Security Consultant, Offensive Security - Toronto, Canada - Herjavec Group

Herjavec Group

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

About the Company
Cyderes is a global cybersecurity powerhouse offering comprehensive solutions around managed security, identity and access management, and professional services.

Cyderes provides the people, process, and technology modern enterprises rely on to manage risk, maintain compliance, and respond to security threats with greater speed, scale, and cost-efficiency than traditional in-house solutions.

Born from the merger of two award-winning cybersecurity firms, Herjavec Group and Fishtech Group, Cyderes has six security operations centers and offices across the United States, Canada, the United Kingdom, and India.

About the Job

Cyderes is looking for a Security Consultant to join Cyderes' Offensive Security team to assist clients across a range of topics to support requests for information from organizations of many sizes and in several industries.

This consultant will focus on PEN Testing, Red Team and Purple team simulation and supervising intelligence to support a general range of topics, but may also need to support other cadences of reports, such as weekly, monthly, and quarterly reports.

Writing these reports requires the ability to work with or automate datasets from Cyderes' platforms.

Responsibilities

Performing threat analysis and recommends appropriate course of action, mitigation, and remediation in response to security events and trends
Correlates and analyzes threat data from various sources to establish the identity of malicious users active in the computing environment.
Produce and review intelligence summaries accessible to all clients.
Engage with clients across report lifecycle: Initial scoping, finished intelligence delivery, and followup review / support
Develop novel, automated, or simpler processes for regular research and analysis
Track cyber threat trends across industries and technologies, and generate better ways to do so
Work on projects across multiple research teams with sometimes tight deadlines
Provide support in design and development of purple team and red team exercises performing adversary simulations to test client controls.
Create comprehensive reports and effectively communicate findings to key stakeholders (technical and/or executive).
Develop scripts, tools, or methodologies to enhance Cyderes' red teaming processes.

Requirements:

Certifications such as CISSP, GSEC, GIAC, OSCP, CPT are preferred
Experience with Tenable.

IO, Recorded Future, PlexTrac and Cymulate preferred

23 years of experience in three of the following areas:
Experience with Active directory (AD) and Kerberos
Experience conducting vulnerability management and assessments
Experience conducting social engineering assessments
Experience conducting Purple Team and Red Team exercises
Experience with programming using one or more of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting, automation, and editing existing code
Developing, extending, or modifying exploits, shellcode or exploit tools
Reverse engineering malware, data obfuscators, or ciphers
Source code review for control flow and security flaws
General knowledge of the MITRE ATT&CK Framework
Thorough understanding of network protocols, data on the wire, and covert channels
Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

Additional Qualifications

Ability to travel up to 20%
Ability to successfully interface with clients
Ability to document and explain technical details in a concise, understandable manner
Ability to manage and balance own time among multiple tasks