Location: Preferred Moncton, will consider Fredericton & Halifax
Bulletproof is growing! With the recent acquisition of Bulletproof by Gaming Laboratories International (GLI), our mandate to expand our capacity and market reach is aggressive. We are building the team to help us achieve those goals; in Atlantic Canada, across the Country, into the USA and Internationally. We have ambitious plans to leverage our depth of experience across our practices and we are building an ambitious team to achieve those goals together.
Since Bulletproof began in 2000, we have expanded our services to be much more than an IT company. Bulletproof offers a comprehensive selection of advanced technologies and know-how and is steadfastly focused on solving business challenges for our global clients.
Each of the Bulletproof practices work together to provide true end to end business solutions. We bring together market-leading services for the delivery of quality management solutions, global regulatory intelligence, IT process improvement, enhanced due diligence, compliance management, internal audit, and risk management services.
The role will focus on both internal testing, and supporting third party penetration testing efforts with a primary technical focus on leading security assessments with little oversight. The Security Penetration Tester will be responsible for participating in assessments of the Information Systems of clients to evaluate whether they comply with the requirements as set by the regulator and/or ISO, PCI and/or other relevant standards.
Job Details/Essential Functions/Responsibilities:
- Conduct Network and Threat Risk Assessments (NRAs and TRAs) in North America and globally.
- Internal and external network penetration testing.
- Application testing, including black box, and code reviews.
- Develop and communicate recommendations on findings remediation.
- Continuous improvement of testing processes and methodologies.
- Coordinate and function as a subject matter expert to third-party penetration testing efforts.
- Ensures that clients are provided professional, courteous and timely support and service.
- Contributes to the development of new procedures and techniques for Vulnerability Assessment and Penetration Testing.
- Responsible for assessment planning, field work documentation and reports.
- Responsible for following all engagement quality requirements.
- University Degree in Computer Science, Community College Diploma with equivalent technical discipline.
- 4+ years of professional experience in computer security and networking.
- One of the following certification is beneficial Certified Ethical Hacker, SANS GIAC Penetration Testing, and OSCP or OSCE.
- 2+ years’ experience in penetration testing.
- Must hold a Valid Canadian Passport and be eligible to apply for a US Work Visa
- Intermediate understanding of networking (all OSI layers, protocols, Architecture, configuration, operational practices, etc.)
- Strong understanding of Windows/Linux/Unix operating systems.
- Strong understanding of operating system and software vulnerabilities and exploitation techniques.
- Advanced knowledge of the detection, exploitation, and prevention of software vulnerabilities (i.e., SQL injection, XSS, buffer overflows).
- Strong knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.).
- Understanding of IT security and governance frameworks, such as ISO 27001/2 and NIST.
- Exceptional communication skills, both oral and written.
- Ability to build solid relationships and able to effectively communicate with all levels of clients in a professional manner.
- Excellent self-tasking skills.
- Must be able to travel 70% +.