Senior Consultant, Offensive Security

What do you think of when you hear the name MNP?  Most likely tax and accounting, but as one of Canada’s largest consulting organizations, we’re so much more! We’re also serious about technology.

Make an impact with our Cyber Security & Privacy team as Senior Consultant Cyber Offensive Security Team. This diverse team of tech-savvy problem solvers understands clients’ unique needs and embraces the possibilities technology brings to an evolving business landscape. As a trusted advisor, you’ll enable clients to take a proactive and prepared approach to cyber crime and capitalize on new technologies and innovations to deliver business results as well as build and maintain customer trust.

You will be a key member of a skilled team and will leverage your deep understanding of networks and cloud architecture to conduct penetration tests, vulnerability assessments, and red team exercises while evading detection and prevention controls and exploit technical and business gaps to access the target’s crown jewels.

At MNP Digital, we’re a team of highly skilled and creative thinkers that continuously support and learn from each other. We pride ourselves on translating our clients’ challenges into real results by leveraging technology – and that all starts with having the right people to deliver. We’ve created an environment where you’ll continuously grow, always have a voice and collaborate on work that’s meaningful and fulfilling. If you’re ready to take your career into your own hands, you’ve come to the right place.

MNP Digital is a national practice which offers the flexibility to be based at any MNP office within Canada.

Responsibilities

• Work with team members to conduct reconnaissance and intelligence gathering, vulnerability scans and assessments, penetration testing of mobile, network, web application, wireless, SCADA/ICS and Operational Technology environment scopes, red and purple team engagements, and social engineering
• Support the development and use of scripts and tools by the team to execute engagement work
• Support the development and coordinate the operation of engagement tools and hardware
• Support the improvements of our offensive security capability, framework, interaction models, operational procedures, and engagement delivery
• Take part in operational activates in relation to issues and delivery, taking action to coordinate mitigation activities and resources
• Undertake and adapt to unique client requests and project types that cross cyber disciplines and expertise areas
• Support a culture of continuous development of both services and our people
• Communicate engagement activities and technical findings effectively with both client technical SMEs and executive staff, preparing and delivering presentation materials to each
• Provide advice, expertise, counsel to senior leaders as input to business decisions on medium to long term strategic planning
• Provide subject matter expertise of both internal operations and industry approaches in support of bid and proposal for engagement processes
• Develop reports and materials intended for both technical and executive audiences
• Work with both clients and vendors to troubleshoot and resolve issues
• Notify clients of any potential problems in their environment
• Be self-motivated

Skills and Experience

• You can demonstrate experience of 5+ years in cybersecurity, with at least 3+ years of offensive security,
• Posses a Post-Secondary Degree or Diploma in Cybersecurity, Information Security or Technology, Computer Science or related discipline
• Multiple cybersecurity certifications from recognized institutions such as CISSP, OSCP, OSCE3, BSCP, CEH, CEPT, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, and PenTest+
• Functional knowledge of offensive technical foundations, theory, terminology (Kill Chain, TTPs, threat actors)
• Strong knowledge of:
  • Shell scripting of tasks using Perl, Python, PowerShell, and other scripting languages
  • Tools and platforms applicable to mobile, network, web application, and wireless testing
  • Cloud penetration testing and assessment of security posture in Azure, AWS, and GCP
  • Evasion techniques
  • Kill Chain, TTPs, and threat actor approaches
  • Security operations, processes, procedures, controls
• Working knowledge of:
  • Network protocols and covert channels
  • Source code review
  • Exploit development

Preferred Skills

• Security and testing of SCADA/ICS and Operational Technology
• Physical security review experience
• Understanding and applied experience with industry standards and frameworks (e.g. NIST 800-53 and CSF, ISO 27001 and 27002, CSC, PCI DSS)
• Experience and working knowledge of multiple information and security domains (e.g., privacy, IT operations, security platform administration and integrations, incident response, threat intelligence, audit and risk)
• Strong presentation skills and ability to communicate effectively to both technical and executive audiences
• Strong problem-solving skills to creatively develop appropriate solutions to complex problems
• Consulting experience

MY REWARDS @ MNP

With a focus on high-potential earnings, MNP is proud to offer customized rewards that support our unique culture and a balanced lifestyle to thrive at work and outside of the office. You will be rewarded with generous base pay, vacation time, 4 paid personal days, a group pension plan with 4% matching, voluntary savings products, bonus programs, flexible benefits, mental health resources, exclusive access to perks and discounts, professional development assistance, MNP University, a flexible ‘Dress For Your Day’ environment, firm sponsored social events and more

Diversity@MNP

We embrace diversity as a core value and celebrate our differences. We believe each team member contributes unique gifts and amplifying their potential makes our business stronger. We encourage people with disabilities to apply!