Senior Security Engineer - Vulnerability Program

In a world where technology is constantly advancing, safeguarding data and keeping systems dependable is more important than ever. Our security team is seeking a Senior Security Consultant to take on complex security challenges, guide peers, and help strengthen our approach to managing vulnerabilities across the organization.

This position combines advisory work with hands-on involvement in areas such as security assessments, application testing, and vulnerability management. You’ll work with enterprise tools, create custom solutions, and design processes that raise security standards across a wide variety of systems and environments.

Responsibilities

· Serve as a trusted advisor to internal stakeholders, reinforcing a “customer-first” approach to security outcomes.

· Lead projects and client engagements, preparing detailed reports and presentations that translate complex technical findings into actionable recommendations.

· Design, implement, and evolve the organization’s Vulnerability Management Program, working with multiple data sources and cross-functional teams.

· Conduct penetration tests and security assessments using industry-standard methodologies (OSINT, PTES, OSSTMM).

· Build and automate security workflows for vulnerability scanning, risk prioritization, remediation tracking, and reporting to improve remediation velocity.

· Apply the MITRE ATT&CK framework to assess detection and response capabilities through assumed-breach scenarios.

· Conduct application security assessments following OWASP Web/Mobile Testing Guides to evaluate security posture and validate mitigations.

· Review and validate findings from third-party penetration tests, ensuring proper remediation.

· Contribute to the definition and documentation of Offensive Security Tactics, Techniques, and Procedures (TTPs) and support SecOps incident response playbook development.

· Integrate security testing and reporting into the SDLC to support “shift left” initiatives.

· Mentor junior team members and help raise the overall security maturity of the organization.

Qualifications:

· 7+ years of experience in IT security, with at least 5+ years specializing in vulnerability management, penetration testing, red teaming, or application security.

· Strong background in automating security processes using scripting languages such as Python, PowerShell, JavaScript, Bash, Ruby, or Perl.

· Experience working with frameworks and methodologies such as:

· MITRE ATT&CK

· OWASP ASVS / WSTG

· MASVS / MASTG

· PTES, OSSTMM

· Ability to lead complex security initiatives, solve problems collaboratively, and influence stakeholders across technical and business teams.

· Excellent communication and report-writing skills, capable of translating technical issues into clear business impact.

· Must be able to obtain (or already possess) Government of Canada Reliability Status clearance.

Preferred Certifications

· Penetration Testing: CREST CRT, OSCP, OSCE, OSEP, GPEN, eCPT, PNPT, OSWP

· Red Teaming: CRTP, CRTO (1/2), CRTE

· Application Security: BurpSuite Certified Practitioner, OSWE, GWAPT, eWPT

· Mobile Application Security: GMOB, EMAPT

· Cloud Security: CCSP, CARTP, CAWASP, PACSP

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity:

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 12594