Our client is seeking an experienced and highly motivated Lead Penetration Tester to join their Information Security team. This pivotal role will be responsible for leading offensive security initiatives, identifying vulnerabilities in our client's systems, and providing actionable recommendations for remediation. You will work collaboratively with development and operations teams to integrate security best practices throughout the software development lifecycle and infrastructure management. The successful candidate will have a deep understanding of various attack vectors and the ability to think like an adversary.
Key Responsibilities: Plan, scope, and execute comprehensive penetration tests across web applications, APIs, mobile applications, and network infrastructure. Lead and mentor a team of penetration testers, providing technical guidance and fostering professional development. Develop and refine penetration testing methodologies and tools to improve efficiency and effectiveness. Conduct in-depth analysis of test results, documenting findings, and presenting detailed reports to technical and non-technical stakeholders. Collaborate with system administrators, developers, and security engineers to validate and track remediation efforts. Stay current with the latest security threats, vulnerabilities, and penetration testing techniques. Develop custom tools and scripts to automate repetitive testing tasks. Contribute to the development of security awareness programs and provide training on common vulnerabilities. Perform threat modeling exercises to identify potential security risks early in the design phase. Manage external third-party penetration testing engagements as needed. Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field; Master's degree preferred. Minimum of 7 years of experience in penetration testing and offensive security. Proven experience leading security assessment teams. Extensive knowledge of common vulnerabilities (OWASP Top 10, SANS Top 25) and attack methodologies. Proficiency with a variety of penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, and Cobalt Strike. Experience in scripting languages (Python, Bash, PowerShell) for exploit development and automation. Strong understanding of network protocols, operating systems (Windows, Linux), and web technologies. Excellent written and verbal communication skills, with the ability to articulate complex technical issues clearly. Relevant certifications such as OSCP, OSCE, CISSP, or CEH are highly desirable. Ability to work effectively in a hybrid environment, balancing remote work with on-site collaboration as needed for specific project requirements or team meetings in Gatineau, Quebec . This role offers a competitive salary, comprehensive benefits, and the opportunity to shape the security posture of our organization. This hybrid role requires a balance of remote work flexibility and in-office collaboration at our Gatineau, Quebec facility.
