Job Description

Overview

As a Vulnerability and Penetration Testing Specialist you are responsible to perform system reviews, including penetration and vulnerability testing and/or threat intelligence analytics as well as moderate to complex system analysis. You will conduct network, software and cloud vulnerability and penetration testing utilizing various industry-based tools as well as reverse engineering techniques. You will recommend various methods of mitigation and resolution options to isolate, block or remove threats and also evaluate system security configurations, providing feedback on best practices and policy adjustments.

Responsibilities

• Monitor and assess vulnerabilities and exploits to ensure preventative measures are taken to protect the business, this can be within any of our platforms, including cloud services.
• Work with various IT teams to inform, track and evangelize the eradication and mitigation activities with business and IT partners for security vulnerabilities related to any IT or business application or related security incident.
• Lead the investigations of security vulnerabilities and/or breaches.
• Work with other departments to provide consultation regarding their security concerns.
• Develop and/or provide input into reports and presentations with regard to security vulnerabilities.
• Provide expertise in the areas of penetration and vulnerability testing and/or threat intelligence analytics.
• Support security compliance and remediation initiatives for technology, processes and services to ensure ongoing effectiveness of the information security program, protect the business from unknown exposures and ensures compliance with regulatory and contractual requirements.

Qualifications

• Diploma in Computer Science or related discipline.
• Two of the following Information Security Management professional designations:

• Certified Information Systems Security Professional (CISSP)
• Certified Expert Penetration Tester (CEPT)
• Certified Mobile and Web Application Penetration Tester (CMWAPT)
• Certified Red Team Operations Professional (CRTOP)
• CompTIA PenTest+
• EC-Council Certified Ethical Hacker (CEH)
• EC-Council Licensed Penetration Tester -- Master (LPT)
• GIAC Certified Penetration Tester (GPEN)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• GIAC Web Application Penetration Tester (GWAPT)
• IACRB Certified Penetration Tester (CPT)
• Offensive Security Certified Professional (OSCP)
• Seven years in the IT industry, including four years related experience supporting Information Security issues and controls, with two years providing vulnerability and penetration testing services.
• Advanced analytical and investigative skills with regard to moderately complex to complex issues.
• Ability to convey thoughts through presentations, to engage others to act.
• Ability to deal with highly confidential matters.

Employee Benefits

Health benefits

We offer a comprehensive health benefits program that includes:

• flexible health, dental and vision plans
• health spending account
• travel health coverage
• other extended health benefits such as ambulance, massage and physiotherapy

Financial security

In an effort to support financial security, we offer:

• registered pension plan
• group, dependent, and optional life insurance coverage
• critical illness insurance
• sick leave to cover short-term disability
• long-term disability

Wellness

We offer programs that focus on how to better achieve a balance between work and personal commitments, as well as maintain a healthy workplace culture. This includes:

• vacation entitlement
• maternity, parental and adoptive leaves
• bereavement and family responsibility leaves
• employee and family assistance program
• mental-health programming
• lunch-and-learn offerings
• discounted gym memberships and wellness account

Diversity and inclusion

Manitoba Public Insurance believes that diversity and inclusion strengthens us. We consider ourselves to be a barrier-free organization where individual values, beliefs and practices are respected and appreciated for the diversity they bring to our work life.

Employee recognition

It's important to recognize our employees for their contributions. Not only do we recognize employees as they achieve milestone years in their careers, we also have several outlets for leaders and peers to reward each other for work well done.

Professional development

We want our employees to grow, which is why we offer support in keeping their skills up-to-date. We offer in-house training, professional development and an educational assistance program.

Safety and health

In an effort to encourage a safe and healthy work environment, we offer various safety, health and workplace policies and programs along with technical expertise and assistance to support employee activities in safety and health.