Questrade Financial Group (QFG) of Companies is committed to helping our customers become much more financially successful and secure. We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of. This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, there are flexible working arrangements so you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at Questrade. We're looking for our next Senior Offensive Security Engineer . Could It Be You? The Offensive Security Engineer is a multi-disciplinary individual who can assist in identifying security gaps in environments, services, and products, including those developed internally.This role encompasses infrastructure and application security, aiming to provide a comprehensive approach to support our Threat and Vulnerability Management (TVM) team. What's it like working as a Senior Offensive Security Engineer at Questrade? The Offensive Security Engineer will collaborate with infrastructure, engineering, and development teams to evaluate and identify security gaps.They will be responsible for testing and helping improve our enterprise's overall security posture, including infrastructure and applications.Successful candidates should have strong communication skills and an offensive security background with hands-on experience in security testing of infrastructure and applications. In this role, responsibilities include but are not limited to: Help the Threat and Vulnerability Management (TVM) team identify and prioritize critical and high-severity impact vulnerabilities for efficient expedited remediation.Go above and beyond CVSS to prove exploitability and impact via critical analysis and hands-on evidence.Collaborate with technology and business departments to drive continuous improvement of our vulnerability detection and remediation capabilities within our on-premise and cloud-based environments.Recommend and facilitate the implementation of additional technical capabilities and configurations within enterprise scanning tools to improve detection capabilities.Finding gaps to bypass security controls and systems like XDR, Network Segmentation, and Active Directory controls.Perform security reviews, including secure design and architecture, threat modeling, and threat assessments.Collect information from different vulnerability management tools and sources of information to support daily activities.Conduct Ad-hoc penetration tests on infrastructure, web applications, or APIs.Experience with enumeration through Open-Source Intelligence (OSINT).Ability to operate and maintain vulnerability management and offensive security tooling to support engagements.Use of tools such as Tenable.io, Wiz, Burp Suite, Nuclei, Postman, ZAP Proxy, and Cloud security assessment tools.Experience with different phases of a pentest, such as reconnaissance, enumeration, exploitation, post-exploitation, and lateral movement.General knowledge of all security scopes and a strong understanding of Operating Systems, Networks, Databases, and Infrastructure Architectures.Experience with security frameworks like MITRE ATT&CK, PTES, and OWASP.Familiarity with Cloud Security. So are YOU our next Senior Offensive Security Engineer ? You are if you… Have 5+ years of experience in offensive security.Have excellent written and verbal communication skills.Have a good understanding of enterprise infrastructure, cloud security architecture, and modern web applications and APIs.Have a willingness to multitask and be flexible to take on varied responsibilities.Have a strong work ethic, positive energy, and ability to energize others.Have a service-oriented mindset and a willingness to assist the team in any way to ensure project success.Have the ability to work flexible hours when/if requested.Can create tools using your preferred programming language for automation or specific tasks.Have experience with GenAI to enhance or automate tedious tasks/processes.Have experience testing Google Cloud Platforms (GCP).Have experience with Active Directory Assessments, Firewall Assessments, OS Security Assessments, and Hardening.Hold certifications like OSCP, CRTE, CRTO, or CompTIA Security+. Sounds like you? Click below to apply! #LI-CP1 At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us. Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.
#J-18808-Ljbffr