Job Title

Overview The Security Specialist, Offensive Security is responsible for testing the security controls, the network, and threat response for Intact Financial globally (all regions and all affiliate companies). The role involves using techniques, tactics and protocols to test security controls as part of a global offensive security team. The Specialist, Offensive Security reports to the Director, Offensive Security and collaborates with a team of technical advisors across multiple locations and time zones. If you enjoy thinking like an attacker and have a proven track record, we want to talk to you about joining our team. What You'll Do Conduct reconnaissance on the network environment to build an external landscape using industry standard tools, threat intelligence feeds, OSINT and other information sources. Perform offensive security testing to ensure security controls and response actions are effective. When appropriate, shift from a red team focus to a purple team approach to strengthen controls across the enterprise. Apply attack strategies to simulate real-world threats and benchmark response capabilities across the enterprise. Identify and exploit vulnerabilities in computer systems, networks and applications to simulate attacks, with a history of evading modern EDR solutions while elevating privileges and achieving objectives. Analyze and report on security assessments and provide recommendations to improve the enterprise security posture. Demonstrate depth of TCP/IP understanding and how to leverage it for covert beacons, C2 channels, and data exfiltration techniques. Awareness of routing concepts (e.g., BGP) and potential abuse is an asset. Collaborate with regional cyber governance and risk teams to ensure findings are tracked for remediation. Generate metrics and reports to support the CISO and affiliates in evaluating enterprise security control effectiveness. Utilize standard and emerging tools to evaluate threats in the financial services space and benchmark regions and affiliates against peers. Consume threat intelligence and map attack surfaces to crown jewel assets, proposing clear rules of engagement for testing activities and ensuring ROE compliance through all phases of testing. Maintain and update offensive security tools, technologies and processes per company rules of engagement. Provide timely and effective communications to key internal stakeholders in alignment with policy and rules of engagement. What You Bring To The Table Advanced knowledge in computer networks, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, threat intelligence, incident response, technical writing and information risk. Bachelor's degree in Computer Technology or Information Security is an asset. A minimum of five (5) years of relevant professional IT experience and a minimum of three (3) years in information security. Knowledge of offensive security operations, tools and techniques; familiarity with information security standards and regulations (NIST, COBIT5, ISO 27001) is an asset. Proficiency in Python scripting and a history of using it in blue/red/purple team engagements. Strong manual testing skills beyond automated scanning; solid understanding of OWASP Top 10, MITRE ATT&CK, and CVSS scoring. Ability to synthesize technical vulnerability information into an attack plan on critical assets and translate results for non-technical stakeholders. Participation in capture the flag competitions is a plus; recognized information security certifications (CEH, CISM or other) are assets. Analytical mindset, pragmatic approach, strong interpersonal skills, and ability to lead work groups, negotiate and build consensus. Ability to communicate complex concepts clearly in writing and presentations and to work effectively in a dynamic, multi-objective environment. Self-directed with attention to detail, able to prioritize and execute tasks in high-pressure situations; able to engage diplomatically at all levels of the organization. Customer-focused approach with a willingness to challenge the status quo. For candidates in Quebec, bilingualism is required to interact with English-speaking colleagues across the country. Must be eligible to work in Canada. What We Offer Our hybrid work model balances working from home with meaningful in-person interactions. As a permanent team member, you can expect: A financial rewards program that recognizes your success An industry-leading Employee Share Purchase Plan with 50% matching of net shares purchased An extensive flex pension and benefits package with virtual healthcare Flexible work arrangements Possibility to purchase up to 5 extra days off per year An annual wellness account to support an active lifestyle Tools and resources for physical and mental health, change readiness and collaboration A dynamic learning ecosystem with learning journeys and programs Inclusive employee networks for development opportunities Access to inspiring leaders and colleagues who encourage growth A Community Impact program aligned with your values We are an equal opportunity employer. Intact values diversity and strives to create an accessible workplace where employees feel valued and included. Applications from equity-deserving groups are encouraged, including women, Indigenous peoples, persons with disabilities, Black people, and 2SLGBTQI+ community members. We acknowledge Canadas historic Indigenous lands and are committed to accessible recruitment practices, including workplace accommodations. If you require adjustments to participate in the recruitment process, please let us know when we reach out about a job opportunity. Learn more about our recruitment process and your candidate journey. If you are an Intact or belairdirect employee, please apply on the Internal Career Site. #J-18808-Ljbffr