Consultant or Senior Consultant, Penetration Testing / Offensive Security
BDO Canada
Vancouver, BC, CA
10h ago

Your opportunity

We are looking for a Consultant or Senior Consultant, Penetration Testing / Offensive Security to join BDO’s growing Cybersecurity Practice, with the ability to work remotely from anywhere in Canada.

The successful individual will be driven, and results oriented, with a strong focus on Offensive Security. This individual would be supporting the Penetration Testing, Vulnerability Assessment and Red Teaming service line by executing client engagements, as well as conducting research and development of tools, techniques, among others.

Your responsibilities will include :

  • Perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools, e.
  • g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.

  • Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g.
  • emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems

  • Identify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversary
  • Demonstrate an understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines
  • Participate in the modeling and execution of Red Teaming scenarios for organizations across Canada
  • Develop scripts and tools enhancing the security practice at BDO, and authoring relevant documentation
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Demonstrate an understanding of the client environment and overall project scope
  • Organize and deliver services on a cross-section of complex projects
  • Actively participate in the development of business and vendor relationships
  • Participate and lead aspects of the proposal development process
  • Manage day-to-day interactions with clients and internal BDO team
  • Display both breadth and depth of knowledge regarding functional and technical issues
  • Proactively seek guidance, clarification, and feedback
  • Keeping leadership informed of progress and issues; and
  • Sustain a high level of drive, show enthusiasm and a positive attitude when coping with pressure at work.
  • How do we define success for your role?

  • You demonstrate BDO's core values through all aspect of your work : Integrity, Respect and Collaboration
  • You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
  • You identify, recommend, and are focused on effective service delivery to your clients
  • You share in an inclusive and engaging work environment that develops, retains & attracts talent
  • You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
  • You grow your expertise through learning and professional development.
  • Your experience and education

    Required :

  • Ability to work independently
  • Ability to manage small engagements or work streams and multiple team members with confidence
  • Professional oral and written communication skills
  • Strong problem solving and troubleshooting skills with experience exercising mature judgement
  • Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Ruby, etc.)
  • Expert knowledge of Kali Linux
  • Excellent teamwork and interpersonal skills
  • At a minimum, a Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
  • Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities
  • Experience presenting to clients or other decision makers to present and sell ideas to various audiences (technical and non-technical)
  • Strong knowledge of technical concepts such as application security, network segregation, access controls, IDS / IPS devices, physical security, and information security risk management
  • Thorough understanding of network protocols, data on the wire, and covert channels
  • Understanding of attacker techniques aligned to MITREs ATT&CK framework
  • Experience with conducting penetration testing of cloud-based assets
  • Expert knowledge of Unix / Linux / Mac / Windows operating systems
  • Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
  • Ability to conduct social engineering engagements through phone, e-mail, messages etc.
  • Experience in using Virtualization solutions such as VMware, Hyper-V etc.
  • 5+ years' practical experience in at least three of the following :
  • Network penetration testing and manipulation of network infrastructure
  • Systems and / or web application assessments
  • Shell scripting or automation of simple tasks using Perl, Python, or Ruby
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Developing applications in C#, ASP, .NET, ObjectiveC, Go, Java (J2EE), Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript
  • Reverse engineering malware, data obfuscators, or ciphers
  • Source code review for control flow and security flaw
  • Mobile platform and application testing knowledge (e.g. iOS, Android)
  • Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for Cybersecurity
  • Preferred :

  • Strong knowledge of container technologies such as Docker
  • Strong knowledge of AWS, Azure and Google Cloud
  • Sound understanding of traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
  • Sound understanding of Endpoint Detection and Response techniques and tools such as Carbon Black, Palo Alto Cortex, Checkpoint etc.
  • Pre-sales, proposal, and RFP experience
  • Past experience working with public sector
  • Must be able to obtain and maintain required clearance for this role
  • Certification(s) Preferred :

    One or more of the following :

  • Offensive Security Certified Professional (OSCP)
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Security Essentials Certification (GSEC)
  • CompTIA Pentest+
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Penetration Tester (GPEN)
  • Offensive Security Certified Professionals (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • CREST Registered Penetration Tester
  • CREST Certified Infrastructure Tester
  • Certified Ethical Hacker
  • Why BDO?

    Our firm is committed to providing an environment where you can be successful in the following ways :

  • We enable you to engage with the firm's strategic plan, and be a key contributor to the success and growth of the firm.
  • We help you be the best professional you can be in our services, industries and markets.
  • Achieve your personal goals outside of the office and make an impact on your community.
  • Giving back, it adds up : Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives.

    We support staff with local and national events where you will be given the opportunity to contribute to your community.

    Total rewards that matter : We pay for performance with competitive total cash compensation that recognizes and rewards your contribution.

    We provide flexible benefits from day one, and a market leading personal time off policy. We are committed to supporting your overall wellness beyond working hours, and provide reimbursement for wellness initiatives that fit your lifestyle.

    Everyone counts : We believe every employee should have the opportunity to participate and succeed. Through leadership by our Chief Inclusion and Diversity Officer, we are committed to a workplace culture of respect, inclusion, and diversity.

    We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation.

    If you require accommodation to complete the application process, please contact us.

    As a hybrid workplace, all BDO personnel are expected to spend some of their time working in the office, at the client and remotely unless accommodations or alternative work arrangements are in place.

    To protect the health and safety of our people, clients and communities, we require all partners and employees to be COVID-19 fully vaccinated in order to enter a BDO office.

    Individuals that cannot be fully vaccinated with a Health Canada approved vaccine due to medical reasons or another protected ground under Human Rights legislation may request an accommodation.

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form