Job Title

Director, IT Staff Augmentation Charter About the role Charter is seeking a seasoned Penetration Tester / Application Security Specialist to lead endtoend security assessments across applications, infrastructure, and cloud environments. The ideal resource will plan and execute whitebox and blackbox testing, identify and exploit vulnerabilities, provide pragmatic remediation guidance, and ensure all activities align with regulatory and industry standards. Location: Regina, SK. Term: 24 months. Key Responsibilities Conduct comprehensive penetration tests (network, application, API, mobile, cloud) using both automated tools and manual techniques. Identify, validate, and exploit vulnerabilities to demonstrate business impact and prioritize remediation. Perform redteam style assessments where appropriate (e.g., phishing simulations, lateral movement, privilege escalation). Execute Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industrystandard tools. Partner with engineering teams to embed security into the SDLC, including secure code reviews, threat modeling, and secure design reviews. Analyze and communicate common attack vectors (e.g., injection, authentication/authorization flaws, deserialization, misconfigurations). Provide actionable defense strategies and hardening guidance to reduce risk and improve security posture. Ensure testing practices meet regulatory compliance requirements (e.g., SOC2, PCIDSS, HIPAA, GDPR depending on scope). Apply and align security controls to ISO/IEC27002:2022 (or equivalent), documenting control coverage and gaps. Produce detailed, executiveready assessment reports including methodology, findings, risk ratings, exploit details, business impact, and remediation recommendations. Present results to technical and nontechnical stakeholders; facilitate remediation workshops and retesting. Contribute to security policies, playbooks, and testing methodologies. Track metrics, trends, and lessons learned to continuously improve testing effectiveness and control maturity. Qualifications Demonstrated experience identifying and exploiting vulnerabilities across applications and infrastructure. Knowledge of common attack vectors and techniques, and how to defend against them. Experience with regulatory compliance standards and ensuring compliance during penetration testing. Proficiency with SAST/DAST using automated tools and manual techniques. Whitebox and blackbox testing methodologies. Experience applying the ISO/IEC27002:2022 code of practice for information security controls (or equivalent). Strong writing and presentation skills for detailed assessment reports to diverse audiences. Valid certifications such as CEH (Certified Ethical Hacker) or CISSP (Certified Information Systems Security Professional) are considered significant assets. Other cybersecurity certifications (e.g., OSCP, GWAPT, GPEN, GWEB, CCSP, Security+) will be considered. Strong analytical and problemsolving skills; ability to translate technical risk into business impact. Ability to influence crossfunctional teams. High attention to detail, integrity, and discretion handling sensitive information. Technical Stack & Tools (Typical) SAST/DAST: SonarQube, Checkmarx, Fortify, Veracode, Burp Suite, OWASP ZAP Infra/Cloud: Nmap, Metasploit, Kali, BloodHound, Cloudspecific tools (Azure, AWS, GCP) Code Review & DevSecOps: GitHub/GitLab CI, SCA tools (e.g., Snyk), threat modeling (e.g., STRIDE) Our Company Charter is an awardwinning Canadian IT Solutions and Managed Services Provider founded in 1997 in Victoria, BC, Canada. With offices nationwide, Charter offers innovative IT solutions, managed services, project delivery, and consulting. Our mission is to align people, processes, and technologies to enhance communication, boost performance, and modernize businesses. Using a business architecture methodology and humancentered design, we drive successful digital transformations, unlock new opportunities, and promote growth. We empower our clients to focus on core operations with our comprehensive support. Not quite a fit for this role? Please forward your resume to or for future considerations. Seniority level MidSenior level Employment type Contract Job function Consulting, Analyst, and Information Technology Industries IT Services and IT Consulting #J-18808-Ljbffr