Job Title

Security Advisor Specialist, Offensive Security (Global Red Team) The Security Specialist, Offensive Security is responsible for testing the security controls, the network, and threat response for Intact Financial globally (All regions and all affiliate companies). He/she works as a specialist employing techniques, tactics and protocols to test security controls, working as part of a global offensive security team. The Specialist, Offensive Security reports to the Director, Offensive Security and works with a team of technical advisors across multiple locations and time zones. If you can think outside of the Kali box, and love to think like an attacker, we want to talk to you about joining our team! What You'll Do Here Conduct reconnaissance on network environments to build external landscape using industry-standard tools, threat intelligence feeds, OSINT and other information sources. Conduct offensive security testing to ensure security controls and response actions are effective. If detected, shift from a red team focus to a purple team approach to strengthen controls across the enterprise. Employ attack strategies to simulate real-world attacks by threat actors and benchmark response capabilities across the enterprise. Identify and exploit vulnerabilities in computer systems, networks and applications to simulate attacks; demonstrate a proven track record of evading modern EDR while elevating privileges and reaching targets. Analyze and report on the results of security assessments and make recommendations to improve the enterprise security posture. Understand the TCP/IP stack in depth and know how to exploit it to create covert beacons, C2 channels, and exfiltrate data across DNS. Knowledge of routing, such as BGP, is an asset. Collaborate with regional governance and risk teams to ensure findings are tracked for remediation. Generate metrics and reports to support stakeholders in reporting on enterprise security control effectiveness. Leverage standard and emerging tools to evaluate threats in the financial services space and benchmark regions against peers. Consume threat intelligence and apply attack surface findings to crown jewel assets for testing, proposing clear rules of engagement and ensuring ROE compliance in all testing phases. Maintain and update offensive security tools, technologies and processes in line with company rules of engagement. Provide timely and effective communications to key internal stakeholders in alignment with policy and ROE. What You Bring To The Table Advanced knowledge in computer networks, information security principles, TCP/IP, DNS, UDP, BGP, SOC, IAM, SIEM, DLP, EDR, Threat intelligence, Incident Response, technical writing, and information risk. Bachelor's degree in Computer Technology or Information Security (asset). Minimum five (5) years of relevant IT experience and minimum three (3) years in information security. Knowledge of offensive security operations, tools and techniques; familiarity with information security standards, regulations and legislation (NIST, COBIT5, ISO 27001) is an asset. Python scripting experience with history in blue/red/purple team engagements. Proficiency in manual testing techniques beyond automated scanning. Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVSS scoring. Ability to translate highly technical data into business-friendly language for non-technical stakeholders. Active interest in capture-the-flag competitions or similar showcases is a plus. Relevant certifications (CEH, CISM or other) are an asset. Analytical and pragmatic mindset with strong interpersonal and leadership skills; ability to work in a dynamic, high-pressure environment. Customer-focused approach and ability to collaborate across all levels of the organization. For candidates located in Quebec, bilingualism is required when interacting with colleagues across the country. Eligible to work in Canada (Canadian work experience not required). What We Offer Hybrid work model balancing remote work with in-person collaboration. Financial rewards program and industry-leading Employee Share Purchase Plan with 50% match of net shares purchased. Comprehensive pension and benefits package, including virtual healthcare. Flexible work arrangements and the possibility to purchase extra time off. Annual wellness account and resources to support physical and mental health. Learning ecosystem with learning journeys and programs; inclusive employee networks. Supportive leadership and opportunities to grow within the organization. Community Impact program reflecting our commitment to social responsibility. Equal Opportunity We are an equal opportunity employer. At Intact, our value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives. We encourage applications from equity-deserving groups, including women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community. We acknowledge the land on which we work and travel, and we are committed to providing workplace adjustments to ensure equal access and participation. If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. Learn more about our recruitment process and candidate journey here. If you are an Intact or belairdirect employee, please apply on the Internal Career Site. #J-18808-Ljbffr