Job Description
Senior Consultant, Cyber Offensive Security
MNP
MNP is a leading accounting firm in Canada. Connect with your local office for tax services and business consulting. We're here to help.
View company page
What do you think of when you hear the name MNP? Most likely tax and accounting, but as one of Canada’s largest consulting organizations, we’re so much more! We’re also serious about technology.
Make an impact with our Cyber Security & Privacy team as
Senior Consultant Cyber
Offensive Security Team . This diverse team of tech-savvy problem solvers understands clients’ unique needs and embraces the possibilities technology brings to an evolving business landscape. As a trusted advisor, you’ll enable clients to take a proactive and prepared approach to cyber crime and capitalize on new technologies and innovations to deliver business results as well as build and maintain customer trust.
You will be a key member of a skilled team and will leverage your deep understanding of networks and cloud
architecture to conduct penetration tests, vulnerability assessments, and red team exercises while evading detection and prevention controls and exploit technical and business gaps to access the target’s crown jewels.
At MNP Digital, we’re a team of highly skilled and creative thinkers that continuously support and learn from each other. We pride ourselves on translating our clients’ challenges into real results by leveraging technology – and that all starts with having the right people to deliver. We’ve created an environment where you’ll continuously grow, always have a voice and collaborate on work that’s meaningful and fulfilling. If you’re ready to take your career into your own hands, you’ve come to the right place.
MNP Digital is a national practice which offers the flexibility to be based at any MNP office within Canada.
Responsibilities
Work with team members to conduct reconnaissance and intelligence gathering, vulnerability scans and assessments, penetration testing of mobile, network, web application, wireless, SCADA/ICS and Operational Technology environment scopes, red and purple team engagements, and social engineering
Support the development and use of scripts and tools by the team to execute engagement work
Support the development and coordinate the operation of engagement tools and hardware
Support the improvements of our offensive security capability, framework, interaction models, operational procedures, and engagement delivery
Take part in operational activates in relation to issues and delivery, taking action to coordinate mitigation activities and resources
Undertake and adapt to unique client requests and project types that cross cyber disciplines and expertise areas
Support a culture of continuous development of both services and our people
Communicate engagement activities and technical findings effectively with both client technical SMEs and executive staff, preparing and delivering presentation materials to each
Provide advice, expertise, counsel to senior leaders as input to business decisions on medium to long term strategic planning
Provide subject matter expertise of both internal operations and industry approaches in support of bid and proposal for engagement processes
Develop reports and materials intended for both technical and executive audiences
Work with both clients and vendors to troubleshoot and resolve issues
Notify clients of any potential problems in their environment
Be self-motivated
Skills and Experience
You can demonstrate experience of 5+ years in cybersecurity, with at least 3+ years of offensive security,
Posses a Post-Secondary Degree or Diploma in Cybersecurity, Information Security or Technology, Computer Science or related discipline
Multiple cybersecurity certifications from recognized institutions such as CISSP, OSCP, OSCE3, BSCP, CEH, CEPT, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, and PenTest+
Functional knowledge of offensive technical foundations, theory, terminology (Kill Chain, TTPs, threat actors)
Strong knowledge of:
Shell scripting of tasks using Perl, Python, PowerShell, and other scripting languages
Tools and platforms applicable to mobile, network, web application, and wirelesstesting
Cloud penetration testing and assessment of security posture in Azure, AWS, and GCP
Evasion techniques
Kill Chain, TTPs, and threat actor approaches
Security operations, processes, procedures, controls
Working knowledge of:
Network protocols and covert channels
Source code review
Exploit development
Preferred Skills
Security and testing of SCADA/ICS and Operational Technology
Physical security review experience
Understanding and applied experience with industry standards and frameworks (e.g. NIST 800-53 and CSF, ISO 27001 and 27002, CSC, PCI DSS)
Experience and working knowledge of multiple information and security domains (e.g., privacy, IT operations, security platform administration and integrations, incident response, threat intelligence, audit and risk)
Strong presentation skills and ability to communicate effectively to both technical and executive audiences
Strong problem-solving skills to creatively develop appropriate solutions to complex problems
Consulting experience
MY REWARDS @ MNP
With a focus on high-potential earnings, MNP is proud to offer customized rewards that support our unique culture and a balanced lifestyle to thrive at work and outside of the office. You will be rewarded with generous base pay, vacation time, 4 paid personal days, a group pension plan with 4% matching, voluntary savings products, bonus programs, flexible benefits, mental health resources, exclusive access to perks and discounts, professional development assistance, MNP University, a flexible ‘Dress For Your Day’ environment, firm sponsored social events and more
Diversity@MNP
We embrace diversity as a core value and celebrate our differences. We believe each team member contributes unique gifts and amplifying their potential makes our business stronger. We encourage people with disabilities to apply!
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr