IT Security VA Specialist / Penetration Tester/VA Assessor
Friday, February 22, 2019
Tasks and Activities
- Review, analyze, and/or apply:
- Threat agents’ analysis tools and other emerging technologies including privacy enhancement, predictive analysis, Social Engineering, Cyber-attack vectors, Advanced Persistent Threat behaviors.
- Credential theft and privilege escalation techniques.
- OWASP top 10 web application vulnerabilities.
- Target reconnaissance and information gathering techniques.
- Wireless Security;
- Intrusion detection systems, firewalls and content checkers;
- Host and network intrusion detection and prevention systems - Anti-virus management;
- Identify threats and technical vulnerabilities affecting web applications and end-point devices.
- Conduct on-site reviews and analysis of IT Systems;
- Collect, collate, analyze and disseminate public domain information related to networked computer threats and vulnerabilities, security incidents and incident responses;
- Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings;
- Develop and deliver training material relevant to the resource category including job shadowing to provide learning opportunities for ISED staff;
- Conduct penetration testing against web applications including exploiting vulnerabilities to identify weaknesses and their impacts.
- Document steps taken to reproduce such exploits and provide remediation guidance.
- Ensure compliance of system and application security practices with best practices and policy;
- Use vulnerability scanning tools such as Tenable, Rapid7, Qualys, and/or OpenVas;
- Research and maintain proficiency in tools, techniques, countermeasures and trends in threat and vulnerabilities, data hiding, network security, and encryption.
- Provide updates/status reporting to project team management as required.
Skills and Experience
- You must hold a valid Government of Canada Secret security clearance
- You must be legally able to work in Canada
- You must have an advanced university degree or post-secondary diploma in Information Technology, Computer Science
- You have demonstrated professional work experience investigating attacks and exploits to determine the following: Emerging threats/ System vulnerabilities/ Hacker methodologies
- You have demonstrated professional work experience conducting web application penetration testing. List number of testing engagements
- You have demonstrated professional work experience ensuring system and application security compliance.
- You have demonstrated professional work experience using vulnerability scanning tools such as Tenable, Rapid7, Qualys, OpenVas, or other related vulnerability scanning tools.
- You have one or more of the following certifications:
- OSCP (Offensive Security Certified Professional)
- GPEN (GIAC Penetration Tester)
- GWAPT (GIAC Web Application Penetration Tester)
- OPST (OSSTMM Professional Security Tester Accredited Certification)