Cybersecurity Consultant - Penetration Testing & Vulnerability Assessments

Contenuto del lavoro

Putting people first, every day

BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, we rely on our professionals to provide exceptional service, and help our clients by providing advice and insight they can trust. In turn, we offer an environment that fosters a people-first culture with a high priority on your personal and professional growth.

Your opportunity

We are looking for a talented individual at the Consultant level to join BDO’s Cybersecurity practice, with the ability to work remotely from anywhere in Canada. The successful individual will be driven and results oriented, with a strong focus on Offensive Security. This individual would be supporting the Penetration Testing, Vulnerability Assessment and Red Teaming service line by executing client engagements, as well as conducting research and development of tools, techniques, among others.

As a Consultant in Cybersecurity, your responsibilities will include:

• Coach, mentor a team and perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools, e.g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.
• Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems
• Identify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversary
• Demonstrate an understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines
• Participate in the modeling and execution of Red Teaming scenarios for organizations across Canada
• Develop scripts and tools enhancing the security practice at BDO, and authoring relevant documentation
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Demonstrate an understanding of the client environment and overall project scope
• Organize and deliver services on a cross-section of complex projects
• Actively participate in the development of business and vendor relationships
• Participate and lead aspects of the proposal development process
• Manage day-to-day interactions with clients and internal BDO team
• Display both breadth and depth of knowledge regarding functional and technical issues
• Proactively seek guidance, clarification, and feedback
• Keeping leadership informed of progress and issues; and
• Sustain a high level of drive, show enthusiasm and a positive attitude when coping with pressure at work.
  
  

How do we define success for your role?

• You demonstrate BDO’s core values through all aspect of your work: Integrity, Respect and Collaboration
• You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
• You identify, recommend, and are focused on effective service delivery to your clients
• You share in an inclusive and engaging work environment that develops, retains & attracts talent
• You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
• You grow your expertise through learning and professional development.
  
  

Your Experience And Education

Required:

• Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Ruby, etc.)
• At a minimum, a Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
• Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities;
• Thorough understanding of network protocols, data on the wire, and covert channels
• Understanding of attacker techniques aligned to MITREs Tactics, Techniques and Procedures (TTPs)
• Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
• Experience in using Virtualization solutions such as VMware, Hyper-V etc.
• 7+ years’ practical experience in at least three of the following:
  
• Network penetration testing and manipulation of network infrastructure;
• Systems and/or web application assessments
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Developing applications in C#, ASP, .NET, ObjectiveC, Go, Java (J2EE), Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript
• Reverse engineering malware, data obfuscators, or ciphers
• Source code review for control flow and security flaw
• Mobile platform and application testing knowledge (e.g. iOS, Android)
• Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for Cybersecurity
  
  

Preferred:

• Strong knowledge of container technologies such as Docker
• Experience with conducting penetration testing of cloud-based assets
• Strong knowledge of Unix/ Linux/ Windows operating systems
• Strong knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management
• Ability to conduct social engineering engagements through phone, e-mail, messages etc.
• Strong knowledge of Kali Linux
• Strong knowledge of AWS, Azure and Google Cloud
• Sound understanding of traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
• Sound understanding of Endpoint Detection and Response techniques and tools such as Carbon Black, Palo Alto Cortex, Checkpoint etc.
• Pre-sales, proposal, and RFP experience
• Past experience working with public sector
• Must be able to obtain and maintain required clearance for this role
  
  

Certification(s) Preferred:

One or more of the following:

• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Security Essentials Certification (GSEC)
• CompTIA Pentest+
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• GIAC Penetration Tester (GPEN)
• Offensive Security Certified Professionals (OSCP)
• Offensive Security Certified Expert (OSCE)
• CREST Registered Penetration Tester
• CREST Certified Infrastructure Tester
• Certified Ethical Hacker
  
  

Why BDO?

Our firm is committed to providing an environment where you can be successful in the following ways:

• We enable you to engage with the firm’s strategic plan, and be a key contributor to the success and growth of the firm.
• We help you be the best professional you can be in our services, industries and markets.
• Achieve your personal goals outside of the office and make an impact on your community.
  
  

Giving back, it adds up:Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives. We support staff with local and national events where you will be given the opportunity to contribute to your community.

Total rewards that matter: We pay for performance with competitive total cash compensation that recognizes and rewards your contribution. We provide flexible benefits from day one, and a market leading personal time off policy. We are committed to supporting your overall wellness beyond working hours, and provide reimbursement for wellness initiatives that fit your lifestyle.

Everyone counts: We believe every employee should have the opportunity to participate and succeed. Through leadership by our Chief Inclusion and Diversity Officer, we are committed to a workplace culture of respect, inclusion, and diversity. We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation. If you require accommodation to complete the application process, please contact us.

Ready to make your mark at BDO? Click “Apply now” to send your up-to-date resume to one of our Talent Acquisition Specialists.

To explore other opportunities at BDO, check out our careers page .

Thank you for applying! We look forward to meeting with the selected interview candidates.