Senior Ethical Hacker, Applications & Cloud - ( 24000331 )

Description

Grow with the best. Join a smart, creative, and inspired team that accomplishes operational excellence. Bringing together individuals with diverse backgrounds, talents, and expertise, our 31,000 team members in over 450 locations worldwide are vital to making our Company stronger.

Your Opportunity

The Senior Ethical Hacker will conduct security assessments on web applications and cloud services by emulating real-world attacks using the Mitre Attack Framework. Their goal is to identify security weaknesses, help prevent data breaches and enhance the security posture by uncovering vulnerabilities, misconfigurations, and risks proactively before they are discovered by threat actors.

Your Key Responsibilities

Communication

• Collaborate with cross-functional teams (security, engineering, cloud and network operations).

• Create reports and communicate findings to various technical teams, architects and engineers.

• Create and communicate processes that could help engineering teams meet remediation goals.

• Create and verbally present your test findings in debrief meetings with the C-Suite or sponsors.

Cloud and Application

• Conduct penetration tests on cloud systems, applications and APIs to identify vulnerabilities.

• Assess cloud/application specific configurations, access controls, and encryption mechanisms.

• Validate and exploit security findings within web/thick client apps and cloud environments.

• Validate various app services, databases, Kubernetes, serverless functions, container instances, images and cloud storage blob/buckets for security issues.

Project work/Knowledge Share

• Assist/Create rules of engagement for new pen test projects.

• Create or populate content in the internal training lab so developers and security champions can stay current in offensive security with practical CTF's when time permits.

• Provide live hacking webinars for teams interested in learning by example.

• Conduct internal Red Team engagements.

• Participate in purple team engagements.

Qualifications

Your Capabilities and Credentials

• Minimum 5-7 years working in some aspect of cybersecurity (Offensive Security, Red Team experience preferred).

• Proficient with manual web/cloud penetration testing without using any tools.

• Proficient writing custom attack tools in Python, PHP, Golang and Bash Scripting.

• Proficient with interception proxies and attacking manually via Burp Suite Enterprise tool.

• Proficient building/maintaining attack automation systems (Commercial or Open-Source).

• Proficient building containers and automation pipelines for attacking purposes.

• Experience combining multiple low/medium findings to weaponize and achieve a higher level.

• Comfortable working exclusively from Windows or Linux command line.

• Comfortable "living off the land" using VIM/VI/Bash/SH/Perl/VBScript/WMI/PowerShell for post exploitation and lateral movement.

• Comfortable with writing XSS attacks, System/SQL injection payloads or weaponizing binaries.

• Comfortable attacking various popular public cloud services in (Azure/AWS/GCP/Oracle).

• Comfortable presenting audit findings to a small group or C-Suite during debrief meetings.

• Comfortable taking ownership for testing actions and performing blameless post-mortems.

Preference for the following additional Skills/Certifications

• OffSec Web Expert (OSWE) – Preferred

• GIAC Web Application Penetration Tester (GWAPT)

• Burp Suite Certified Practitioner (BSCP)

• Pentester Academy Cloud Security Professional (PACSP)

• Acknowledged findings in a responsible disclosure or public, private Bug Bounty program.

• Certified Kubernetes Security Specialist (CKS)

• Terraform Associate (003)

• DevSecOps experience

Education and Experience

• Minimum 5 years relevant experience.

• Related Degree or Certificate, preferably in area of Offensive Security and Application Security

This description is not a comprehensive listing of activities, duties or responsibilities that may be required of the employee and other duties, responsibilities and activities may be assigned or may be changed at any time with or without notice.

Stantec is a place where the best and brightest come to build on each other’s talents, do exciting work, and make an impact on the world around us. Join us and redefine your personal best.

Benefits Summary: Regular full-time and part-time employees have access to medical, dental, and vision plans, a wellness program, health saving accounts, flexible spending accounts, 401(k) plan, employee stock purchase program, life and accidental death & dismemberment (AD&D) insurance, short-term/long-term disability plans, emergency travel benefits, tuition reimbursement, professional membership fee coverage and paid family leave. Regular full-time and part-time employees will receive ten paid holidays in each calendar year. In addition, employees will be eligible to accrue vacation between 10 and 20 days per year and eligible for paid sick leave (and if more generous, in accordance with state and local law).

Temporary/casual employees have access to 401(k) plans, employee stock purchase program, and paid leave, in accordance with state and local law.

The benefits information listed above may not apply to union positions because benefits for such positions are governed by applicable collective bargaining agreements.

Primary Location : United States-Texas-Austin

Other Locations : United States-Georgia-Atlanta, United States-Michigan-Berkley, United States-Florida-Miami, United States-Florida-Tampa, United States-Michigan-Brighton, United States-Pennsylvania-Pittsburgh, United States-Michigan-Farmington Hills

Organization : BC-1973 IT Services-US Corporate

Employee Status : Regular

Job Level : Individual Contributor

Travel : No

Schedule : Full-time

Job Posting : Aug 15, 2024, 8:21:21 AM

Req ID: 24000331

#additional

Stantec provides equal employment opportunities to all qualified employees and applicants for future and current employment and prohibit discrimination on the grounds of race, color, religion, sex, national origin, age, marital status, genetic information, disability, protected veteran status, sexual orientation, gender identity or gender expression. We prohibit discrimination in decisions concerning recruitment, hiring, referral, promotion, compensation, fringe benefits, job training, terminations or any other condition of employment. Stantec is in compliance with local, state and federal laws and regulations and ensures equitable opportunities in all aspects of employment. EEO including Disability/Protected Veterans