Security Advisor Specialist, Offensive Security

Security Advisor Specialist, Offensive Security (Global Red Team)What You'll Do HereConduct reconnaissance on network environment to build external landscape using industry standard tools, threat intelligence feeds, OSINT and other readily available information sourcesConduct offensive security testing to ensure security controls and response actions are effective. If you are detected, shifting from a red team focus to a purple team approach – the purpose isn’t to create a “Gotcha” moment – the mission is to strengthen controls throughout the entire attack chain across the enterprise.Employ attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterprise.Ability to identify and exploit vulnerabilities in computer systems, networks and applications to simulate attacks by threat actors – you have a proven track record of evading modern EDR while elevating privileges/hitting your target.Analyze and report on the results of security assessments and make recommendations to improve the security posture of the enterprise.Understand the TCP/IP stack in depth and know how to exploit it to create covert beacons, C2 channels, exfiltrate data across DNS. Knowledge of routing tables and how they can be exploited is an asset.Work with regional cyber governance and risk teams to ensure that findings are properly tracked for remediationGenerate the required metrics and reports to support the CISO IFC Affiliates in reporting on enterprise security control effectivenessLeverage industry standard and emerging tools to evaluate emerging threats to the financial services space and benchmark regions and affiliate companies to peers.Consume threat intelligence and apply the attack surface to crown jewel assets for target and tactic development, proposing clear rules of engagement for testing activities and ensuring compliance to the ROE through all phases of testing.Maintain and update all offensive security tools, technologies and processes in line with company rules of engagementProvide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagement.What You Bring To The TableAdvanced knowledge in: computer networks, operational security platforms, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, Threat intelligence, Incident Response, technical writing, information risk.Bachelor's degree in Computer Technology, Information Security, an asset.A minimum of five (5) years of relevant professional experience in information technology.A minimum of three (3) years of experience in information security.Knowledge of offensive security operations, tools and techniques.Knowledge of information security standards, regulations and legislation (NIST, COBIT5, ISO 27001), an asset.Python scripting comes naturally, and a history of using it in blue/red/purple team engagementsProficiency in manual testing techniques beyond automated scanning.Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS scoring.Ability to translate highly technical data into business-friendly language for non-technical stakeholders.Bonus: participation in capture the flag competitions.Recognized certifications in information security (CEH, CISM or other), an asset.Analytical mindset and pragmatic approach to IT security issues.Strong collaboration skills to provide secure solutions internally and externally.Ability to work in a dynamic environment with multiple objectives and to prioritize in high-pressure settings.Customer-focused approach and ability to challenge the status quo.For candidates located in Quebec, bilingualism is required considering regular interaction with English-speaking colleagues across the country.No Canadian work experience required however must be eligible to work in Canada.What We OfferHybrid work model balancing remote work and in-person collaborationFinancial rewards program recognizing successIndustry-leading Employee Share Purchase Plan; we match 50% of net shares purchasedExtensive pension and benefits package with access to virtual healthcareFlexible work arrangementsOption to purchase up to 5 extra days off per yearAnnual wellness account to promote an active, healthy lifestyleResources to support physical and mental health, change management, and colleague connectionDynamic workplace learning ecosystem with learning journeys and programsInclusive employee-led networks for development opportunitiesSupportive leadership and opportunities for growthCommunity Impact program aligning personal values with community involvementWe are an equal opportunity employer. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives. We encourage applications from individuals who are members of equity-deserving groups, including women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community. We acknowledge that we work, meet and travel across the land currently called Canada, historically inhabited by First Nations, Métis and Inuit people. We have policies to ensure equal access and participation for people with disabilities, including providing workplace accommodations. If we can provide a specific adjustment to make the recruitment process more accessible, please let us know when we reach out about a job opportunity. Learn more about our recruitment process and your candidate journey here. If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site. #J-18808-Ljbffr