As a Senior Offensive Security Advisor, you help identify, analyze, eradicate and mitigate threats to Desjardins Group’s external systems. You plan for threats based on the continuous development of offensive techniques and threat actors. You design, develop and implement offensive methods and tools, while mitigating the risks associated with their use. You follow rigorous processes and develop new ones to protect the organization from cyberattacks.
You’ll have access to a diverse range of cutting-edge offensive tools and the opportunity to continuously test to identify, analyze and exploit vulnerabilities. More specifically, you will be required to:
Discover and map out exposed assets and services: configure and develop discovery tools to maintain a complete and up-to-date inventory.
Identify and analyze major issues. Create diagnostics and make recommendations based on different constraints. Analyze, map and explain threats to guide test activities.
Analyze, map and explain REALISTIC threats identified on the external perimeter.
Identify exploitable vulnerabilities:
Combine manual and automated approaches to identify vulnerabilities.
Continuously monitor the external perimeter:
Perform non-regression tests to prevent the vulnerabilities from returning.
Work with experts to strengthen the overall security posture.
Facilitate technical workshops to generate detailed analyses and feed risk assessments.
Conduct research and develop innovative methodologies to improve asset recognition and vulnerability exploitation.
Independently manage assigned files: organizing meetings, managing schedules and priorities, and gathering the required information.
What we offer*
Competitive salary and annual bonus
4 weeks of flexible vacation starting in the first year
Defined benefit pension plan that provides predictable, stable income throughout retirement
Group insurance including telemedicine
Reimbursement of health and wellness expenses and telework equipment
#LI-Hybrid
What you bring to the table
Bachelor’s degree in IT or a related field
A minimum of six years of relevant information security experience, including 3 years of penetration testing (Pentest or Red Team)
Please note that other combinations of qualifications and relevant experience may be considered
Experience using threat modeling methodologies such as STRIDE and OWASP or comparable experience visually representing data and process flows in a corporate environment
Experience in vulnerability detection through bug bounty initiatives
Experience making recommendations and putting people into action
Experience analyzing source codes and identifying vulnerabilities
Advanced proficiency in French, both spoken and written
Proficiency in application security and infrastructure operations
Knowledge of defence mechanisms and business controls
Familiarity with the MITRE ATT&CK framework
Trade Union (If applicable)
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: