Meet our professionals
Build a Career that Matters at CGI’s Lafayette Center
Supports the enterprise threat emulation and pen-testing program, which includes but is not limited to evaluating the security of the organization's IT infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie by simulating attacks on networks, firewalls, operating systems, operational technology and web applications to identify vulnerabilities, and report the findings.
Your future duties and responsibilities
• Develop test procedures and/or document recommendations for test plan modifications that improve validation of cybersecurity controls. Test procedures may cover a wide range of technically diverse such as but not limited to IP network discovery, password length and complexity requirements and vulnerability exploitation.
• Knowledge of APT TTPs and how to replicate their attack methodology.
• Ability to work with publicly available exploits and PoC code.
• Write penetration testing rules of engagements, test plans, standard operating procedures and reports.
• Thoroughly document exploit chain/proof of concept scenarios.
• Research and remain up-to-date with new threats and adversary emulation methodologies.
• Expertise in testing web applications for common web application security vulnerabilities including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues.
• Hands-on expertise with commercial and open-source cyber security tools such as proxies, port scanners, vulnerability scanners, exploit frameworks (ex: Burp Suite, Nmap, Metasploit, Cobalt Strike, Nexpose/IVM).
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Penetration testing experience with web applications, operating systems, network protocols, wireless, mobile, databases and middleware.
• Must be willing to travel as needed (10%)
• Process cyber threat intelligence in accordance with the "intelligence cycle": direction, collection, processing, analysis, dissemination, and feedback from open source, paid subscriptions, and government sources.
• The position may require occasional travel to other countries.
• Support physical security pen-tests
• Evaluate system vulnerabilities for Windows, Linux, Unix operating systems, network topologies & infrastructure devices, databases, operational technology and ensure risk remediation before and after vulnerability scans
• Work effectively with others in the Information & Technology organization, operations in support of security policies and standards.
Must have the ability to manage a small team
Required qualifications to be successful in this role
• Bachelor's degree in technical field (Computer Science, Information Systems, Information Systems Security) or 4+ years of equivalent background and experience in red team operations, penetration testing, or cyber threat emulation
• Experience in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security
• Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Understanding security fundamentals and common vulnerabilities such OWASP Top Ten and CIS Critical Security Controls.
• Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls
• Ability to understand information security risks associated with vulnerability testing, patch management, and secure configuration management.
• Experience with common commercial and open source penetration tools such as Kali Linux, Burp Suite Pro, Metasploit and password cracking tools.
• Possess planning, interpersonal, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
• Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
• Have the ability to apply logic and reason to solve complex problems.
• Ability to establish and maintain multi-functional and positive working relationships.
• Advanced computer skills and proficiency.
• Strong interpersonal and networking skills with a solid ability to work in a team environment.
• Ability to work under stressful and tight deadlines as well as the ability to lead in a fast-paced environment.
• Above average computer hardware and software knowledge.
• Ability to multi-task, discerns patterns in detail.
• Think through problems for logical solutions and remain calm and professional under stress.
• Strong decision-making ability during both crisis and non-crisis situations.
• Able to work with highly confidential information.
- Vulnerability Assessment(IAVA)
- Network Administration
What you can expect from us
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com. You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned.
We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.