Senior Consultant – Penetration Tester / Security Analyst

BDO - Toronto, ON (30+ days ago)

Apply Now

Putting people first, every day:
BDO is a firm built on a foundation of positive relationships with our people and our clients. Each day, we rely on our professionals to provide exceptional service, and help our clients by providing advice and insight they can trust. In turn, we offer an environment that fosters a people-first culture with a high priority on your personal and professional growth.

Your opportunity:
BDO Canada LLP is seeking an experienced Penetration Tester to join its Cybersecurity Practice at our Toronto or Mississauga office. The successful candidate will contribute to a rapidly expanding practice that evaluates the security posture of organizations through advanced testing techniques. If you are passionate about offensive security and ethical penetration testing, and are looking for a challenging and rewarding career, this is the right opportunity for you. Our people are our most valuable asset and we encourage career growth and development opportunities for every individual on our team.

As a Senior Consultant, you will perform various activities with respect to Vulnerability Assessments and Penetration Testing, including, but not limited to:

Performing web and mobile application security assessments
Security testing in the form of penetration testing and vulnerability assessments/scans including:
Network/Infrastructure
Thick Client(s)
Cloud Technologies (e.g. Azure, AWS, Google, IBM, etc.)
Web and Mobile Applications
Conducting configuration reviews on network appliances (e.g, firewall, switches, routers, access points, etc.)
Architecture Security Analysis and Threat Modeling
Assisting in the development of in-house tools/processes
Researching and learning about information security trends, new testing techniques, and best practices, and knowledge sharing with the team
Providing clear and concise communication (written and oral) to clients that consists of findings, recommendations, road maps, and actionable plans
Performing configuration reviews on network appliances (e.g., Routers, switches, firewalls, wireless access points, etc.)
Open source intelligence analysis and assessment
Architecture Security Analysis and Threat Modeling as required
Enhancing and updating testing methodologies, processes and standards documentation
Training and knowledge transfer to junior personnel

How do we define success for your role?

You demonstrate BDO's core values through all aspects of your work: Integrity, Respect and Collaboration
You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
You identify, recommend, and are focused on effective service delivery to your clients
You share in an inclusive and engaging work environment that develops, retains & attracts talent
You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
You grow your expertise through learning and professional development

Your experience and education

The ideal candidate will have three or more years of experience in the information/offensive security field that includes performing penetration testing related to the following technologies/assets:

Network/Infrastructure
Thick Client
Cloud Technologies (e.g. Azure, AWS, Google, IBM, etc.)
Web and Mobile Applications
Red Team Exercise

In addition, the candidate should have experience with:
Leading Penetration Testing and Vulnerability Scanning software and tools (e.g. Nessus, Qualys, etc.)
Software security weakness and vulnerabilities
At least one software programming language and framework
Working with and presenting to diverse stakeholders at various levels (C Suite/Managers), preferably on a national basis
Working in a fast paced environment with multiple competing deadlines and priorities

AND knowledge of:
Reverse Engineering
Source code reviews
Cloud Service testing
ISO 27000 series such as 27001, 27002, 27032, 27035
NIST SP 800 series
PCI DSS
OWASP Top Ten
SANS Institute - CIS Critical Security Controls
Standard of Good Practice for Information Security
Incident management and response
Vulnerability management

The ideal candidate will have one or more of the following certifications:

Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA)
Offensive Certified Security Professional (OSCP)
GIAC Security Essentials (GSEC)
GIAC Web Application Penetration Tester (GWAPT)
Offensive Security Certified Expert (OSCE)

Why BDO?

Our firm is committed to providing an environment where you can be successful in the following ways:

Firm success - We enable you to engage with the firm's strategic plan, and be a key contributor to the success and growth of the firm.
Professional success - We help you be the best professional you can be in our services, industries and markets.
Personal success - Achieve your personal goals outside of the office and make an impact on your community.

Giving back, it adds up: Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives. We support staff with local and national events where you will be given the opportunity to contribute to your community.

Total rewards that matter: We pay for performance with competitive total cash compensation that recognizes and rewards your contribution. We provide flexible benefits from day one, and flexible time off through vacation, personal, and volunteer days. We are committed to supporting your overall wellness beyond working hours, and provide reimbursement for wellness initiatives that fit your lifestyle.

Everyone counts: We believe every employee should have the opportunity to participate and succeed. Through leadership by our Chief Inclusion and Diversity Officer, we are committed to a workplace culture of respect, inclusion, and diversity. We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation. If you require accommodation to complete the application process, please contact us.

Ready to make your mark at BDO? Click “Apply now” to send your up-to-date resume to one of our Talent Acquisition Specialists.

To explore other opportunities at BDO, check out our careers page.

#LI-MM1