Ethical Hacker (Application Security)

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan "Identify Risks Before They Become Headlines" drives at the importance of not providing our clients with a false sense of security. We are a passionate team of highly trained, proactive ethical hackers. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard. To do so, we only hire individuals with the same drive and passion. Who we are looking for

• Core values:
• * You have a customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
• You deliver work that you take pride in. Your work is an autograph of your excellence.
• You dig deeper into every finding. Doesn't stop until impact is proven.
• You are comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
• You are always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
• You are Self-motivated and dependable.
• You are humble. Egos don't have a place at Packetlabs.
• Education and experience:
• * We are looking for an experienced developer/application security tester to join our team:
• * Solid working knowledge of programming languages, including C, C#, Python, Objective-C, Java, JavaScript, SQL, and frameworks like AngularJS.
• Familiarity with web services and data exchange formats such as XML, JSON, SOAP, REST, and AJAX.
• Understanding of AI/LLM weaknesses and flaws in applications.
• Extensive experience/expertise in using an attack proxy (e.g. Burp Suite)
• Preferred if you have 3 - 5 years of experience working in penetration testing and consulting
• A graduate of a post-secondary college or university degree program.
• Has at least two years of experience dealing with information security-related tasks.
• Has professional qualifications (one or more): OSCP, OSWE, BSCP.
• * OSCP or Burp is mandatory for our organization.

What you'll be doing

• Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, and APIs.
• Source code review and whitebox penetration testing to prove the impact of application flaws.
• Reverse engineering of mobile and thick client applications.
• You sometimes chain application flaws to other areas, such as cloud and on-prem AD infrastructure. Opportunities for lateral movement into the infrastructure teams are limited and given at the manager's discretion.
• Develop detailed reports on findings and remediations for impactful findings. You will learn to debrief these findings at both a technical and executive level.
• Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.
• Experience in using scanners and knowledge of validation and elimination of false positives.
• A strong understanding of OWASP in Web, API, Mobile, and AI/LLM is necessary, but you will be asked to go beyond.

Why us?

• Immediate and continual offensive security training
• Wealthsimple GRSP with corporate matching
• Participation in corporate benefit plans
• Amazing team and working environment
• Competitive compensation and growth opportunity
• Fully remote

The pay range for this role is: 80,000 - 120,000 CAD per year (Remote) Apply tot his job Apply To this Job