CGI Cybersecurity (GTA) is recruiting skilled Penetration Testers to join our Offensive Security Operations practice. The Offensive Security Operations practice is responsible for handling adversary-based assessments in unique, complex or challenging environments, requiring quick turnaround and a higher degree of skill and sophistication.
This role will participate in activities ranging from threat and adversary modelling, security architecture reviews to vulnerability research and analysis, web application assessments and penetration testing.
Qualified candidates for this role must possess scripting or coding experience, be familiar with reverse engineering concepts, principles or tools and demonstrate knowledge of common network protocols and modern application stacks. Candidates should also be comfortable with API fuzzing, popping shells, privilege escalation techniques and pivoting.
Your future duties and responsibilities
• Plan, coordinate, manage and run penetration testing activities against mission critical networks, applications and systems both for internal and external CGI clients.
• Participate in management, maintenance and deployment of penetration testing tools and technologies within AWS cloud services and physical lab environment.
• Participate in the development and testing of customised penetration testing tools and exploits in support of red team engagements.
• Provide consultative guidance and advice to customers of CGI regarding vulnerability remediation including recommending workarounds or risk mitigation strategies and approaches.
• Provide secure systems and network architecture assessments and reviews in support of proposal bid processes and large-scale, technology deployment engagements.
• Develop vulnerability intelligence reports, summaries and bulletins that articulate the associated risks to client stakeholders.
Required qualifications to be successful in this role
• Bash and/or Python, PowerShell scripting skills is essential.
• Experience with Metasploit, Tenable suite of products, Cobalt Strike or Core Impact is essential.
• Experience with BurpSuite, Peach Fuzzer, CyberFlood, beSTORM, Defensics or afl-fuzz, VUzzer, Domato, Sulley, SPIKE or related technologies is strongly desired.
• Familiarity with SAST/IAST technologies and approaches is desirable.
• Understanding of ASLR/DEP bypass, ROP exploitation is desirable.
• Familiarity with emerging security analysis approaches such as symbolic and concolic execution testing is desirable.
• Advanced knowledge of common network protocols and TCP/IP stack is essential.
• Familiarity with progressive web application development technologies such as Node.js, ReactJS, Ionic, Polymer, Angular an asset.
• Experience with SharePoint security analysis is an asset.
• Experience with cloud service environments such as Amazon AWS and understanding of cloud native security concepts and principles is an asset.
• Strong communications and writing skills is essential.
• Operationally focused and results oriented mindset and approach is essential.
• Candidates with resilience, perseverance and grit are valued above all else.
- Risk Management / Analysis
- Communication (Oral/Written)
- Vulnerability Management(IAVM)
What you can expect from us
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.