Penetration Tester Consultant

We Are

Accenture Security helps organizations prepare, protect, detect, respond, and recover along all points of the security lifecycle. Cybersecurity challenges are different for every business in every industry. Leveraging our global resources and advanced technologies, we create integrated, turnkey solutions tailored to our clients’ needs across their entire value chain. Whether we’re defending against known cyberattacks, detecting and responding to the unknown, or running an entire security operations center, we will help companies build cyber resilience to grow with confidence. Our team of the security sector’s brightest people use the coolest tech to out-hack the hackers and help clients build resilience from within. We blend risk strategy, digital identity, cyber defense, application security and managed service solutions to rethink the entire security lifecycle.

You Are

Passionate about security, love what you do and have a genuine desire to outsmart the bad guys. You have the experience to analyze a clients’ security posture, anticipate security requirements and help find right-sized solutions based on industry leading practices. You have a proven track record working successfully in a fast-paced, team-oriented environment. You’re a creative, analytical problem solver with above average documentation skills who can speak to both technical and non-technical audiences. Can apply deep security skills to design, build and protect enterprise systems, applications, data, assets and people for Accenture and our clients. You are eager to put your skills to use by helping us help our clients inject security at every level of their organization.

The Work

The penetration tester consultant is responsible for creating and delivering high-quality information security solutions that address the ever-growing need for companies to secure their business critical assets, data, and resources. Penetration tester consultants are also expected to lead and deliver security engagements autonomously while providing oversight and coaching for junior resources. Consultants are also expected to work collaboratively with offshore delivery center testing personnel and be proficient on both a technical and inter-personal level while interfacing with clients.

The penetration tester consultant is expected to proficiently execute the following:

Internal/external vulnerability assessment and penetration tests

Assessing clients network security posture through the use of automated tools and manual techniques to identify and verify common security vulnerabilities

Using creative approaches to identify vulnerabilities that are commonly missed in security assessments (Windows/Unix Based, Firewalls, Routers, Servers, etc)

Application and infrastructure penetration testing (Web, IOT, Hardware, etc…)

Exploiting SQL Injection, Cross-Site Scripting, Parameter Manipulation, Session Hijacking, etc)

Exploiting vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus

Executing opportunistic, blended and chained attack scenarios that combine multiple weaknesses to compromise client environments

Creating comprehensive assessment reports that clearly identify root cause and remediation strategies

Communicating strengths and weaknesses to the client or internal project management team and developing effective solutions.

Improving methodologies, toolsets and offerings through collaborative development work and by updating team documentation

Basic Skills/qualifications

Minimum of 5 years of IT security testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments)

Minimum of 5 years of server, application and network security hardening experience (e.g., design, recommend and implementation of security hardening technical controls)

Minimum of 5 years of technical writing and report generation

Must have or be eligible for federal government security clearance (reliability level)

Preferred Skills/qualifications

Bachelor's Degree

Industry recognized certification in security (e.g., OSCP, CEH, CISSP, CISM)

Knowledge of enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, COBIT, IT General Controls, etc.)

Application development experience

Prior external-facing client services experience

Willing to travel as required

English is required for this position as this role will regularly interact with English-speaking stakeholders across Canada. Due to the significant high volume of interactions with these English-speaking stakeholders, which is inherent to this position, it is not possible to reorganize the company's activities to avoid this requirement.