Job Description
We have an exciting career opportunity for a motivated Penetration tester. This is a 100% remote, permanent, full-time position to start immediately.
Vumetric is a leading provider of penetration testing services. Our customers include leading enterprises, government organizations and SMBs. You will be joining an exciting and rapidly growing company. This is an outstanding position offering an attractive salary, defined career path, and excellent support from existing team members.
About You
- You are currently based in Canada and eligible to work without sponsorship
- You are passionate about cybersecurity with an Ethical Hacker mindset.
- You have a desire to work in a fast moving, forward leaning, and modern technological environment
- You have a strong desire to continually learn about new technologies
- You can document and explain technical details in a concise, understandable manner
- You are able to handle multiple concurrent tasks and shifting priorities
- You have the ability to work independently and within a team
Responsibilities
- Perform network, Web, and mobile application penetration testing
- Document and build comprehensive reports based on test findings
- Stay up to date on current tools, technologies, and vulnerabilities
- Effectively communicate findings and recommendations to client stakeholders
- Enhance and update Vumetric testing methodologies, processes, and standards documentation
Requirements
- At least 3 years of experience in penetration testing
- Knowledge of common application-level vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Hands-on expertise with commercial and open-source penetration testing tools (ex: Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, CANVAS, SQLMap, Empire, etc.).
- Understanding of Linux/Windows-based operating systems
- Programming skills in Python, Powershell, Ruby, or other relevant languages.
- Knowledge of common penetration testing methodology and standards (PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, etc.)
Additional Qualifications
- Knowledge of common cloud-based infrastructure (AWS, Azure, GCP etc.)
- Open-source contributions
- Experience with CTFs and/or bug bounties
- Experience with software development
- Bilingual (English & French)
Certifications (Assets)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Security Analyst (ECSA)
Clearance
The successful candidate will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
