Penetration Tester (Offensive Security)

Формат работы

hybrid/onsite

Тип работы

fulltime

Грейд

middle

Английский

Страна

Canada

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Penetration Tester (Offensive Security): Delivering hands-on offensive security engagements across client networks, applications, and cloud environments with an accent on emulating real-world adversaries and documenting findings. Focus on executing red team engagements, bypassing EDR controls, and supporting OT/ICS security testing for critical infrastructure.

Location: Hybrid / On-site at client locations. Must be eligible for Government of Canada security clearance (Secret or higher).

Company

hirify.global is a next-generation cyber defense firm partnering with aerospace, defense, government, and financial services clients to protect missions of national consequence.

What you will do

Plan and execute penetration tests across external/internal networks, web applications, APIs, mobile, cloud (Azure/AWS/GCP), and Active Directory targets.
Conduct red team and adversary emulation engagements aligned with MITRE ATT&CK.
Perform assumed-breach assessments, internal pivoting, privilege escalation, and lateral movement.
Support purple team exercises and execute social engineering campaigns (phishing, vishing, physical).
Develop custom tooling, scripts, and payloads in PowerShell, Python, C#, or Go to evade modern EDR and ZTNA controls.
Produce high-quality client deliverables, including executive summaries and technical findings with CVSS risk ratings.

Requirements

4+ years of professional penetration testing or red team experience.
Deep knowledge of network, web application, and Active Directory attack paths.
Hands-on proficiency with Burp Suite Pro, Cobalt Strike, Metasploit, BloodHound, and Impacket.
Strong scripting skills in Python, PowerShell, and Bash.
Eligibility for Government of Canada security clearance (Secret or higher).
Baseline certification such as OSCP, CRTO, HTB CPTS, or PNPT.

Nice to have

Bilingualism (English/French).
Advanced certifications like OSEP, OSWE, OSCE3, CRTL, or SANS (GPEN, GXPN).
Existing Government of Canada security clearance or controlled-goods registration.

Culture & Benefits

Exposure to high-impact targets in aerospace, defense, and critical infrastructure.
Dedicated research time, lab budget, and support for CVE research and conference talks.
Comprehensive certification sponsorship (OSCP, OSEP, OSWE, SANS, etc.).
Flat, high-trust culture with direct access to senior offensive and IR leaders.
Competitive compensation, performance incentives, and comprehensive benefits.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →