We are looking for a talented individual at the Consultant/Senior Consultant level to join BDO’s Cybersecurity practice, with the ability to work remotely from anywhere in Canada. The successful individual will be driven and results oriented, with a strong focus on Offensive Security. This individual would be supporting the Penetration Testing, Vulnerability Assessment and Red Teaming service line by executing client engagements, as well as conducting research and development of tools, techniques, among others.
As a Consultant or Senior Consultant in Cybersecurity, your responsibilities will include:
Perform network penetration, web application testing, source code reviews and threat analysis, as applicable utilizing standard security tools, e.g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, Qualys, Nexpose, SoapUI, etc.
Perform social engineering / phishing activities such as reconnaissance of targets, developing phishing campaigns (e.g., emails and websites), web hosting administrator, developing malicious phishing payloads, or pivoting through phished systems
Identify network and application-specific vulnerabilities in target systems and recommend defensive measures to defend against possible attack by an adversary
Demonstrate an understanding Windows and Linux operating system setup, management, and power usage, e.g., cmd, bash, network troubleshooting, virtual machines
Participate in the modeling and execution of Red Teaming scenarios for organizations across Canada
Develop scripts and tools enhancing the security practice at BDO, and authoring relevant documentation
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Demonstrate an understanding of the client environment and overall project scope
Organize and deliver services on a cross-section of complex projects
Actively participate in the development of business and vendor relationships
Participate and lead aspects of the proposal development process
Manage day-to-day interactions with clients and internal BDO team
Display both breadth and depth of knowledge regarding functional and technical issues
Proactively seek guidance, clarification, and feedback
Keeping leadership informed of progress and issues; and
Sustain a high level of drive, show enthusiasm and a positive attitude when coping with pressure at work.
How do we define success for your role?
You demonstrate BDO's core values through all aspect of your work: Integrity, Respect and Collaboration
You understand your client’s industry, challenges, and opportunities; clients describe you as positive, professional, and delivering high quality work
You identify, recommend, and are focused on effective service delivery to your clients
You share in an inclusive and engaging work environment that develops, retains & attracts talent
You actively participate in the adoption of digital tools and strategies to drive an innovative workplace
You grow your expertise through learning and professional development.
Your experience and education
Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Ruby, etc.)
At a minimum, a Bachelor’s Degree in Information Technology, Information Systems Security, Cybersecurity, or related field
Proven leadership skills demonstrating strong judgment, problem-solving, and decision-making abilities;
Thorough understanding of network protocols, data on the wire, and covert channels
Understanding of attacker techniques aligned to MITREs Tactics, Techniques and Procedures (TTPs)
Experience and strong knowledge of a wide variety of tools used for API, Web & Mobile Application Security Assessments, Penetration Testing and Source Code Reviews, such as Nessus, Qualys, Nexpose, Metasploit, CoreImpact, Burpsuite, Kali Linux (and tools included in Kali Linux), Mimikatz, Cobalt Strike, PowerSploit, HP Web Inspect etc.
Experience in using Virtualization solutions such as VMware, Hyper-V etc.
Strong knowledge of cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, Canadian Center for Cybersecurity
Strong knowledge of container technologies such as Docker
Experience with conducting penetration testing of cloud-based assets
Strong knowledge of Unix/ Linux/ Windows operating systems
Strong knowledge of technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management
Ability to conduct social engineering engagements through phone, e-mail, messages etc.
Strong knowledge of Kali Linux
Strong knowledge of AWS, Azure and Google Cloud
Sound understanding of traditional security operations, event monitoring, and Security Information and Event Management (SIEM) tools.
Sound understanding of Endpoint Detection and Response techniques and tools such as Carbon Black, Palo Alto Cortex, Checkpoint etc.
Pre-sales, proposal, and RFP experience
Past experience working with public sector
Must be able to obtain and maintain required clearance for this role
One or more of the following:
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester (GPEN)
GIAC Web Application Penetration Tester (GWAPT)
GIAC Security Essentials Certification (GSEC)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
GIAC Penetration Tester (GPEN)
Offensive Security Certified Professionals (OSCP)
Offensive Security Certified Expert (OSCE)
CREST Registered Penetration Tester
CREST Certified Infrastructure Tester
Certified Ethical Hacker
Our firm is committed to providing an environment where you can be successful in the following ways:
We enable you to engage with the firm's strategic plan, and be a key contributor to the success and growth of the firm.
We help you be the best professional you can be in our services, industries and markets.
Achieve your personal goals outside of the office and make an impact on your community.
Giving back, it adds up: Where company meets community. BDO is actively involved in our communities by supporting local charity initiatives. We support staff with local and national events where you will be given the opportunity to contribute to your community.
Total rewards that matter : We pay for performance with competitive total cash compensation that recognizes and rewards your contribution. We provide flexible benefits from day one, and a market leading personal time off policy. We are committed to supporting your overall wellness beyond working hours, and provide reimbursement for wellness initiatives that fit your lifestyle.
Everyone counts: We believe every employee should have the opportunity to participate and succeed. Through leadership by our Chief Inclusion and Diversity Officer, we are committed to a workplace culture of respect, inclusion, and diversity. We recognize and celebrate the valuable differences among each of us, including race, religious beliefs, physical or mental disabilities, age, place of origin, marital status, family status, gender or gender identity and sexual orientation.