Elastify ensures the long-term success of our clients by providing talented, passionate, and specialized security expertise. Our consultants partner with clients to evaluate, create, develop, improve, and mature information security operations and programs. By utilizing the latest industry standards and combining our experience and knowledge gained from working with clients across the various services sector in Canada, we are able to develop defense forward information security programs for our clients.
As a Senior Offensive Security Professional, you will be responsible for helping our clients assess, design and build effective security programs. As an established trusted advisor, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in security governance, security risk management, security operations, security architecture, and/or cyber incident response programs.
- Perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools such as BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.
- Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites) and, developing malicious phishing payloads.
- Identify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversary.
- Participate in the modeling and execution of Red Teaming scenarios for organizations.
- Develop scripts and tools enhancing the security practice at Elastify and authoring relevant documentation.
- Develop comprehensive and accurate reports and presentations for both, technical and executive audiences.
- Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
- Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients.
- Test. Learn. Iterate. Bring a flexible, adaptive mindset, comfortable with ambiguity in a rapidly changing technology environment.
- Be a continuous learner, not only for your own career, but from teams’ successes and failures.
- Embrace open-source communities, both internally and externally, sharing your knowledge across your team and peers.
EDUCATION & EXPERIENCE
- Strong oral and written communication skills.
- Strong problem solving and troubleshooting skills with experience exercising mature judgement.
- Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities.
- Strong knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.
- Thorough understanding of network protocols, data on the wire, and covert channels
- Understanding of attacker techniques aligned to MITREs ATT&CK framework
- Prior experience of conducting penetration testing of cloud-based assets
- Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
- Experience in using Virtualization solutions such as VMware, Hyper-V etc.
- 2+ years’ practical experience in at least three of the following:
- Network penetration testing and manipulation of network infrastructure.
- Systems and/or web application assessments.
- Shell scripting or automation of simple tasks using Perl, Python, or Ruby
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Reverse engineering malware, data obfuscators, or ciphers.
- Source code review for control flow and security flaw.
- Mobile platform and application testing knowledge (iOS and Android).
- Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for Cybersecurity.
One or more of the following:
- Offensive Security Certified Professional (OSCP)
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Security Essentials Certification (GSEC)
- CompTIA Pentest+
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- GIAC Penetration Tester (GPEN)
- Offensive Security Certified Professionals (OSCP)
- Offensive Security Certified Expert (OSCE)
- CREST Registered Penetration Tester
- CREST Certified Infrastructure Tester
- Certified Ethical Hacker
This is an exciting opportunity for an individual to learn and grow with our organization. If you have a willingness to learn, have a strong work ethic, and enjoy working in a highly collaborative environment with a supportive and diverse team, this is the role for you!
At Elastify, everyone is welcome and has the opportunity to contribute our positive impact in the world. Fostering a diverse and inclusive culture is our underlying strength as a service business. It is embedded in our values: We want you to bring your whole self to work, have fun, and own it.
As part of our values, we are committed to supporting inclusion and diversity at Elastify. We celebrate colleagues’ individualities, different abilities, sexual orientation, ethnicity, faith and gender. Everyone is welcome and supported in their development at all stages in their journey with us.
Elastify is an IT services and consulting firm powered by an ecosystem of the market’s leading technical minds. We combine the knowledge of specialized IT consultants with the flexibility of just in time resource delivery to best suit your unique business goals. Our growing ecosystem of certified professionals have hands-on experience in transforming and improving cyber capabilities across a variety of industries and disciplines. Partner with us to gain access to a network of professionals who deliver impactful services using the latest techniques & technologies. Our comprehensive services include, but aren’t limited to:
- Penetration Testing
- E-Discovery & Digital Forensics
- Governance, Risk & Compliance
- Cloud Computing
- Microsoft Enablement
- Staff Augmentation