IT Security VA Specialist / Penetration Tester/VA Assessor

Application deadline
Friday, February 22, 2019
Reference number
Apply now
Tasks and Activities
  • Review, analyze, and/or apply:
  • Threat agents’ analysis tools and other emerging technologies including privacy enhancement, predictive analysis, Social Engineering, Cyber-attack vectors, Advanced Persistent Threat behaviors.
  • Credential theft and privilege escalation techniques.
  • OWASP top 10 web application vulnerabilities.
  • Target reconnaissance and information gathering techniques.
  • Wireless Security;
  • Intrusion detection systems, firewalls and content checkers;
  • Host and network intrusion detection and prevention systems - Anti-virus management;
  • Identify threats and technical vulnerabilities affecting web applications and end-point devices.
  • Conduct on-site reviews and analysis of IT Systems;
  • Collect, collate, analyze and disseminate public domain information related to networked computer threats and vulnerabilities, security incidents and incident responses;
  • Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings;
  • Develop and deliver training material relevant to the resource category including job shadowing to provide learning opportunities for ISED staff;
  • Conduct penetration testing against web applications including exploiting vulnerabilities to identify weaknesses and their impacts. 
  • Document steps taken to reproduce such exploits and provide remediation guidance.
  • Ensure compliance of system and application security practices with best practices and policy;
  • Use vulnerability scanning tools such as Tenable, Rapid7, Qualys, and/or OpenVas;
  • Research and maintain proficiency in tools, techniques, countermeasures and trends in threat and vulnerabilities, data hiding, network security, and encryption.
  • Provide updates/status reporting to project team management as required.
Skills and Experience
  • You must hold a valid Government of Canada Secret security clearance
  • You must be legally able to work in Canada
  • You must have an advanced university degree or post-secondary diploma in Information Technology, Computer Science
  • You have demonstrated professional work experience investigating attacks and exploits to determine the following: Emerging threats/ System vulnerabilities/ Hacker methodologies
  • You have demonstrated professional work experience conducting web application penetration testing. List number of testing engagements
  • You have demonstrated professional work experience ensuring system and application security compliance.
  • You have demonstrated professional work experience using vulnerability scanning tools such as Tenable, Rapid7, Qualys, OpenVas, or other related vulnerability scanning tools.
  • You have one or more of the following certifications:
    • OSCP (Offensive Security Certified Professional)
    • GPEN (GIAC Penetration Tester)
    • GWAPT (GIAC Web Application Penetration Tester)
    • OPST (OSSTMM Professional Security Tester Accredited Certification)
One file only.
10 MB limit.
Allowed types: txt pdf odt doc docx.