Cybersecurity Manager - Penetration Testing & Vulnerability Assessments - Jobs in Toronto, ON

Job Description

Putting people first, every day:BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, we rely on our professionals to provide exceptional service, and help our clients by providing advice and insight they can trust. In turn, we offer an environment that fosters a people-first culture with a high priority on your personal and professional growth.Your opportunity:We are looking for a talented individual at the Manager level to join BDO’s Cybersecurity practice, with the ability to work remotely from anywhere in Canada. The successful individual will be driven and results oriented, with a strong focus on Offensive Security. This individual would be supporting the Penetration Testing, Vulnerability Assessment and Red Teaming service line by executing client engagements, as well as conducting research and development of tools, techniques, among others.As a Manager in Cybersecurity, your responsibilities will include:Coach, mentor a team and perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools, e.g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systemsIdentify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversaryDemonstrate an understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machinesParticipate in the modeling and execution of Red Teaming scenarios for organizations across CanadaDevelop scripts and tools enhancing the security practice at BDO, and authoring relevant documentationDevelop comprehensive and accurate reports and presentations for both technical and executive audiencesDemonstrate an understanding of the client environment and overall project scopeOrganize and deliver services on a cross-section of complex projectsActively participate in the development of business and vendor relationshipsParticipate and lead aspects of the proposal development processManage day-to-day interactions with clients and internal BDO teamDisplay both breadth and depth of knowledge regarding functional and technical issuesProactively seek guidance, clarification, and feedbackKeeping leadership informed of progress and issues; andSustain a high level of drive, show enthusiasm and a positive attitude when coping with pressure at work.How do we define success for your roleYou demonstrate BDO's core values through all aspect of your work: Integrity, Respect and CollaborationYou understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality workYou identify, recommend, and are focused on effective service delivery to your clientsYou share in an inclusive and engaging work environment that develops, retains & attracts talentYou actively participate in the adoption of digital tools and strategies to drive an innovative workplaceYou grow your expertise through learning and professional development.Your experience and educationRequired:Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Ruby, etc.)At a minimum, a Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related fieldProven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities;Thorough understanding of network protocols, data on the wire, and covert channelsUnderstanding of attacker techniques aligned to MITREs Tactics, Techniques and Procedures (TTPs)Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.Experience in using Virtualization solutions such as VMware, Hyper-V etc.7+ years' practical experience in at least three of the following:Network penetration testing and manipulation of network infrastructure;Systems and/or web application assessmentsShell scripting or automation of simple tasks using Perl, Python, or RubyDeveloping, extending, or modifying exploits, shellcode or exploit toolsDeveloping applications in C#, ASP, .NET, ObjectiveC, Go, Java (J2EE), Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScriptReverse engineering malware, data obfuscators, or ciphersSource code review for control flow and security flawMobile platform and application testing knowledge (e.g. iOS, Android)Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for CybersecurityPreferred:Strong knowledge of container technologies such as DockerExperience with conducting penetration testing of cloud-based assetsStrong knowledge of Unix/ Linux/ Windows operating systemsStrong knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk managementAbility to conduct social engineering engagements through phone, e-mail, messages etc.Strong knowledge of Kali LinuxStrong knowledge of AWS, Azure and Google CloudSound understanding of traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.Sound understanding of Endpoint Detection and Response techniques and tools such as Carbon Black, Palo Alto Cortex, Checkpoint etc.Pre-sales, proposal, and RFP experiencePast experience working with public sectorMust be able to obtain and maintain required clearance for this roleCertification(s) Preferred:One or more of the following:Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN)GIAC Web Application Penetration Tester (GWAPT)GIAC Security Essentials Certification (GSEC)CompTIA Pentest+Certified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)GIAC Penetration Tester (GPEN)Offensive Security Certified Professionals (OSCP)Offensive Security Certified Expert (OSCE)CREST Registered Penetration TesterCREST Certified Infrastructure TesterCertified Ethical HackerWhy BDOOur firm is committed to providing an environment where you can be successful in the following ways:We enable you to engage with the firm's strategic plan, and be a key contributor to the success and growth of the firm.We help you be the best professional you can be in our services, industries and markets.Achieve your personal goals outside of the office and make an impact on your community.Giving back, it adds up: Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives. We support staff with local and national events where you will be given the opportunity to contribute to your community.Total rewards that matter: We pay for performance with competitive total cash compensation that recognizes and rewards your contribution. We provide flexible benefits from day one, and a market leading personal time off policy. We are committed to supporting your overall wellness beyond working hours, and provide reimbursement for wellness initiatives that fit your lifestyle.Everyone counts: We believe every employee should have the opportunity to participate and succeed. Through leadership by our Chief Inclusion and Diversity Officer, we are committed to a workplace culture of respect, inclusion, and diversity. We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation. If you require accommodation to complete the application process, please contact us.Ready to make your mark at BDO Click “Apply now” to send your up-to-date resume to one of our Talent Acquisition Specialists.To explore other opportunities at BDO, check out our careers page.Thank you for applying! We look forward to meeting with the selected interview candidates.#LI-MM1