Manager, Information Security - Engagement Manager (Penetration Testing)

Manager, Information Security - Engagement Manager (Penetration Testing) Work Location:

Toronto, Ontario, Canada

Hours:

0

Line Of Business:

Technology Solutions

Pay Details:

$91,200 - $136,800 CAD

Job Description:

This position manages junior level penetration testers, vendor coordination for multiple testing services, processes, procedures and scheduling for penetration, dynamic scanning, and manual code review testing services.

Responsibilities

Vendor Management: Manage and coordinate penetration testing engagements with vendors.

People Management: Manage a team of Junior level penetration testers and their development.

DAST: Manage the DAST program and tooling. Familiarity with current industry tooling and technologies and those being introduced.

Facilitate Penetration Tests: Perform thorough and methodical penetration testing.

Evaluate and Assign: penetration tests to appropriate resources.

Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture.

Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.

Develop Test Procedures: Design and execute detailed test requirements.

Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.

Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements; work closely with advisory and SDLC pipeline teams to ensure compliance; work closely with PCS team to manage PCI testing requirements. This position will collaborate with many application security teams.

Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.

Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.

Incidents: Act as a testing SME on incident calls; support testers on the calls.

Requirements

Technical Skills:

Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali.

Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.

Penetration testing, DAST, Manual Code Review knowledge.

Analytical Skills:

Strong analytical and problem-solving abilities with attention to detail.

Organizational Skills:

Manage documents and procedures for testing team.

Multi-tasking:

This job requires exceptional ability to multi-task with multiple workstreams to manage daily.

Communication:

Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.

Ethical Standards:

Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.

Preferred Qualifications

Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing.

Familiarity with security standards and frameworks.

Previous experience managing and developing teams.

Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.

Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities.

Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team.

#J-18808-Ljbffr