Security Advisor Specialist, Offensive Security

OverviewThe Security Specialist, Offensive Security is responsible for testing the security controls, the network, and threat response for Intact Financial globally (All regions and all affiliate companies). The role works as a specialist employing techniques, tactics and protocols to test security controls, as part of a global offensive security team. The Specialist, Offensive Security reports to the Director, Offensive Security and collaborates with a team of technical advisors across multiple locations and time zones.If you can think outside of the Kali box, and love to think like an attacker (with a track record to prove your capabilities) we want to talk to you about joining our teamWhat You'll DoConduct reconnaissance on network environments to build the external landscape using industry standard tools, threat intelligence feeds, OSINT and other readily available information sourcesConduct offensive security testing to ensure security controls and response actions are effective. If detected, shift from a red team focus to a purple team approach to strengthen controls across the attack chain enterprise-wideEmploy attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterpriseIdentify and exploit vulnerabilities in computer systems, networks and applications to simulate attacks by threat actors; demonstrate a proven track record of evading modern EDR tools while elevating privileges/hitting targetAnalyze and report on the results of security assessments and make recommendations to improve the enterprise security postureUnderstand the TCP/IP stack in depth and how to exploit it to create covert beacons, C2 channels, and data exfiltration across DNS; familiarity with routing concepts (eg. BGP) is an assetCollaborate with regional governance and risk teams to ensure findings are tracked for remediationGenerate metrics and reports to support executives in reporting on enterprise security control effectivenessEvaluate emerging threats to the financial services space and benchmark regions and affiliates to peers using industry toolsConsume threat intelligence and apply attack surface insights to crown jewel assets, proposing clear rules of engagement for testing activities and ensuring ROE compliance through all phasesMaintain and update offensive security tools, technologies and processes in line with company rules of engagementProvide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagementWhat You Bring To The TableAdvanced knowledge in computer networks, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, Threat intelligence, Incident Response, technical writing, and information riskBachelor's degree in Computer Technology or Information Security (asset)Minimum of five (5) years of relevant professional IT experienceMinimum of three (3) years of information security experienceKnowledge of offensive security operations, tools and techniquesKnowledge of information security standards, regulations and legislation (NIST, COBIT5, ISO 27001) (asset)Python scripting experience in blue/red/purple team engagementsProficiency in manual testing techniques beyond automated scanningStrong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS scoringAbility to translate highly technical data into business-friendly language for non-technical stakeholdersCertifications such as CEH or CISM are assetsAnalytical mindset, pragmatic approach to IT security issues, and ability to work in a dynamic environment with multiple objectivesStrong interpersonal skills, collaboration across teams, and ability to lead work groupsAbility to write and present material to communicate difficult concepts and gain consensusCustomer-focused approach and ability to work under pressureFor candidates located in Quebec, bilingualism is required; must be eligible to work in CanadaWhat We OfferHybrid work model balancing remote and in-person collaborationFinancial rewards program recognizing successIndustry-leading Employee Share Purchase Plan (matching 50% of net shares purchased)Extensive flex pension and benefits package with virtual healthcareFlexible work arrangementsOpportunity to purchase extra vacation daysAnnual wellness account and resources for physical and mental healthDynamic learning ecosystem with journeys and programsInclusive employee networks and leadership developmentCommunity Impact program and opportunities to contribute to community initiativesWe are an equal opportunity employerIntact values diversity and strives to create an accessible workplace where employees feel valued and included. We encourage applications from equity-deserving groups and acknowledge Canada’s Indigenous history in our recruitment and operations. We provide accommodations on request during the recruitment process.EEO and AccessibilityWe have policies to ensure equal access and participation for people with disabilities and will provide workplace adjustments as needed. If you require an accommodation, please let us know during the recruitment process. #J-18808-Ljbffr