Job Title

Title: Offensive Security SpecialistJob Type: Contract, 12 months Onsite: 3 days per week Location: Downtown TorontoWe are seeking a highly skilled Offensive Security Specialist to support our cybersecurity team. This role is deeply technical and focuses on simulating real-world cyberattacks to uncover vulnerabilities across systems, networks, and applications. The ideal candidate brings strong hands-on experience in penetration testing, red team operations, and adversary emulation, with a commitment to staying ahead of emerging threats. You will help strengthen organizational defenses by identifying weaknesses, recommending improvements, and collaborating with cross-functional teams.Key ResponsibilitiesPenetration TestingPerform ethical hacking engagements across applications, networks, systems, and wireless environments.Conduct vulnerability assessments using industry-standard and custom tools.Execute both manual and automated testing methodologies (black-box and white-box).Assess risk and severity of identified weaknesses.Produce clear, detailed reports outlining vulnerabilities, exploitation steps, and recommended remediation.Work with technical teams to implement secure practices and address identified issues.Red / Purple Team ActivitiesLead or support red team exercises simulating sophisticated adversaries and advanced persistent threats.Test detection and response capabilities through realistic attack scenarios.Conduct social engineering activities such as phishing simulations.Execute advanced adversary tactics, including exploitation, lateral movement, privilege escalation, and data exfiltration.Participate in or lead tabletop exercises to enhance incident response preparedness.Collaboration & ReportingPartner with IT and security teams to ensure thorough coverage of controls and defenses.Provide actionable recommendations to reduce organizational risk.Present findings to both technical and non-technical stakeholders in a clear and understandable manner.Support knowledge sharing and mentor junior practitioners on offensive security techniques.Requirements & QualificationsTechnical RequirementsProven experience in offensive security or ethical hacking within a corporate or enterprise environment.Strong understanding of networking, operating systems (Windows/Linux), web technologies, and cloud architectures.Hands-on proficiency with common offensive security, penetration testing, and automation tools.Experience identifying and exploiting common vulnerabilities (e.g., OWASP Top 10) and emerging attack vectors.Solid knowledge of penetration testing frameworks and methodologies (e.g., PTES, NIST 800-115).Experience with cloud attack simulation; exposure to industrial or operational technology (OT/ICS) environments is an asset.Familiarity with cybersecurity standards and regulatory frameworks (e.g., NIST, PCI-DSS, GDPR).Preferred Certifications (Optional)OSCPCRTPGPENCEPTGCIH