Security Advisor Specialist, Offensive Security (Global Red Team)

Join to apply for the Security Advisor Specialist, Offensive Security (Global Red Team) role at Intact

1 week ago Be among the first 25 applicants

Join to apply for the Security Advisor Specialist, Offensive Security (Global Red Team) role at Intact

Get AI-powered advice on this job and more exclusive features.

Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.

Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.

About The Role

The Security Specialist, Offensive Security is responsible for testing the security controls, the network, and threat response for Intact Financial globally (All regions and all affiliate companies). He/she works as a specialist employing techniques, tactics and protocols to test security controls, working as part of a global offensive security team.

The Specialist, Offensive Security reports to the Director, Offensive Security and works with a team of technical advisors across multiple locations and time zones.

If you can think outside of the Kali box, and love to think like an attacker (with a track record to prove your capabilities) we want to talk to you about joining our team!

What You'll Do Here

• Conduct reconnaissance on network environment to build external landscape using industry standard tools, threat intelligence feeds, OSINT and other readily available information sources
• Conduct offensive security testing to ensure security controls and response actions are effective. If you are detected, shifting from a red team focus to a purple team approach – your purpose isn’t to create a “Gotcha!” moment – our mission is to strengthen our controls throughout the entire attack chain across the enterprise.
• Employ attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterprise.
• Ability to identify and exploiting vulnerabilities in computer systems, networks and applications to simulate attacks by threat actors – you have a proven track record of evading modern EDR (eg. Crowdstrike, MDE, SentinelOne) while elevating privileges/hitting your target.
• Analyze and report on the results of security assessments and make recommendations to improve the security posture of the enterprise.
• You understand the TCP/IP stack in depth and know how to exploit it to create covert beacons, C2 channels, exfiltrate data across DNS. Understanding how routing tables work (eg. BGP) and how they can be exploited is an asset.
• Work with regional cyber governance and risk teams to ensure that findings are properly tracked for remediation
• Generate the required metrics and reports to support the CISO IFC Affiliates in reporting on enterprise security control effectiveness
• Leverage industry standard and emerging tools to evaluate emerging threats to the financial services space and benchmark regions and affiliate companies to peers.
• Able to consume threat intelligence and apply the attack surface to crown jewel assets for target and tactic development, proposing clear rules of engagement for testing activities (either one time or perpetual) and ensuring compliance to the ROE through all phases of testing.
• Maintain and update all offensive security tools, technologies and processes in line with company rules of engagement
• Provide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagement.
  
  

What You Bring To The Table

• Advanced knowledge in the following areas: computer networks, operational security platforms, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, Threat intelligence, Incident Response, technical writing, information risk.
• Bachelor's degree in Computer Technology, Information Security, an asset.
• A minimum of five (5) years of relevant professional experience in information technology.
• A minimum of three (3) years of experience in information security.
• Knowledge of offensive security operations, tools and techniques.
• Knowledge of information security standards, regulations and legislation (NIST, COBIT5, ISO 27001), an asset.
• Python scripting comes naturally, and have a history of using it in blue/red/purple team engagements
• Proficiency in manual testing techniques beyond automated scanning.
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS scoring.
• You can take many vectors of technical vulnerability information (Pentest reports, vulnerability scanning data, SAST/DAST reports) and build an attack plan on critical assets.
• You must have the ability to take highly technical data and results and translate them to business-friendly language to help non-technical stakeholders understand the approach, impact and outcome from offensive security operations.
• If you’ve joined capture the flag competitions (even better if you won) we want to hear about it!
• Recognized certification in information security (CEH, CISM or other), an asset.
• Analytical mind, pragmatic approach to IT security issues and problems.
• Strong partner in all areas, internally and externally, to provide a secure solution.
• Ability to reduce stress in situations that are stressful to you and others.
• Positive attitude, initiative with strong analytical and interpersonal skills to lead work groups, negotiate and build consensus.
• Ability to write and present material to communicate difficult concepts and gain consensus.
• Ability to work in a dynamic environment with multiple objectives.
• Highly motivated and self-directed, with attention to detail.
• Ability to prioritize and execute tasks in a high-pressure environment.
• Ability to deal diplomatically and effectively at all levels of the organization.
• Ability to challenge the status quo.
• Customer focused approach.
• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
• No Canadian work experience required however must be eligible to work in Canada.
  
  

What We Offer

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Working Here Means You'll Be Empowered To Be And Do Your Best Every Day. Here Is Some Of What You Can Expect As a Permanent Member Of Our Team

• A financial rewards program that recognizes your success
• An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased
• An extensive flex pension and benefits package, with access to virtual healthcare
• Flexible work arrangements
• Possibility to purchase up to 5 extra days off per year
• An annual wellness account that promotes an active and healthy lifestyle
• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues
• A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs
• Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities
• Inspiring leaders and colleagues who will lift you up and help you grow
• A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.
  
  

We are an equal opportunity employer

At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.

We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.

As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.

We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Learn more about our recruitment process and your candidate journey here.

If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Other, Information Technology, and Management
• Industries
  Insurance

Referrals increase your chances of interviewing at Intact by 2x

Toronto, Ontario, Canada $130,000.00-$175,000.00 3 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.