Penetration Tester

Back to All Jobs
[social_share]

Our client requires a tester to perform comprehensive penetration testing, code review, and vulnerability assessments across large-scale public sector IT environments. The resource will strengthen cybersecurity posture by evaluating security controls, identifying risks, and ensuring compliance with provincial policies and industry standards. This role includes contributing to secure system development by integrating threat analysis, contingency planning, and architectural security requirements.

Work is hybrid. Resource will be onsite minimum of 1 day per week either in Orillia or Toronto, ON.

Toronto or Orillia, Ontario (Hybrid)

Mandatory Requirements

Mandatory Requirements Include:

  • 10+ years’ experience conducting penetration tests
  • 10+ years’ experience reviewing source code
  • 10+ years’ experience writing reports

General Skills Include:

  • Strong understanding and expertise in security architecture, application and network security testing.
  • Experience in vulnerability assessment/penetration testing of web applications by identifying, analyzing and exploiting common vulnerabilities contained in web applications by using manual techniques and automated tools appropriate for enterprise use.
  • Experience with vulnerability assessment methodologies, tools and techniques used to conduct network vulnerability assessments, threat hunting, red team exercises and penetration testing.
  • Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies, safeguards and controls.
  • Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats, bugs, vulnerabilities and/or inherent weaknesses.
  • Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk.
  • Solid knowledge of current security and contingency technology and techniques (e.g. digital signature, encryption, access controls, firewalls, authentication, virus protection, etc.); and a proven working knowledge of security audit procedures and protocols.
  • Experience in establishing secure environments at a network, operating system or application level.
  • Experience with implementing security on complex and distributed systems in a high sensitive, law enforcement environment.
  • Experience in writing reports, documenting risks and making recommendations for a diverse audience including executive/non-technical management level and technical resources.
  • Awareness of emerging IT trends and directions, especially as related to security, privacy and compliance in a public sector environment.
  • Excellent analytical, problem-solving, and decision-making skills; written and verbal communication skills; interpersonal and negotiation skills.
  • A team player with a track record for meeting deadlines, managing competing priorities and client relationship management experience.
Desirable Requirements
  • Public Sector experience
  • Experience with multiple operating systems (such as Windows and Linux), multiple programming languages (such as.NET and Java), multiple architecture, development methodologies, and common network services and protocols.
  • Experience in Penetration Testing, Red Team Exercises and Threat Hunting methods along with hands on experience with relevant tools, tactics, techniques and procedures.
  • Knowledge and understanding of Information Management principles, concepts, tactics, techniques and procedures.
  • Experience in Incident Response (IR), business recovery and Disaster Recovery (DR) planning.
  • Experience in performing threat and risk assessment.
  • Experience in Public Key Infrastructure (PKI) development and operation.
  • Experience in secure design frameworks, principles and methodologies as part of systems development projects in an agile, fast paced technology driven public safety/law enforcement business operation.
  • Experience in Intrusion Detection Systems (IDS), intrusion Protection Systems (IPS) and Security Information and Event Management (SIEM) systems.
  • Experience in mitigation tools for malicious software.
  • Experience in network monitoring, threat hunting and related tools. tactics, techniques and procedures.
  • Experience in incident response and forensic investigation tools, techniques and procedures.
  • Experience with source code review (DAST, SAST), log collection and analysis.
  • Knowledge and understanding of Information Management principles, concepts, policies and practices.

Job Posting ID: 56869

Location: Toronto or Orillia, Ontario (Hybrid)

Estimated Starting Date: ASAP

Estimated End Date: till Mar 29, 2027

Posting Closing Date: June 9, 2026

Back to All Jobs

Apply for this Job Posting

Fill in the form below to submit your application for this position.

  • This field is for validation purposes and should be left unchanged.
  • Accepted file types: doc, pdf, docx, Max. file size: 512 MB.