Cybersecurity Consultant (Pentester) - CAN

Who We Are:  

Headquartered in Canada with locations across the United States and around the globe with a footprint on six continents, Bulletproof, a GLI company has decades of technology, security, and compliance expertise. Bulletproof’s work in the security space has been recognized nationally and globally with Microsoft’s global Security Partner of the Year in 2021 and five Microsoft Canada Impact Award wins from 2019 to present-day.  

At Bulletproof, our vision is to serve, secure, and empower the world through people and technology; one customer at a time. We believe everyone has the right to feel safe and secure. Our mission is to serve and protect organizations to ensure their success. 

What we have to offer :

• Challenging Work - We love solving highly complex problems. Across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they're passionate about. 
• Great People - We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success. 
• Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large. 
• Diversity, Equity and Inclusion - We celebrate each other’s differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen. 

What the Role Does…

As a pentester, you will conduct security assessments by probing for and exploiting security vulnerabilities in web-based applications, networks and systems and finding ways to ensure that any risk to our client is mitigated.  

Duties and Responsibilities include, but are not limited to:   

• Conducts security assessments that can be multi-faceted for a wide variety of assigned clients 
• Defines the scope for security testing assignments
• Creates quality assurance security test reports and other documentation as needed 
• Works with clients to develop appropriate remediation plans
• Provides clients with exceptional service in a professional, courteous and timely manner
• Provides technical support as a subject matter expert in the sale of security testing assignments on an as needed basis 
• Provides thought leadership and direction for the Information Security practice on malware, attack vectors and methods to protect against threats
• Teams up with colleagues in other lines of services in support of client needs for Information Security services
• Stays up-to-date on current tools, technologies and vulnerabilities to incorporate into testing practices
• Other related duties as assigned 

Requirements: 

• Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or College Diploma equivalent
• Experience performing vulnerability assessments and/or penetration tests would be preferred
• Application and/or infrastructure penetration testing experience above and beyond running automated tools
• A good understanding of Linux, Windows and network security skills
• Excellent written and oral communication skills in English 
• Ability to meet deadlines and deliver a high-quality product (reports)
• Strong attention to detail
• Ability to work both independently and in a team environment. 

Familiar with (if not qualified in) test suites such as:   

• Nessus 

• MetaSploit 
• Burp Suite  
• Kali  
• NMap  
• Fortify 
• Acunetix  

Certifications - One or more of the following certifications are considered an asset:   

• EC-Council Certified Ethical Hacker (CEH)  
• EC-Council Licensed Penetration Tester (LPT)  
• GIAC Certified Penetration Tester (CPEN)  
• IACRB Certified Penetration Tester (CPT)  
• Offensive Security Certified Professional (OSCP)  
• CREST Registered Tester (CRT)  
• CREST Infrastructure Certification  
• CESG CHECK Team Leader  
• CESG CHECK Team Member  
• Tiger Scheme Senior Security Tester  
• Tiger Scheme Qualified Security Tester  
• Any other recognized penetration testing certification/accreditation 
   

The following skills are preferred but not required:  

• PCI ASV  

• CREST recognized penetration testing certification/accreditation (CREST Certified Tester (CCT) or CHECK Team Leader (CTL) 
• Experience developing custom scripts or tools used for vulnerability scanning and identification 
• Familiarity with threat modelling and security design review methodologies 
• Support team technical development (e.g. through service development or research) and contribute to company technical processes overall 
• Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java and/or Fortify, Veracode, Brakeman and/or IDA Pro 
• Experience with physical security testing, phishing and social engineering techniques.  
• Experience with mobile applications such as Android DeBug Bridge (ADS), OWASP ZAP, Drozer, Mobile Security Framework (MobSF), Smartphone Pentest Framework (SPF), Burp Suite, Android SDK, Friday, Cydia and/or IDB

This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job.  The incumbent may be requested to perform other job-related task and responsibilities than those stated above.

Equal Opportunity Statement:

Bulletproof is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Bulletproof is also committed to compliance with all fair employment practices regarding citizenship and immigration status.