Overview of salaries statistics of the profession "Penetration Tester in Canada"

Our valued Public Sector client is seeking the services of Senior Secret Cleared IT Security Vulnerability Specialist (10+ Years) to provide to provide support and advice on IT Security related audits and assess departmental IT Security Mechanisms within the Public Sector Objective: Our client requires specific skill and knowledge with respect to IT Security to assess whether appropriate departmental IT security mechanisms are in place and working properly. The objective is to provide IT security technical specialists to support the IT audit team in conducting IT security related audits, reviews and advisories on an as-and-when requested basis Must Haves: Two of the following certifications: Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC); GIAC Security Expert (GSE); GIAC Penetration Tester (GPEN); GIAC Certified Incident Handler (GCIH) EC-Council Certified Ethical Hacker (CEH); CompTIA PenTest+;CompTIA Advanced Security Practitioner (CASP+). SECRET Clearance Responsibilities could include but are not limited to: Review, analyze, and/or apply: Threat agents analysis tools and other emerging technologies including privacy enhancement, predictive analysis, VoIP, data visualization and fusion, wireless security devices, PBX and telephony firewall; War dialers, password crackers; Public Domain IT vulnerability advisory services; Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & Nmap; Networking Protocols (HTTP, FTP, Telnet); Internet security protocols such as SSL, S-HTTP, S-MIME, IPsec, SSH, TCP/IP, UDP, DNS, SMTP, SNMP; Wireless Security; Intrusion detection systems, firewalls and content checkers; and, Host and network intrusion detection and prevention systems - Anti-virus management; Identify threats to, and technical vulnerabilities of, systems including web-facing applications Collect, collate, analyze and disseminate public domain information related to network computer threats and vulnerabilities, security incidents and incident responses; Develop test plans and customized testing methodologies based on Project Authority or their delegate’s approved engagement plans; Write customized scripts to scan systems and databases and review results of scans to provide weaknesses and associated risk, impact, fixes and level of effort required for remediation actions. Conduct configuration review and analysis over departmental IT security solutions, checking settings and maintenance processes; Assess the implementation and application of security policies and procedures; Examine compliance monitoring and reporting and identify areas of non-compliance; and, Apply

High Tech Genesis is hiring an IT Security Vulnerability Analyst with 10+ years of experience and Reliability clearance. This position involves a comprehensive range of responsibilities focusing on assessing, analyzing, and addressing IT security threats and vulnerabilities. The ideal candidate should possess skills in assessing IT security configurations, identifying vulnerabilities, managing security tools, and interpreting security policies.Roles and responsibilities:1. Assess, analyze, and/or implement:• Analysis tools utilized by threat agents, alongside various emerging technologies such as privacy enhancement, predictive analysis, VoIP, data visualization and fusion, wireless security devices, as well as PBX and telephony firewall solutions.• War dialers, password crackers;• Public Domain IT vulnerability advisory services;• Network scanners and vulnerability analysis tools such as SATAN, ISS, Portscan & Nmap;• Networking Protocols (HTTP, FTP, Telnet);• Internet security protocols such as SSL, S-HTTP, S-MIME, IPsec, SSH, TCP/IP, UDP,• DNS, SMTP, SNMP;• Wireless Security;• Intrusion detection systems, firewalls and content checkers; and,• Host and network intrusion detection and prevention systems - Anti-virus management;2. Identify threats to, and technical vulnerabilities of, systems including web-facing applications;3. Conduct on-site assessments and analysis of system security logs;4. Collect, collate, analyze and disseminate public domain information related to network computer threats and vulnerabilities, security incidents and incident responses;5. Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings;6. Complete tasks directly supporting the departmental IT Security and Cyber Protection Program;7. Develop and deliver training material relevant to the resource category;8. Prepare plan and approach documents including rules of engagement documents;9. Conduct assessments on departmental solutions and provide a risk and impact-based observations;10. Review, analyze and report on existing or potential IT security threats or vulnerabilities using security analysis tools and other emerging technologies;11. Develop test plans and customized testing methodologies based on Project Authority or their delegate’s approved engagement plans;12. Develop tailor-made scripts for system and database scans, analyze scan results to identify vulnerabilities, assess associated risks and impacts, propose solutions, and estimate the effort needed for remediation actions;13. Conduct configuration review and analysis over departmental IT security solutions, checking settings and maintenance processes;14. Test deployed IT security solutions for known security weaknesses using vulnerability testing techniques;15. Consult, interview