Senior Security Consultant
Join our team Prevent. Protect. Prevail. We live in a fast-paced cyber-world where protecting our information has become paramount. At TELUS Cyber Security, we strive to always be steps ahead, tackling the toughest security challenges head-on with top talent and cutting edge technology. Define your career today as a Senior Consultant with our Security Professional Services team! Here’s the impact you’ll make and what we’ll accomplish together Reporting to the Principal, Cyber Security Professional Services as part of the TELUS Cyber Security Professional Services team, Senior Consultant, Penetration Testing supports client security testing engagements. If you possess extensive experience in offensive security and penetration testing and its underlying principles and have strong working experience in the field with current, effective and advanced technical skills in web application security, infrastructure testing, cloud security, vulnerability management, red/blue team engagements and making recommendations for remediation, this role might be just for you! Here’s How You are proficient with current application vulnerabilities, particularly those listed in the OWASP Top 10 and CWE Top 25 You have practical expertise with commercial and open-source intrusion testing tools (e.g.: Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, CANVAS, SQLMap, Empire, etc.) You are able to support client projects and mandates, write reports and prepare presentations, leveraging your communication skills to popularize technical findings to a non-specialized audience You have good knowledge of Linux and Windows operating systems You have some experience with programming languages (Python, PowerShell, Ruby or other relevant languages) You are familiar with industry standard methodologies and standards in penetration testing (PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, etc.)
Qualifications
You’re the missing piece of the puzzle: You have 5+ years of experience in penetration testing, development and/or technical support in cybersecurity Cybersecurity is your passion and you have an "ethical hacker" mindset You want to evolve in a dynamic, innovative and modern technological environment You master offensive security tools such as Qualys, Nessus, Nmap and others You are comfortable with web application assessment using Burp Suite, SQLMap and OWASP Zap You want to join a team that performs infrastructure and web application security assessments, both automated and manual You show strong interest in continuous learning of new technologies You have strong oral and written communication skills, collaborative spirit and report writing abilities You have experience working with clients from various business sectors and types of organizations You are capable of analyzing complex problems and discussing them in a simple, logical and thoughtful manner Nice-to-haves: Concrete practical experience in the field Understanding of Internet of Things (IoT) security At least 8 years of experience in information technologies University degree or equivalent experience in a relevant discipline Knowledge of social engineering techniques and wireless security testing Professional certifications (e.g.: OSCP) or willingness to obtain them Basic knowledge of GRC (Governance, Risk and Compliance) standards Contributions to open-source projects Experience with CTF (Capture The Flag) competitions and/or "bug bounty" programs Experience in software development Knowledge of current cloud infrastructures (AWS, Azure, GCP, etc.) Bilingualism (French and English) Certifications (Nice-to-haves) GIAC Web Application Penetration Tester (GWAPT) GIAC Certified Penetration Tester (GPEN) Offensive Security Certified Expert (OSCE) Certified Secure Software Lifecycle Professional (CSSLP) Certified Security Analyst (ECSA) Please note: This position is a mobile/remote work setting. The successful candidate will be required to undergo a security check and may need to meet eligibility requirements for access to classified information. Advanced knowledge of English is required because you will most of the time interact in English with external parties (clients, suppliers, candidates, external partners, etc.); interact in English with internal parties (colleagues, internal partners, stakeholders, etc.); and work with IT tools whose interface is only accessible in English as part of this position's main responsibilities given its national scope. Apply To This Job