Principal Security Penetration Tester, Canada
Aon
Date: 2 weeks ago
City: Quebec City, QC
Contract type: Full time
The Proactive Security Testing team is looking for motivated individuals to add to its team. We provide a phenomenal work environment that offers a healthy combination of autonomy and senior level support. We publish books and security blogs, delivers conference talks, contributes to open-source software projects, and are engaged in many continuous security research projects.
Applicants must be legally authorized to work in Canada. This role is not eligible for sponsorship. We are unable to sponsor or take over sponsorship of an employment visa or work permit.
Aon is in the business of better decisions.
At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.
What The Day Will Look Like
As a Principal Security Penetration Tester (termed internally as a “Security Testing Manager”), you will serve as a senior member of the penetration testing team. In addition, the person in the role will do the following:
In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of
work... and we are all for it. We call this Smartworking!
Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.
Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.
Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.
We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email [email protected]
2024-82302
Applicants must be legally authorized to work in Canada. This role is not eligible for sponsorship. We are unable to sponsor or take over sponsorship of an employment visa or work permit.
Aon is in the business of better decisions.
At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.
What The Day Will Look Like
As a Principal Security Penetration Tester (termed internally as a “Security Testing Manager”), you will serve as a senior member of the penetration testing team. In addition, the person in the role will do the following:
- Perform penetration testing activities focused on assessing the security of web applications, mobile applications, APIs, and thick clients.
- Conduct complex hybrid web application security assessments, involving code review and dynamic application testing applying a combination of static and dynamic source code analysis techniques.
- Perform infrastructure penetration testing, including external/internal penetration testing, red teams, etc.
- Write test harnesses to help identify and proof-of-concept potential security vulnerabilities.
- Clearly communicate vulnerabilities to client development teams during and post-assessment.
- Document technical issues identified during security assessments, outlining the associated risks for clients, and providing tailored recommendations for remediation.
- Assist colleagues in pre-sales scoping activities for penetration testing engagements.
- Offer technical mentorship and career development guidance to junior engineers within the organization.
- Engage in vulnerability research to produce blog posts, conference talks, whitepapers, etc.
- Contribute to internal business operations by participating in and suggesting process improvements.
- Develop, update, and improve internal tooling used for reporting and penetration testing.
- Partner with the team in the recruitment of new penetration testing talent including reviewing resumes and conducting interviews.
- 5+ years of hands-on penetration testing and/or bug bounty experience against web/mobile applications, beyond running automated tools.
- Proven track record of 5 more years performing network/infrastructure penetration testing.
- Some expertise in development and/or source code review, focusing on languages such as Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective C/C++, Kotlin, etc.
- Current experience with testing techniques and tooling, such as Burp Suite and other fuzzers/proxies.
- Up to date experience with code review scanning tools, such as Fortify, Semgrep, etc.
- Deep knowledge of common software vulnerabilities, such as those described in the OWASP Top 10 and CWE/SANS Top 25.
- Possesses a solid grasp of Unix, Windows, and network security.
- Ability to work remotely as part of a distributed team and travel to client sites when required.
- Superb communication (written & verbal) in English, to present sophisticated technical topics concisely to both technical and business audiences.
- Experience at an existing consulting firm as a penetration tester
- Experience performing hands-on mobile application penetration testing on iOS and/or Android platforms.
- Understanding how to build and maintain Red Team Command and Control systems.
- Experience developing custom scripts or tools used for vulnerability scanning and identification.
- Experience with Bug Bounties, reporting critical/high risk issues to programs.
- Experience with exploit development and reverse engineering.
- Degree in Computer Science, Information Systems, Engineering, or related major and/or equivalent experience.
- Reputable security certifications, including but not limited to: OSCP, OSWE, GWAPT, OSEE, OSCE/OSED, GPEN, GXPN, BSCP
- Produced public facing research and/or delivered presentations at well-known industry security conferences.
In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognise that flexibility goes beyond just the place of
work... and we are all for it. We call this Smartworking!
Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.
Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.
Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status.
We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email [email protected]
2024-82302
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Product Manager, Blockchain
Chainalysis,
Quebec City, QC
2 days ago
Chainalysis is one of the fastest growing companies in the cryptocurrency space. We’re known for building trust in the cryptocurrency industry as the leading provider of software that enables government agencies and private sector businesses across the world to detect and prevent cryptocurrency crime and money laundering. Our work is only becoming more important as cryptocurrency enters the mainstream.We are...
Technicienne / Technicien Frigoriste
Carrier Refrigeration,
Quebec City, QC
4 days ago
CountryCanadaLocation: LOC13095: Offsite Remote Location - Quebec City, Quebec, CanadaÀ propos de CarrierCarrier Service Commercial est l'un des principaux fournisseurs de systèmes de chauffage, de ventilation, de climatisation et de réfrigération, de contrôle et d'automatisation des bâtiments, ainsi que de systèmes d'incendie et de sécurité menant à des bâtiments plus sûrs, plus intelligents, durables et performants.Carrier est le leader mondial...
Gestionnaire de la réussite des clients - marché intermédiaire
FranklinCovey,
Quebec City, QC
1 week ago
“We enable greatness in people and organizations everywhere.”FranklinCovey (NYSE: FC) is the workplace of choice for Achievers with Heart. We are one of the largest and most trusted leadership companies in the world, with directly owned and licensee partner offices in over 160 countries and territories. With more than 2,000 global associates, FranklinCovey transforms organizations by partnering with clients to...