Share this Job

Penetration Tester - Full Time - Remote - ON/BC

Apply now »

Date: Jun 10, 2022

Location: Toronto, ON, CA

Company: LifeLabs

LifeLabs is the largest community diagnostics laboratory in Canada, serving the healthcare needs of Canadians for over 50 years. Our team members are truly centred around our customers, and we know that behind every lab requisition, sample being tested, or investment in technology is an individual and their family counting on us.

 

Consistently named one of Canada's Best Employers by Forbes, LifeLabs has also been recognized for having an award-winning Mental Health Program from Benefits Canada. The passion and commitment of over 6,000 diverse and innovative team members unites and motivates us to ensure our customers receive high quality tests and results that they can trust. Agile, customer-centred, caring and teamwork: we live these values every day in what we do to support our customers and healthcare providers, driving forward our vision of empowering a healthier you.

 

Make a difference – join the LifeLabs team today!

 

REPORTS TO: Vulnerability Management Lead

 

PURPOSE OF THE ROLE: A penetration-tester/red team member is a very hands-on representative of the information security team. This role is highly technical, and candidates must possess a solid understanding of information security, preferably with a strong computer science background. Pen-testers/red teamers must understand applications, networking and various operating systems, along with tools and frameworks, and they must maintain a high level of rigor to stay up to date with advancements in technology while also retaining knowledge of older systems and applications that may still be in use in the enterprise.

 

Penetration-testers/red teamers must constantly search for system and application weaknesses to exploit, but they are also expected to maintain a level of professionalism at all times. The position must collaborate with others on the team for remediation and additional validation, as well as contribute to other collaborative approaches driven by the security team strategy, such as purple teaming, to enhance skillsets for both red and blue team members.

 

While some automated tools will be leveraged, the penetration-tester/red teamer must realize this is not solely a point-and-click role but requires hands-on expertise with a variety tools to simulate attacker tactics, techniques and procedures (TTPs). When performing red team exercises, the penetration-tester/red teamer must strive to avoid detection. In addition to stealthy engagements, however, penetration-testers/red teamers must also participate in visible and announced assessments for new and existing services, infrastructure, and applications to help the team identify weaknesses before an attacker does.

 

Core Accountabilities

 

Penetration Testing

  • Document and formally report testing initiatives, along with remediation recommendations and validation.
  • Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial products.
  • Develop and maintain tools and scripts used in penetration-testing and red team processes.
  • Train offensive and defensive colleagues on new TTPs and mentor junior teammates.
  • Regularly research and learn new TTPs in public and closed forums, and work with teammates to assess risk and implement and validate controls as necessary.
  • Understand breach and attack simulation (BAS) solutions and work with the team to validate controls effectiveness.

 

Stakeholder and Vendor Management

  • Support purple team exercises designed to build strength across disparate teams.
  • Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage.
  • Occasionally attend and participate in change management policy discussions and meetings.
  • When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention).

 

Minimum Qualification and Skills

  • Bachelor's degree in computer science (preferred), information assurance, MIS, or related field, or equivalent
  • 10+ years’ experience in information security administration, offensive tactics, monitoring and IR
  • 5-7 years’ experience in pentesting with emphasis on purple teams.
  • Preferred to have one or more of the following relevant certifications.
    • Certified Information Systems Security Professional (CISSP)
    • Offensive Security Certified Professional (OSCP)
    • Offensive Security Certified Expert (OSCE)
    • GIAC Penetration Tester (GPEN)
  • Proficient in scripting languages such as Python, PowerShell, Bash and Ruby
  • Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit

 

#LI LM1 #INDEED

 

At LifeLabs, we strive to create an inclusive and equitable workplace where our team members and the communities we serve feel accepted, valued, and respected.

In accordance with LifeLabs’ Accessibility Policy, the Accessibility for Ontarians with Disabilities Act, and the Ontario Human Rights Code, accommodations are available by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email careers@lifelabs.com.

 

LifeLabs is committed to providing a safe environment for our employees, customers, and the communities we serve. We have been a leader throughout the COVID-19 pandemic regarding health and safety measures and have always put our employees and customers at the center of every decision that we make. As an organization in the health care sector, we believe the COVID vaccination adds a layer of protection that complements the extensive and necessary health and safety protocols that we have taken to date. With this in mind, we currently require all LifeLabs employees, contractors, students and volunteers to be fully vaccinated.

LifeLabs operates under a distributed workforce model, where employee flexibility is a key priority. Further information will be provided during the interview process on what this means for employees.


Job Segment: Information Security, Computer Science, Database, Laboratory, Information Systems, Technology, Science