Senior Ethical Hacker, Applications & Cloud
Stantec
Senior Ethical Hacker, Applications & Cloud - ( 24000330 )
Description
Grow with the best. Join a smart, creative, and inspired team that accomplishes operational excellence. Bringing together individuals with diverse backgrounds, talents, and expertise, our 31,000 team members in over 450 locations worldwide are vital to making our Company stronger.
Your Opportunity
The Senior Ethical Hacker will conduct security assessments on web applications and cloud services by emulating real-world attacks using the Mitre Attack Framework. Their goal is to identify security weaknesses, help prevent data breaches and enhance the security posture by uncovering vulnerabilities, misconfigurations, and risks proactively before they are discovered by threat actors.
Your Key Responsibilities
Communication
Collaborate with cross-functional teams (security, engineering, cloud and network operations).
Create reports and communicate findings to various technical teams, architects and engineers.
Create and communicate processes that could help engineering teams meet remediation goals.
Create and verbally present your test findings in debrief meetings with the C-Suite or sponsors.
Cloud and Application
Conduct penetration tests on cloud systems, applications and APIs to identify vulnerabilities.
Assess cloud/application specific configurations, access controls, and encryption mechanisms.
Validate and exploit security findings within web/thick client apps and cloud environments.
Validate various app services, databases, Kubernetes, serverless functions, container instances, images and cloud storage blob/buckets for security issues.
Project work/Knowledge Share
Assist/Create rules of engagement for new pen test projects.
Create or populate content in the internal training lab so developers and security champions can stay current in offensive security with practical CTF's when time permits.
Provide live hacking webinars for teams interested in learning by example.
Conduct internal Red Team engagements.
Participate in purple team engagements.
Qualifications
Your Capabilities and Credentials
Minimum 5-7 years working in some aspect of cybersecurity (Offensive Security, Red Team experience preferred).
Proficient with manual web/cloud penetration testing without using any tools.
Proficient writing custom attack tools in Python, PHP, Golang and Bash Scripting.
Proficient with interception proxies and attacking manually via Burp Suite Enterprise tool.
Proficient building/maintaining attack automation systems (Commercial or Open-Source).
Proficient building containers and automation pipelines for attacking purposes.
Experience combining multiple low/medium findings to weaponize and achieve a higher level.
Comfortable working exclusively from Windows or Linux command line.
Comfortable "living off the land" using VIM/VI/Bash/SH/Perl/VBScript/WMI/PowerShell for post exploitation and lateral movement.
Comfortable with writing XSS attacks, System/SQL injection payloads or weaponizing binaries.
Comfortable attacking various popular public cloud services in (Azure/AWS/GCP/Oracle).
Comfortable presenting audit findings to a small group or C-Suite during debrief meetings.
Comfortable taking ownership for testing actions and performing blameless post-mortems.
Preference for the following additional Skills/Certifications
OffSec Web Expert (OSWE) – Preferred
GIAC Web Application Penetration Tester (GWAPT)
Burp Suite Certified Practitioner (BSCP)
Pentester Academy Cloud Security Professional (PACSP)
Acknowledged findings in a responsible disclosure or public, private Bug Bounty program.
Certified Kubernetes Security Specialist (CKS)
Terraform Associate (003)
DevSecOps experience
Education and Experience
Minimum 5 years relevant experience.
Related Degree or Certificate, preferably in area of Offensive Security and Application Security
This description is not a comprehensive listing of activities, duties or responsibilities that may be required of the employee and other duties, responsibilities and activities may be assigned or may be changed at any time with or without notice.
Stantec is a place where the best and brightest come to build on each other’s talents, do exciting work, and make an impact on the world around us. Join us and redefine your personal best.
Benefits Summary: Regular full-time and part-time employees will have access to health, dental, and vision plans, a well-being program, health care spending account, wellness spending accounts, group registered retirement savings plan, employee stock purchase program, group tax-free savings account, life and accidental death & dismemberment (AD&D) insurance, short-term/long-term disability plans, emergency travel benefits, tuition reimbursement, professional membership fee coverage, and paid time off.
Temporary/casual employees will have access to group registered retirement savings plan, employee stock purchase program, and group tax-free savings account.
The benefits information listed above may not apply to union positions because benefits for such positions are governed by applicable collective bargaining agreements.
Primary Location : Canada-Ontario-Toronto
Other Locations : Canada-Ontario
Organization : BC-1374 IT Services-CA Corporate
Employee Status : Regular
Job Level : Individual Contributor
Travel : No
Schedule : Full-time
Job Posting : Aug 15, 2024, 8:24:17 AM
Req ID: 24000330
Stantec provides equal employment opportunities to all qualified employees and applicants for future and current employment and prohibit discrimination on the grounds of race, color, religion, sex, national origin, age, marital status, genetic information, disability, protected veteran status, sexual orientation, gender identity or gender expression. We prohibit discrimination in decisions concerning recruitment, hiring, referral, promotion, compensation, fringe benefits, job training, terminations or any other condition of employment. Stantec is in compliance with local, state and federal laws and regulations and ensures equitable opportunities in all aspects of employment. EEO including Disability/Protected Veterans