Cyber Security Specialist - Red Team (Montreal, QC)
Montreal, QC, Canada
Company Description
SSENSE (pronounced [es-uhns]) is a global technology platform operating at the intersection of culture, community, and commerce. Headquartered in Montreal, it features a mix of established and emerging luxury brands across womenswear, menswear, kidswear, and Everything Else.
SSENSE has garnered critical acclaim as both an e-commerce engine and a producer of cultural content, generating an average of 100 million monthly page views. Approximately 80% of its audience is between the ages of 18 to 40. It is privately held and has achieved high double digit annual growth and profitability since its inception.
Job Description
SSENSE is looking for a Red Team Cyber Security Specialist to join the Information Security team. They will work seamlessly within the Information Security team and with our Platform and Engineering teams to drive all aspects of Security for SSENSE. This team is responsible for challenging and improving SSENSE’s overall cybersecurity capabilities by driving Red Team assessments and automated emulation of adversary techniques.
Reporting to the Enterprise Security Architect, the Red Team Cyber Security Specialist is responsible for supporting SSENSE IT product and engineering teams in helping to identify, manage remediation, and mitigate vulnerabilities in SSENSE’s environment. You'll act as an advisor to help build standards, policies, and set improved guidelines for SSENSE to ensure the reliability, availability, and security of SSENSE, its customers and its partners.
Security Testing/ Red Team activities (50%):
- Setup and drive an automated internal testing simulation to spot gaps in our detection solutions.
- Build up and operate a lab for testing purposes incl. hacking workbench.
- Run and explore new hacking tools and frameworks in our environment.
- Perform end to end Red Team engagements including follow-up activities (e.g. lessons learned, result presentations to management and peers).
- Continuously improve our defensive capabilities, e.g. by running adversary simulations, tabletop exercises.
- Perform testing and analysis of new exploits/PoCs affecting products in our environment.
- Enable and guide new team members.
Security project support (35%):
- Co-develop and initiate security improvement activities and initiatives related to internal projects
- Perform security evaluations and assessments of projects and third parties
- Provide suggestions and input into security policies and standards for SSENSE
- Monitor relevant security dashboards and tools for areas of concern and document and manage risk mitigation/acceptance accordingly
Security operations support (15%):
- Provide hands-on support to our internal Security Incident Management team in case of high-severity incidents.
- Support evaluation of new Information Security Operations solutions
- Support in managing and operating enterprise security tools
- Identify, recommend, and coordinate improvements and enhancements to network and system security
- Detect and assess threats, incidents, and determine potential impact and mitigations
Qualifications
Requirements
- BA/BS or MS Degree in Computer Science or 5+ years of industry experience.
- A minimum of 3 years hands-on working experience in Red Team operations and/or network Penetration Testing in an enterprise, military or law enforcement environment.
- In-depth security knowledge on one of the following: Active Directory, AWS, Google Cloud Infrastructure.
- Hands-on experience with well known Red Team tools like Cobalt Strike, Metasploit, Bloodhound, Mythic etc.
- Proficiency with at least one scripting language (e.g. Python, Bash, Powershell …).
- Certification preferred:
- Security+
- Offensive Security Certifications (e.g. OSCP, OSCE, OSED)
- SANS GDAT, GXPN, GPEN
SKILLS
- Ability to communicate technical concepts and complexity to all types of audiences
- Strong Incident management expertise
- Knowledge on investigation and forensics
- Strong collaboration and influencing skills
- High work ethic and results-oriented
- High sense of accountability and ownership
- Solution-oriented mindset and can-do attitude to overcome challenges
- Team player with superior communication skills
- Ability to thrive in a fast-paced environment and master frequently changing technologies and techniques
Additional Information
WORLD CLASS TECHNOLOGY
Technology is at the core of everything we do at SSENSE. Driven by an engineering mindset and a problem-solving attitude, we blend fashion with technology to deliver an unparalleled experience to our customers as we build seamless, custom solutions to deliver the SSENSE offering.
WORLD CLASS TEAM
The SSENSE tech team is responsible for an international headless commerce platform. Working in an agile environment, our squads are made up of experienced innovators in Product Management, QA, Design, DevOps, Software Development, Machine Learning, Data Engineering, and Security. Headquartered in Montreal, our technology organization has been growing at a rate of 2X year-over-year and is doubling once again in 2021 as we expand across Canada, US, and Europe.
WORLD CLASS PLATFORM
The SSENSE platform runs on Amazon Web Services making use of serverless microservices across web, mobile and app. Our event-source architecture already achieves over 10,000 requests / second and growing at an unmatched pace, currently unseen across the industry. Our data-driven culture of innovation empowers every product team across the tech organization to explore building, testing and learning with the latest in Machine Learning techniques. Our automated continuous improvement DevOps model (making use of both blue / green and canary deployments) results in an average of 50 production releases every day.
Read more about us on our SSENSE Tech Blog.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Agile AWS Bash Cloud Cobalt Strike Computer Science DevOps E-commerce Exploits Forensics GCP GPEN GXPN Machine Learning Metasploit Microservices Offensive security OSCE OSCP Pentesting POCs PowerShell Python Red team SANS Scripting Vulnerabilities
Perks/benefits: Career development Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs