Penetration Tester Jobs

Penetration Tester

About Elastify

Elastify is an IT services and consulting firm powered by an ecosystem of the market's leading technical minds. We combine the knowledge of specialized IT consultants with the flexibility of just in time resource delivery to best suit your unique business goals.

Our growing ecosystem of certified professionals have hands-on experience in transforming and improving cyber capabilities across a variety of industries and disciplines.

Partner with us to gain access to a network of professionals who deliver impactful services using the latest techniques & technologies.

Our comprehensive services include, but aren't limited to:

• Infrastructure
• Governance, Risk & Compliance
• Cybersecurity
• Penetration Testing
• Microsoft Enablement
• E-Discovery & Digital Forensics
• Cloud Computing
• Staff Augmentation

Elastify ensures the long-term success of our clients by providing talented, passionate, and specialized security expertise. Our consultants partner with clients to evaluate, create, develop, improve, and mature information security operations and programs. By utilizing the latest industry standards and combining our experience and knowledge gained from working with clients across the various services sector in Canada, we are able to develop defense forward information security programs for our clients.

As a Senior Consultant - Cybersecurity, you will be responsible for helping our clients assess, design and build effective security programs. As an established trusted advisor, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in security governance, security risk management, security operations, security architecture, and/or cyber incident response programs.

What You Will Do:

• Participate in the modeling and execution of Red Teaming scenarios for organizations.
• Ideate. Test. Learn. Iterate. Bring a flexible, adaptive mindset, comfortable with ambiguity in a rapidly changing technology environment
• Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites) and, developing malicious phishing payloads.
• Interface with clients to address concerns, issues or escalations; track and drive to closure any issues that impact the service and its value to clients.
• Perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools such as BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.
• Develop scripts and tools enhancing the security practice at Elastify and authoring relevant documentation.
• Develop comprehensive and accurate reports and presentations for both, technical and executive audiences.
• Embrace open-source communities, both internally and externally, sharing your knowledge across your team and peers
• Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
• Identify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversary.
• Be a continuous learner, not only for your own career, but from teams’ successes and failures

What You Bring:

Required Qualifications:

• Source code review for control flow and security flaw.
• Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
• Strong knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management.
• Reverse engineering malware, data obfuscators, or ciphers.
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Mobile platform and application testing knowledge (iOS and Android).
• Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities.
• Strong oral and written communication skills.
• Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for Cybersecurity.
• Systems and/or web application assessments.
• Strong problem solving and troubleshooting skills with experience exercising mature judgement.
• Network penetration testing and manipulation of network infrastructure.
• Understanding of attacker techniques aligned to MITREs ATT&CK framework
• Experience with PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript.
• Prior experience of conducting penetration testing of cloud-based assets
• Thorough understanding of network protocols, data on the wire, and covert channels
• Experience in using Virtualization solutions such as VMware, Hyper-V etc.
• Shell scripting or automation of simple tasks using Perl, Python, or Ruby
• 2+ years' practical experience in at least three of the following:

Certification(s) Preferred:

One or more of the following:

• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• GIAC Web Application Penetration Tester (GWAPT)
• CREST Certified Infrastructure Tester
• Certified Information Security Manager (CISM)
• GIAC Penetration Tester (GPEN)
• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Expert (OSCE)
• CompTIA Pentest+
• GIAC Security Essentials Certification (GSEC)
• Certified Ethical Hacker
• CREST Registered Penetration Tester
• Offensive Security Certified Professionals (OSCP)

This is an exciting opportunity for an individual to learn and grow with our organization. If you have a willingness to learn, have a strong work ethic, and enjoy working in a highly collaborative environment with a supportive and diverse team. This is the role for you.