Senior Offensive Security Advisor

As a Senior Offensive Security Advisor, you help identify, analyze, eradicate and mitigate threats to Desjardins Group's external systems. You plan for threats based on the continuous development of offensive techniques and threat actors. You design, develop and implement offensive methods and tools, while mitigating the risks associated with their use. You follow rigorous processes and develop new ones to protect the organization from cyberattacks. You'll have access to a diverse range of cutting-edge offensive tools and the opportunity to continuously test to identify, analyze and exploit vulnerabilities. More specifically, you will be required to:

• Discover and map out exposed assets and services: configure and develop discovery tools to maintain a complete and up-to-date inventory.
• Identify and analyze major issues. Create diagnostics and make recommendations based on different constraints. Analyze, map and explain threats to guide test activities.
• Analyze, map and explain REALISTIC threats identified on the external perimeter.
• Identify exploitable vulnerabilities: Combine manual and automated approaches to identify vulnerabilities.
• Continuously monitor the external perimeter: Perform non-regression tests to prevent the vulnerabilities from returning.
• Work with experts to strengthen the overall security posture.
• Facilitate technical workshops to generate detailed analyses and feed risk assessments.
• Conduct research and develop innovative methodologies to improve asset recognition and vulnerability exploitation.
• Independently manage assigned files: organizing meetings, managing schedules and priorities, and gathering the required information.

What we offer*

• Competitive salary and annual bonus
• 4 weeks of flexible vacation starting in the first year
• Defined benefit pension plan that provides predictable, stable income throughout retirement
• Group insurance including telemedicine
• Reimbursement of health and wellness expenses and telework equipment
• Benefits apply based on eligibility criteria.

Curious about Desjardins ? Click here

What you bring to the table

• Bachelor's degree in IT or a related field
• A minimum of six years of relevant information security experience, including 3 years of penetration testing (Pentest or Red Team)
• Please note that other combinations of qualifications and relevant experience may be considered
• Experience using threat modeling methodologies such as STRIDE and OWASP or comparable experience visually representing data and process flows in a corporate environment
• Experience in vulnerability detection through bug bounty initiatives
• Experience making recommendations and putting people into action
• Experience analyzing source codes and identifying vulnerabilities
• Advanced proficiency in French, both spoken and written
• Proficiency in application security and infrastructure operations
• Knowledge of defence mechanisms and business controls
• Familiarity with the MITRE ATT&CK framework

Action oriented, Customer Focus, Differences, Interpersonal Savvy, Nimble learning, Strategic mindset

Trade Union (If applicable)

At Desjardins, we believe in equity, diversity and inclusion. We're committed to welcoming, respecting and valuing people for who they are as individuals, learning from their differences, embracing their uniqueness, and providing a positive workplace for all. At Desjardins, we have zero tolerance for discrimination of any kind. We believe our teams should reflect the diversity of the members, clients and communities we serve.

If there's something we can do to help make the recruitment process or the job you're applying for more accessible, let us know. We can provide accommodations at any stage in the recruitment process. Just ask

Job Family

Security (FG)

Unposting Date