Principal Penetration Tester

Requisition ID: 223823

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Team

Scotiabank’s Cyber Security Red Team is responsible for delivery of offensive security services across Scotiabank globally, conducting annual & release penetration testing engagements, control effectiveness testing, purple team engagements, and security assessments through threat emulation, and adversarial means.

The Role

The Cyber Security Red Team (CSRT) is looking for a Principle Penetration Tester, with expertise in Network & Server Infrastructure Testing and/or Web Application Penetration testing to join our internal team. As a principle member of team, you will help shape and enhance our internal testing practices, and work closely with the Service Advisory & Coordination team, on complex engagements to assess scope and level of effort based on identified areas of risk, and execute assigned engagements as the principle tester, in alignment to industry frameworks.

Is this role right for you? In this role you will:

• This role is ideal for experienced penetration testers who are looking to further develop their expertise and skills.
• You enjoy working in a collaborative team, and sharing your ideas, perspective, and experience.
• You have a natural curiosity for how things work, exploring unknowns, and unafraid to test perceived limitations.
• You take initiative and dedicate time to continuing your education, practising your craft, and honing your skills.
• You adhere to strong morale and ethical standard
• You have strong customer service skills
  
  

Skills

Do you have the skills that will enable you to succeed in this role? We’d love to work with you if you have:

• Candidates should have 5+ years of experience performing penetration tests
• The ideal candidate has achieved multiple industry certifications, and at least one advanced level certifications (OSCP ,GCPN, OSWE, GWAN, OSWP, or equivalent).
• Experienced in scoping penetration testing engagements to assess plausible attack vectors, accurately estimate level of effort, and determine the best approach to test areas of risk.
• Able to develop executive level reports, write penetration testing reports and executive summaries with minimal error or edits
• Ability to execute testing engagements against complex projects and systems
• Experienced in developing custom tooling, leverage whitepapers and online resources to enhance testing
• Possesses an in-depth understanding of testing methodologies, within their area of expertise. (ex OWASP Web & Mobile testing methodologies and OSSTMM, and the MITRE ATT&CK Framework.)
• You possess strong communication (verbal/written/presentation) skills in English. The same in Spanish would be a strong asset as Scotiabank as a strong presence in Latin American Countries.
  
  

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Dynamic Ecosystem - Free tea & coffee, universal washrooms, and lots of space for team collaboration.
• Community Engagement - No matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital and much more!
  
  

Working location condition: Hybrid

Location(s): Canada : Ontario : Scarborough