and follow-up with key stakeholders, as appropriate;16. Collect and perform documentation review and analysis;17. Assess the implementation and application of security policies and procedures;18. Examine compliance monitoring and reporting and identify areas of non-compliance; and,19. Recommend remediation options based on proven results.Required skills and experience:• MUST possess a degree, diploma or certificate from a recognized university or college in a related information technology discipline;• Assess IT security configuration using threat agents’ analysis tools and technologies;• Identify vulnerabilities in IT solutions’ code and configuration settings;• Configure and manage IT security tools;• Identify the technical threats to, and vulnerabilities of, a broad range of IT security technologies of IT solutions including databases;• Conduct reviews and analysis of IT security solutions and practices and provide risks and impact of deviations from good practices;• Interpret IT security policies and standards to assess adherence within IT security operations and systems; and• Craft personalized scripts for scanning systems and databases, then assess scan results to generate reports detailing weaknesses, along with their associated risks, impacts, recommended fixes, and the level of effort required for remediation actions.The candidate MUST possess at least two (2) of the following certifications:• Global Information Assurance Certification (GIAC)• Security Essentials Certification (GSEC)• GIAC Security Expert (GSE)• GIAC Penetration Tester (GPEN)• GIAC Certified Incident Handler (GCIH)• EC-Council Certified Ethical Hacker (CEH)• CompTIA PenTest+• CompTIA Advanced Security Practitioner (CASP+)• Offensive Security Certified professional (OSCP)Note 1: You MUST be legally entitled to work in Canada (i.e., possess Canadian Citizenship, Permanent Residency or Valid Work Permit).Note 2: High Tech Genesis Inc. is an Equal Opportunity Employer.Note 3: Please submit an MS Word version of your resume when applying for this position.Note 4: Salary is commensurate with experience.

Our valued Public Sector client is seeking a Senior Secret Cleared Penetration Tester to perform Network, Wireless, and Cloud infrastructure testing on a large data analytics initiative within the Public SectorThe client's network, composed of multiple interconnected segments hosts critical systems essential for research and data analysis activities. Key components within this network include the MIM (Microsoft Identity Manager) Service VM, vLAN, local Active Directory instances, and various hypervisor servers responsible for processing and storing sensitive data. The resource will be required to utilize a combination of black box and gray box testing methodologies. Black box testing will be used to simulate real-world attacks without prior knowledge of the systems' internals, while gray box testing will leverage limited information about the environment to perform more targeted testing. The chosen approach aims to strike a balance between mimicking realistic attack scenarios and conducting focused testing to uncover vulnerabilities efficiently.Must Haves:5+ years experience with simulation attacks, network vulnerability exploitation and data exfiltration5+ Years with Network, Wireless, and Cloud Infrastructure testingSECRET ClearanceTasks include but are not limited to: Network Penetration Testing: IP ranges and subnets for the VMware Management vLANs, Restricted Zones, and interconnections between zones will be tested. This includes assessing network segmentation, firewall configurations (e.g., Fortigate UTM Gateways), and potential lateral movement. Simulated attacks may include distributed denial of service (DDoS), network vulnerability exploitation, unauthorized access attempts, and data exfiltration.Wireless Network Penetration Testing: Wireless networks within the Operations Zones of both hubs will be scrutinized for rogue access points, insecure configurations, and potential unauthorized access points. Simulated attacks may include wireless sniffing, man-in-the-middle attacks, and attempts to gain unauthorized access.Cloud Infrastructure Penetration Testing: The Azure tenant used by the client, including components like Azure Active Directory, Data Factory, Key Vault, and Data Lake Storage, will be assessed. Additionally, any other cloud services or on-premises private clouds utilized for data storage, processing, or research activities within the network will be evaluated for misconfigurations, insecure API access, and potential unauthorized data access or manipulation Apply

