Security Advisor Specialist, Offensive Security

Security Advisor Specialist, Offensive Security (Global Red Team) Overview The Security Specialist, Offensive Security is responsible for testing security controls, the network, and threat response for Intact Financial globally. You will work as a specialist employing offensive security techniques, tactics and protocols as part of a global team. This role reports to the Director, Offensive Security and collaborates with technical advisors across multiple locations and time zones. What You'll Do Here Conduct reconnaissance on the network environment to map the external landscape using industry-standard tools, threat intelligence feeds, OSINT and other information sources. Perform offensive security testing to validate security controls and detection/response effectiveness. When appropriate, adopt a purple team approach to strengthen controls across the enterprise attack chain. Simulate real-world attacks to benchmark response capabilities across the enterprise. Identify and exploit vulnerabilities in computer systems, networks and applications to emulate threat actor activity, including evading modern EDR solutions while elevating privileges and reaching targets. Analyze and report findings from security assessments and make recommendations to improve the enterprise security posture. Demonstrate depth of knowledge of the TCP/IP stack and related concepts; understand routing (e.g., BGP) and related exploit opportunities; create covert beacons, C2 channels, and data exfiltration paths where appropriate. Coordinate with regional governance and risk teams to ensure findings are tracked for remediation. Generate metrics and reports to support CISO and affiliates in evaluating security control effectiveness. Use industry-standard and emerging tools to assess threats in the financial services space and benchmark regions against peers. Apply threat intelligence to prioritize testing assets and develop clear ROE that complies with testing phases. Maintain and update offensive security tools, technologies and processes in line with engagement rules. Provide timely communications to key internal stakeholders in alignment with policy and engagement rules. What You Bring To The Table Advanced knowledge in computer networks, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, threat intelligence, incident response, technical writing, and information risk. Bachelor's degree in Computer Technology, Information Security, or equivalent is an asset. Minimum five (5) years of relevant IT experience and minimum three (3) years in information security. Knowledge of offensive security operations, tools and techniques; familiarity with information security standards/regulations (NIST, COBIT5, ISO 27001) is an asset. Python scripting with experience in blue/red/purple team engagements. Proficiency in manual testing techniques beyond automated scanning; strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS. Ability to translate technical findings into business-friendly language for stakeholders. Desirable: relevant certifications (CEH, CISM or similar). Strong analytical, interpersonal, and leadership skills with the ability to operate in a dynamic, high-pressure environment. Customer-focused approach and ability to collaborate across levels of the organization. For candidates in Quebec: bilingualism is required; must be eligible to work in Canada. What We Offer Hybrid work model balancing remote and in-person collaboration. Competitive financial rewards and an Employee Share Purchase Plan (65% match of net shares purchased as stated by policy). Comprehensive pension and benefits package, including virtual healthcare, and flexible work arrangements. Wellness and learning programs, inclusive networks, and opportunities to grow with the organization. We are an equal opportunity employer. We value diversity and strive to create an accessible workplace. We encourage applications from equity-deserving groups. We acknowledge Indigenous lands and are committed to inclusive policies and accommodations during recruitment. If you require adjustments to the recruitment process, please let us know so we can support you. #J-18808-Ljbffr