Senior Penetration Tester

Location : Toronto, Ontario, Canada (On-site presence may be required)

Industry : Financial Services

About the Client :

We are engaged on behalf of a leading Canadian financial institution to identify a highly qualified Senior Penetration Tester / Red Team Operator . This position plays a critical role in safeguarding enterprise infrastructure through the execution of advanced security assessments, including red team operations and OSFI-regulated penetration testing. The successful candidate will contribute directly to strengthening the organization’s cybersecurity posture in alignment with regulatory and business requirements.

Position Overview :

This is a senior-level opportunity suited for an individual with extensive experience in offensive security. The successful candidate will lead and execute comprehensive penetration testing and red teaming engagements, simulating sophisticated attack scenarios to assess and enhance the effectiveness of defensive security controls. A high level of technical proficiency, strategic thinking, and the ability to communicate complex findings to a variety of stakeholders are essential for this role.

Key Responsibilities :

• Lead and execute comprehensive penetration testing engagements across network, web application, mobile, and cloud environments.
• Design and conduct red team operations to evaluate detection and response capabilities.
• Perform penetration testing in accordance with OSFI (Office of the Superintendent of Financial Institutions) regulatory requirements.
• Identify and exploit vulnerabilities using a combination of manual techniques and automated tools.
• Prepare detailed reports outlining technical findings and provide actionable recommendations.
• Present findings to both technical teams and senior leadership in a clear and professional manner.
• Maintain current knowledge of emerging threats, attack techniques, and relevant industry trends.
• Collaborate with internal teams to continuously improve security practices and protocols.
• Support the development and mentorship of junior security professionals, as applicable.

Qualifications and Experience :

• A minimum of 5 years of relevant experience in penetration testing and / or red team operations.
• Mandatory : At least one current CREST certification (e.g., CCT INF, CCT APP, CCSAS). Additional CREST certifications are strongly preferred.
• Proficiency in using industry-standard tools (e.g., Metasploit, Burp Suite, Kali Linux) and scripting languages such as Python, Bash, or PowerShell.
• In-depth understanding of vulnerabilities (e.g., OWASP Top 10), common attack vectors, and exploitation techniques.
• Strong knowledge of operating systems (Windows and Linux), networking concepts, and cloud platforms (AWS, Azure, GCP).
• Exceptional analytical, problem-solving, and communication skills, both written and verbal.
• Proven ability to document findings clearly and communicate effectively with technical and non-technical stakeholders.

Preferred Qualifications :

• Additional certifications such as CISSP, CISA, CRISC, GPEN, PFI, or QSA.
• Experience within the financial services sector and familiarity with OSFI cybersecurity requirements.
• Exposure to adversary emulation and threat intelligence methodologies.
• Familiarity with SIEM solutions and other security monitoring tools.
• Bachelor’s degree in Computer Science, Information Security, or a related discipline.