Job Type:Permanent Reference code:126148 Primary Location:Toronto, ON All Available Locations:Ottawa, ON; Toronto, ON Our Purpose At Deloitte, we are driven to inspire and help our people, organization, communities, and country to thrive. Our Purpose is to build a better future by accelerating and expanding access to knowledge. Purpose defines who we are and gives us reason to exist as an organization. By living our Purpose, we will make an impact that matters. Learn from deep subject matter experts through mentoring and on the job coaching. Be encouraged to deepen your technical skills...whatever those may be. Have many careers in one Firm. What will your typical day look like?As part of the Global Cybersecurity team, responsibilities will be to work with customers to deliver technical assessments against a broad range of services. You will bring exceptional communication skills to provide consultative guidance to customers on findings identified, how to effectively engage services and the available capabilities. Responsibilities: Curate and assess vulnerability data (across multiple platforms/tools) Static, Dynamic, and Interactive Application Security Testing Software Composition Analysis Low-level software/web services penetration testing Provide technical guidance to developers on conducting necessary remedial actions and responding to client vulnerability questions or disclosures. Help develop tooling deployment and relevant scanning configurations to enhance practical testing processes. Operate in the wider organization to drive risk reduction goals using continuous improvement principles. About the teamGlobal Technology Services works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.Enough about us, let's talk about youRequired: Bachelor's degree in computer science, cyber security, international cyber security, or equivalent educational experience. Experience with validation of scan results from any the following testing tools (or similar tool): Fortify, Veracode, Contrast, Snyk, Stackhawk, Synopsys, Invicti, Checkmarx, Mend, ZAP Knowledge of security coding techniques and confidence of communications with developers for the following programming languages: Java, JavaScript, TypeScript, Python, C#/.NET Risk Management - ability to convey technical risks to a wide variety ofstakeholders (e.g., business managers, executives, developers) Knowledge and ability to accurately describe the causes, implications, and remediations for the OWASP Top 10 Preferred: Experience in application development and/or testing is preferred, however motivation and a thirst to apply theoretic knowledge will be considered. Total RewardsThe salary range for this position is $58,000 - $96,000, and individuals may be eligible to participate in our bonus program. Deloitte is fair and competitive when it comes to the salaries of our people. We regularly benchmark across a variety of positions, industries, sectors, targets, and levels. Our approach is grounded on recognizing people's unique strengths and contributions and rewarding the value that they deliver.Our Total Rewards Package extends well beyond traditional compensation and benefit programs and is designed to recognize employee contributions, encourage personal wellness, and support firm growth. Along with a competitive base salary and variable pay opportunities, we offer a wide array of initiatives that differentiate us as a people-first organization. Some representative examples include: $4,000 per year for mental health support benefits, a $1,300 flexible benefit spending account, 38+ days off (including 10 firm-wide closures known as "Deloitte Days"), flexible work arrangements and a hybrid work structure.Our promise to our people: Deloitte is where potential comes to life. Be yourself, and more. We are a group of talented people who want to learn, gain experience, and develop skills. Wherever you are in your career, we want you to advance. You shape how we make impact. Diverse perspectives and life experiences make us better. Whoever you are and wherever you're from, we want you to feel like you belong here. We provide flexible working options to support you and how you can contribute. Be the leader you want to be. Be the leader you want to be Some guide teams, some change culture, some build essential expertise. We offer opportunities and experiences that support your continuing growth as a leader. Have as many careers as you want. We are uniquely able to offer you new challenges and roles - and prepare you for them. We bring together people with unique experiences and talents, and we are the place to develop a lasting network of friends, peers, and mentors. Our TVP is about relationships - between leaders and their people, the firm and its people, peers, and within in our communities.The next step is yours At Deloitte, we are all about doing business inclusively - that starts with having diverse colleagues of all abilities. Deloitte encourages applications from all qualified candidates who represent the full diversity of communities across Canada. This includes, but is not limited to, people with disabilities, candidates from Indigenous communities, and candidates from the Black community in support of living our values, creating a culture of Diversity Equity and Inclusion and our commitment to our AccessAbility Action Plan , Reconciliation Action Plan and the BlackNorth Initiative . We encourage you to connect with us at [email protected] if you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations) or [email protected] for any questions relating to careers for Indigenous peoples at Deloitte (First Nations, Inuit, Métis). By applying to this job you will be assessed against the Deloitte Global Talent Standards. We've designed these standards to provide our clients with a consistent and exceptional Deloitte experience globally. Deloitte Canada has 30 offices with representation across most of the country. We acknowledge our offices reside on traditional, treaty and unceded territories as part of Turtle Island and is still home to many First Nations, Métis, and Inuit peoples. We are all Treaty people.Job Segment: Cyber Security, Testing, Computer Science, Developer, Java, Security, Technology