Senior Ethical Hacker, Applications & Cloud

at  Stantec

DESCRIPTION

Grow with the best. Join a smart, creative, and inspired team that accomplishes operational excellence. Bringing together individuals with diverse backgrounds, talents, and expertise, our 31,000 team members in over 450 locations worldwide are vital to making our Company stronger.

PROJECT WORK/KNOWLEDGE SHARE

• Assist/Create rules of engagement for new pen test projects.
• Create or populate content in the internal training lab so developers and security champions can stay current in offensive security with practical CTF’s when time permits.
• Provide live hacking webinars for teams interested in learning by example.
• Conduct internal Red Team engagements.
• Participate in purple team engagements.

YOUR CAPABILITIES AND CREDENTIALS

• Minimum 5-7 years working in some aspect of cybersecurity (Offensive Security, Red Team experience preferred).
• Proficient with manual web/cloud penetration testing without using any tools.
• Proficient writing custom attack tools in Python, PHP, Golang and Bash Scripting.
• Proficient with interception proxies and attacking manually via Burp Suite Enterprise tool.
• Proficient building/maintaining attack automation systems (Commercial or Open-Source).
• Proficient building containers and automation pipelines for attacking purposes.
• Experience combining multiple low/medium findings to weaponize and achieve a higher level.
• Comfortable working exclusively from Windows or Linux command line.
• Comfortable “living off the land” using VIM/VI/Bash/SH/Perl/VBScript/WMI/PowerShell for post exploitation and lateral movement.
• Comfortable with writing XSS attacks, System/SQL injection payloads or weaponizing binaries.
• Comfortable attacking various popular public cloud services in (Azure/AWS/GCP/Oracle).
• Comfortable presenting audit findings to a small group or C-Suite during debrief meetings.
• Comfortable taking ownership for testing actions and performing blameless post-mortems.

PREFERENCE FOR THE FOLLOWING ADDITIONAL SKILLS/CERTIFICATIONS

• OffSec Web Expert (OSWE) – Preferred
• GIAC Web Application Penetration Tester (GWAPT)
• Burp Suite Certified Practitioner (BSCP)
• Pentester Academy Cloud Security Professional (PACSP)
• Acknowledged findings in a responsible disclosure or public, private Bug Bounty program.
• Certified Kubernetes Security Specialist (CKS)
• Terraform Associate (003)
• DevSecOps experience

EDUCATION AND EXPERIENCE

• Minimum 5 years relevant experience.
• Related Degree or Certificate, preferably in area of Offensive Security and Application Security
  This description is not a comprehensive listing of activities, duties or responsibilities that may be required of the employee and other duties, responsibilities and activities may be assigned or may be changed at any time with or without notice.
  Stantec is a place where the best and brightest come to build on each other’s talents, do exciting work, and make an impact on the world around us. Join us and redefine your personal best.
  Benefits Summary: Regular full-time and part-time employees will have access to health, dental, and vision plans, a well-being program, health care spending account, wellness spending accounts, group registered retirement savings plan, employee stock purchase program, group tax-free savings account, life and accidental death & dismemberment (AD&D) insurance, short-term/long-term disability plans, emergency travel benefits, tuition reimbursement, professional membership fee coverage, and paid time off.
  Temporary/casual employees will have access to group registered retirement savings plan, employee stock purchase program, and group tax-free savings account.
  The benefits information listed above may not apply to union positions because benefits for such positions are governed by applicable collective bargaining agreements.
  Primary Location : Canada-Ontario-Toronto
  Other Locations : Canada-Ontario
  Organization : BC-1374 IT Services-CA Corporate
  Employee Status : Regular
  Job Level : Individual Contributor
  Travel : No
  Schedule : Full-time
  Job Posting : Aug 15, 2024, 8:24:17 AM
  Req ID: 24000330
  Stantec provides equal employment opportunities to all qualified employees and applicants for future and current employment and prohibit discrimination on the grounds of race, color, religion, sex, national origin, age, marital status, genetic information, disability, protected veteran status, sexual orientation, gender identity or gender expression. We prohibit discrimination in decisions concerning recruitment, hiring, referral, promotion, compensation, fringe benefits, job training, terminations or any other condition of employment. Stantec is in compliance with local, state and federal laws and regulations and ensures equitable opportunities in all aspects of employment. EEO including Disability/Protected Veterans