Job Title

Title: Offensive Security Specialist Job Type: Contract, 12 months Onsite: 3 days per week Location: Downtown Toronto We are seeking a highly skilled Offensive Security Specialist to support our cybersecurity team. This role is deeply technical and focuses on simulating real-world cyberattacks to uncover vulnerabilities across systems, networks, and applications. The ideal candidate brings strong hands-on experience in penetration testing, red team operations, and adversary emulation, with a commitment to staying ahead of emerging threats. You will help strengthen organizational defenses by identifying weaknesses, recommending improvements, and collaborating with cross-functional teams. Key Responsibilities Penetration Testing - Perform ethical hacking engagements across applications, networks, systems, and wireless environments. - Conduct vulnerability assessments using industry-standard and custom tools. - Execute both manual and automated testing methodologies (black-box and white-box). - Assess risk and severity of identified weaknesses. - Produce clear, detailed reports outlining vulnerabilities, exploitation steps, and recommended remediation. - Work with technical teams to implement secure practices and address identified issues. Red / Purple Team Activities - Lead or support red team exercises simulating sophisticated adversaries and advanced persistent threats. - Test detection and response capabilities through realistic attack scenarios. - Conduct social engineering activities such as phishing simulations. - Execute advanced adversary tactics, including exploitation, lateral movement, privilege escalation, and data exfiltration. - Participate in or lead tabletop exercises to enhance incident response preparedness. Collaboration & Reporting - Partner with IT and security teams to ensure thorough coverage of controls and defenses. - Provide actionable recommendations to reduce organizational risk. - Present findings to both technical and non-technical stakeholders in a clear and understandable manner. - Support knowledge sharing and mentor junior practitioners on offensive security techniques. Requirements & Qualifications Technical Requirements - Proven experience in offensive security or ethical hacking within a corporate or enterprise environment. - Strong understanding of networking, operating systems (Windows/Linux), web technologies, and cloud architectures. - Hands-on proficiency with common offensive security, penetration testing, and automation tools. - Experience identifying and exploiting common vulnerabilities (e.g., OWASP Top 10) and emerging attack vectors. - Solid knowledge of penetration testing frameworks and methodologies (e.g., PTES, NIST 800-115). - Experience with cloud attack simulation; exposure to industrial or operational technology (OT/ICS) environments is an asset. - Familiarity with cybersecurity standards and regulatory frameworks (e.g., NIST, PCI-DSS, GDPR). Preferred Certifications (Optional) - OSCP - CRTP - GPEN - CEPT - GCIH