Senior Security Consultant

Description

Join our team
 

We live in and work in a rapidly evolving digital world where cyber security is critical. Protecting information and ensuring the reliability of network and services is paramount. The TELUS Health CSO team strives to always be steps ahead, tackling the toughest cyber security challenges head-on with top talent and cutting-edge technology.

**Please note that we have a mandatory requirement to achieve Secret Level II clearance. Candidates that cannot achieve this level are not able to perform the mandatory job functions.

Here's the impact you'll make and what we’ll accomplish together

Reporting to the Manager, Offensive Security, we are seeking an experienced Senior Security Consultant to join the team, mentor other consultants, and support our emulation of threats across our enterprise infrastructure and applications (Mobile and Web). This work will combine aspects of 3rd party consulting with in-house product security advisory, penetration testing, application security, red teaming, DevSecOps. You’ll get the opportunity to leverage enterprise grade tools and also develop in house security tooling and integrations. The goal is thorough security validation at scale across many disparate systems, networks and technology stacks. Not only will you assist in identifying gaps, you’ll also be a key contributor to our remediation efforts. When applicable, you’ll help automate and create new processes to avoid the same issues in the future.

The TELUS Health CSO team is committed to providing excellence in securing our internal and customers’ data and systems, ensuring world-class reliability of security networks and systems, and improving our overall cyber security posture. We manage our cyber risks and provide industry leading cyber governance, assurance and oversight to secure our data.

You’ll partner with industry leaders to meet the cyber security needs of both TELUS Health and our customers to meet the demands of an increasingly complex and ever-changing cyber security landscape. We are passionate about learning and growing as individuals and as a team, all of which enables us to thrive in a dynamic, fast-paced environment.

What you’ll do

Please note we understand that this role does span/merge across many traditional security testing specializations. We welcome security testing specialists and generalists alike for this role, we merely require the willingness to grow and learn.

• Reinforce TELUS Health's Customers First values in ensuring positive security outcomes for external customers and internal stakeholders
• Provide deep cyber security technical knowledge and support to business and development operations teams
• Lead projects and client engagements and write reports and prepare presentations, making use of your communication skills to explain technical findings to non-technical crowds
• Work with multiple security engagement tools, platforms and scripts in live client environments and conduct infrastructure vulnerability scanning and penetration tests. You’ll get the opportunity to design and implement a wide range of testing scenarios that emulate different threat actor sophistications across different assets. A few examples below that will fall within the team:
• Periodic Black Box penetration tests using OSINT, PTES, OSSTMM methodologies on a list of domains and IP ranges
• An assumed breach scenario and applying the MITRE ATT&CK framework to assess our ability to detect and respond to a wide range of adversarial TTPs
• Application security assessments using OWASP Web/Mobile application Security Testing Guide to verify an application’s security posture related to the associated OWASP (M)ASVS Level
• Threat Modeling and Secure Code review of a new application feature introduced into a product
• Review 3rd party penetration tests to validate the findings and ensure that the mitigations are properly implemented
• Set up attacker infrastructure for C2 communications
• Contribute to Offensive Security Tactics, Techniques and Procedures and aid the SecOps team with the Incident Response playbook definition
• Contribute to our “shift left” application security strategy by automating testing and reporting into the SDLC pipeline
• Write clear reports that summarize findings, detail and prioritize remediation strategies

What you bring

• 5+ years in a combination of vulnerability scanning, penetration testing, red teaming, application (web, mobile) security testing
• 7 + years of demonstrable technical security and privacy experience in IT and networks, ideally in a professional role or consultative capacity
• Demonstrate aptitude to automate your testing at scale using scripting languages (Python, Powershell, Javascript, Perl, Bash, Ruby, etc…)
• Flexibility and comfortable with ambiguity, you enjoy working with others to “figure it out” when needed
• Strong interpersonal and influencing skills to build relationships with key stakeholders
• You’ll have experience working at least a few combinations of the following:
• MITRE ATT&CK
• BSIMM, OPENSAMM, OWASP ASVS and WSTG
• MASVS, MASTG
• PTES, OSSTMM
• Ideally you will possess two or more of the following certifications (or any credible security testing certifications):
• Penetration Testing
• CREST CRT, OSCP, OSCE, OSEP, GPEN, eCPT, eCPTX, HTB CPTS, OSWP, PNPT
• Red Teaming
• CRTP, CRTO (1 and/or 2), CRTE
• Application Security
• BurpSuite Certified Practitioner, OSWE, GWAPT, eWPT
• Mobile Application Security
• GMOB, EMAPT
• Cloud Security 
• CCSP, CARTP, CAWASP, PACSP

Nice to haves

• Previous experience in IT administration or software development
• Reverse engineering
• Exploit development and research
• Open source contribution to a project or the security community
• Mentoring