Cyber Security Specialist - Red Team (Montreal, QC)

Company Description

SSENSE (pronounced [es-uhns]) is a global technology platform operating at the intersection of culture, community, and commerce. Headquartered in Montreal, it features a mix of established and emerging luxury brands across womenswear, menswear, kidswear, and Everything Else.

SSENSE has garnered critical acclaim as both an e-commerce engine and a producer of cultural content, generating an average of 100 million monthly page views. Approximately 80% of its audience is between the ages of 18 to 40. It is privately held and has achieved high double digit annual growth and profitability since its inception.

Job Description

SSENSE is looking for a Red Team Cyber Security Specialist to join the Information Security team. They will work seamlessly within the Information Security team and with our Platform and Engineering teams to drive all aspects of Security for SSENSE.  This team is responsible for challenging and improving SSENSE’s overall cybersecurity capabilities by driving Red Team assessments and automated emulation of adversary techniques.

Reporting to the Enterprise Security Architect, the Red Team Cyber Security Specialist is responsible for supporting SSENSE IT product and engineering teams in helping to identify, manage remediation, and mitigate vulnerabilities in SSENSE’s environment. You'll act as an advisor to help build standards, policies, and set improved guidelines for SSENSE to ensure the reliability, availability, and security of SSENSE, its customers and its partners.

Security Testing/ Red Team activities (50%):

• Setup and drive an automated internal testing simulation to spot gaps in our detection solutions.
• Build up and operate a lab for testing purposes incl. hacking workbench.
• Run and explore new hacking tools and frameworks in our environment.
• Perform end to end Red Team engagements including follow-up activities (e.g. lessons learned, result presentations to management and peers).
• Continuously improve our defensive capabilities, e.g. by running adversary simulations, tabletop exercises.
• Perform testing and analysis of new exploits/PoCs affecting products in our environment.
• Enable and guide new team members.

Security project support (35%):

• Co-develop and initiate security improvement activities and initiatives related to internal projects
• Perform security evaluations and assessments of projects and third parties
• Provide suggestions and input into security policies and standards for SSENSE
• Monitor relevant security dashboards and tools for areas of concern and document and manage risk mitigation/acceptance accordingly

Security operations support (15%):

• Provide hands-on support to our internal Security Incident Management team in case of high-severity incidents.
• Support evaluation of new Information Security Operations solutions
• Support in managing and operating enterprise security tools
• Identify, recommend, and coordinate improvements and enhancements to network and system security
• Detect and assess threats, incidents, and determine potential impact and mitigations

Qualifications

Requirements 

• BA/BS or MS Degree in Computer Science or 5+ years of industry experience. 
• A minimum of 3 years hands-on working experience in Red Team operations and/or network Penetration Testing in an enterprise, military or law enforcement environment. 
• In-depth security knowledge on one of the following: Active Directory, AWS, Google Cloud Infrastructure.
• Hands-on experience with well known Red Team tools like Cobalt Strike, Metasploit, Bloodhound, Mythic etc. 
• Proficiency with at least one scripting language (e.g. Python, Bash, Powershell …). 
• Certification preferred:
  • Security+
  • Offensive Security Certifications (e.g. OSCP, OSCE, OSED)
  • SANS GDAT, GXPN, GPEN

SKILLS

• Ability to communicate technical concepts and complexity to all types of audiences
• Strong Incident management expertise
• Knowledge on investigation and forensics 
• Strong collaboration and influencing skills
• High work ethic and results-oriented
• High sense of accountability and ownership
• Solution-oriented mindset and can-do attitude to overcome challenges
• Team player with superior communication skills 
• Ability to thrive in a fast-paced environment and master frequently changing technologies and techniques

Additional Information

WORLD CLASS TECHNOLOGY 

Technology is at the core of everything we do at SSENSE. Driven by an engineering mindset and a problem-solving attitude, we blend fashion with technology to deliver an unparalleled experience to our customers as we build seamless, custom solutions to deliver the SSENSE offering. 

WORLD CLASS TEAM
The SSENSE tech team is responsible for an international headless commerce platform. Working in an agile environment, our squads are made up of experienced innovators in Product Management, QA, Design, DevOps, Software Development, Machine Learning, Data Engineering, and Security. Headquartered in Montreal, our technology organization has been growing at a rate of 2X year-over-year and is doubling once again in 2021 as we expand across Canada, US, and Europe.  

WORLD CLASS PLATFORM 

The SSENSE platform runs on Amazon Web Services making use of serverless microservices across web, mobile and app. Our event-source architecture already achieves over 10,000 requests / second and growing at an unmatched pace, currently unseen across the industry.  Our data-driven culture of innovation empowers every product team across the tech organization to explore building, testing and learning with the latest in Machine Learning techniques. Our automated continuous improvement DevOps model (making use of both blue / green and canary deployments) results in an average of 50 production releases every day.  

Read more about us on our SSENSE Tech Blog.