Penetration Testing Analyst

Job Description

At Sun Life, we work together, share common values, and encourage growth and achievement. We are seeking a skilled Penetration Testing Analyst to perform hands-on security testing of applications, infrastructure, and systems. This role is primarily focused on Penetration Testing delivery
, with secondary exposure to Red Team activities
, contributing to adversary simulation exercises where required. The successful candidate will have strong technical testing capabilities, with an interest in developing broader offensive security skills.

• Perform web, API, mobile, and infrastructure penetration testing across enterprise applications.
• Identify, exploit, and validate security vulnerabilities using manual testing techniques and industry tools.
• Conduct testing in line with established methodologies and security frameworks (e.g., OWASP).
• Produce clear, structured reports outlining:
  • Vulnerabilities and root cause
  • Business impact and risk rating
  • Practical remediation recommendations
• Perform research into new vulnerabilities, exploits, and attack techniques to enhance testing coverage.
• Support re-testing activities to validate remediation of identified issues.
• Support Red Team or adversary simulation exercises where required.
• Contribute to reconnaissance and attack surface mapping, identification of potential attack paths.
• Support documentation of attack paths and identified security gaps
  .
• Assist in controlled exploitation activities under guidance, including:
  • Initial access techniques
  • Limited post-exploitation validation (e.g., privilege escalation concepts, lateral movement awareness)

• Basic understanding of adversary simulation concepts and attack lifecycle
  .
• Familiarity with:
  • Reconnaissance techniques
  • Common initial compromise methods
• Awareness of:
  • Privilege escalation and lateral movement concepts
  • Attack paths across enterprise environments
• Interest in developing Red Team and offensive security capabilities over time.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Certifications such as OSCP, OSWA, CISSP or CompTIA are desired but not required.

• 22 Days Annual Leave - increasing to 25 days based on length of service
• Maternity Leave, Paternity Leave, Parental Leave
• C $400/275 Fitness Reimbursement for gym membership annually
• Annual Bonus plan based on Company and Individual Performance
• 100% Private Health Insurance cover for employees and 50% contribution for family members from date of hire
• Study Assistance Programme inclusive of Masters Programme
• S&S Club, Wellness Programme, GP Scheme, Flu Vaccines, Eye Care Scheme as well as lots of discounted events and classes
• Defined Contribution Pension Scheme
• Access to Professional Development Training Platforms