Penetration Testing Consultant
Penetration Testing Consultant
Region: Greater Toronto Area
Employment Type: Contract
Security Clearance: No Clearance Required
Language Requirements: English
Job Reference Number: 37493-KC
As an ethical hacker, you will be working with multiple clients on providing penetration testing services, vulnerability assessments, and mitigation advice related to the infrastructure and information resources.
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences on findings, effectively communicating findings, and providing recommendations
• Recognize and safely utilize attacker tools, tactics, and procedures
• Manage and oversee vulnerability programs to detect and mitigate vulnerabilities in organizations
• Strategize in developing innovative security testing services for emerging technologies
• Reviews and identifies false positives generated by scanners or tools
• Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
• Configuration review of information technology systems including network devices, applications, databases, and virtual environments
• Perform web application scanning and using various tools to discover vulnerabilities such as cross-site scripting, SQL injection, cross site request forgery, remote code execution
Experience and Qualifications:
• Working knowledge of symbolic execution, malware analysis, pivoting, source code scanning, exploit writing
• Experience and knowledge with industry tools, security threats, attacks & countermeasures, sources of industry information and standards
• Knowledge of cloud security platforms and relevant security measures
• Knowledge of encryption algorithms, techniques, deployments
• Experience with Social Engineering techniques
• Network penetration testing and manipulation of network infrastructure
• Mobile and/or web application assessments
• Email, phone, or physical social-engineering assessments
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
• Reverse engineering malware, data obfuscators, or ciphers
• Source code review for control flow and security flaws
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
• Bachelor's degree in a technical field desired
Other Additional Comments:
Are you an ADGA employee or consultant? If so, check out our new referral program!
ADGA Group Consultants Inc. has policies and procedures in place to support its employees with accommodation requirements throughout the organization.
Accommodations are available on request for candidates taking part in all aspects of the selection process. If accommodation is required, it is requested that you contact ADGA’s Accessibility Officer.