Senior Consultant, Offensive Security
Toronto, Ontario, Canada; Mississauga, Ontario, Canada
MNP
MNP is a leading accounting firm in Canada. Connect with your local office for tax services and business consulting. We're here to help.What do you think of when you hear the name MNP? Most likely tax and accounting, but as one of Canada’s largest consulting organizations, we’re so much more! We’re also serious about technology.
Make an impact with our Cyber Security & Privacy team as Senior Consultant Cyber Offensive Security Team. This diverse team of tech-savvy problem solvers understands clients’ unique needs and embraces the possibilities technology brings to an evolving business landscape. As a trusted advisor, you’ll enable clients to take a proactive and prepared approach to cyber crime and capitalize on new technologies and innovations to deliver business results as well as build and maintain customer trust.
You will be a key member of a skilled team and will leverage your deep understanding of networks and cloud architecture to conduct penetration tests, vulnerability assessments, and red team exercises while evading detection and prevention controls and exploit technical and business gaps to access the target’s crown jewels.
At MNP Digital, we’re a team of highly skilled and creative thinkers that continuously support and learn from each other. We pride ourselves on translating our clients’ challenges into real results by leveraging technology – and that all starts with having the right people to deliver. We’ve created an environment where you’ll continuously grow, always have a voice and collaborate on work that’s meaningful and fulfilling. If you’re ready to take your career into your own hands, you’ve come to the right place.
MNP Digital is a national practice which offers the flexibility to be based at any MNP office within Canada.
Responsibilities
- Work with team members to conduct reconnaissance and intelligence gathering, vulnerability scans and assessments, penetration testing of mobile, network, web application, wireless, SCADA/ICS and Operational Technology environment scopes, red and purple team engagements, and social engineering
- Support the development and use of scripts and tools by the team to execute engagement work
- Support the development and coordinate the operation of engagement tools and hardware
- Support the improvements of our offensive security capability, framework, interaction models, operational procedures, and engagement delivery
- Take part in operational activates in relation to issues and delivery, taking action to coordinate mitigation activities and resources
- Undertake and adapt to unique client requests and project types that cross cyber disciplines and expertise areas
- Support a culture of continuous development of both services and our people
- Communicate engagement activities and technical findings effectively with both client technical SMEs and executive staff, preparing and delivering presentation materials to each
- Provide advice, expertise, counsel to senior leaders as input to business decisions on medium to long term strategic planning
- Provide subject matter expertise of both internal operations and industry approaches in support of bid and proposal for engagement processes
- Develop reports and materials intended for both technical and executive audiences
- Work with both clients and vendors to troubleshoot and resolve issues
- Notify clients of any potential problems in their environment
- Be self-motivated
Skills and Experience
- You can demonstrate experience of 5+ years in cybersecurity, with at least 3+ years of offensive security,
- Posses a Post-Secondary Degree or Diploma in Cybersecurity, Information Security or Technology, Computer Science or related discipline
- Multiple cybersecurity certifications from recognized institutions such as CISSP, OSCP, OSCE3, BSCP, CEH, CEPT, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, and PenTest+
- Functional knowledge of offensive technical foundations, theory, terminology (Kill Chain, TTPs, threat actors)
- Strong knowledge of:
- Shell scripting of tasks using Perl, Python, PowerShell, and other scripting languages
- Tools and platforms applicable to mobile, network, web application, and wireless testing
- Cloud penetration testing and assessment of security posture in Azure, AWS, and GCP
- Evasion techniques
- Kill Chain, TTPs, and threat actor approaches
- Security operations, processes, procedures, controls
- Working knowledge of:
- Network protocols and covert channels
- Source code review
- Exploit development
Preferred Skills
- Security and testing of SCADA/ICS and Operational Technology
- Physical security review experience
- Understanding and applied experience with industry standards and frameworks (e.g. NIST 800-53 and CSF, ISO 27001 and 27002, CSC, PCI DSS)
- Experience and working knowledge of multiple information and security domains (e.g., privacy, IT operations, security platform administration and integrations, incident response, threat intelligence, audit and risk)
- Strong presentation skills and ability to communicate effectively to both technical and executive audiences
- Strong problem-solving skills to creatively develop appropriate solutions to complex problems
- Consulting experience
MY REWARDS @ MNP
With a focus on high-potential earnings, MNP is proud to offer customized rewards that support our unique culture and a balanced lifestyle to thrive at work and outside of the office. You will be rewarded with generous base pay, vacation time, 4 paid personal days, a group pension plan with 4% matching, voluntary savings products, bonus programs, flexible benefits, mental health resources, exclusive access to perks and discounts, professional development assistance, MNP University, a flexible ‘Dress For Your Day’ environment, firm sponsored social events and more
Diversity@MNP
We embrace diversity as a core value and celebrate our differences. We believe each team member contributes unique gifts and amplifying their potential makes our business stronger. We encourage people with disabilities to apply!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure CEH CISSP Cloud Computer Science Cyber crime Exploit GCP GPEN GWAPT GXPN ICS Incident response ISO 27001 NIST NIST 800-53 Offensive security OSCP OSWE PCI DSS Pentesting Perl PowerShell Privacy Python Red team SCADA Scripting Threat intelligence TTPs Vulnerability scans
Perks/benefits: Career development Flex hours Flex vacation Health care Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs
- Open EDR-related jobs