-depth expertise in Network and endpoint, security solutions would be considered an asset


Qualifications:


  • Malware Reverse Engineering
  • Source code reviews
  • Best Practices of Payload Development, Assembly  and Distribution
  • Cloud Services Security Testing
  • ISO 27000 series such as 27001, 27002, 27032, 27035
  • NIST SP 800 series
  • PCI DSS
  • OWASP Top Ten
  • SANS Institute – CIS Critical Security Controls
  • Vulnerability management
  • Bilingual in French and English is considered an asset


    The ideal candidate with have the following certifications and/or education:


    • Certified Ethical Hacker (CEH)
    • Certified Information Systems Security Professional (CISSP)
    • Offensive Certified Security Professional (OSCP)

      Thank You

      Your application was submitted successfully.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

      • Location
        Toronto, Ontario
      • Employment Type
        Full-Time
      • Minimum Experience
        Experienced