At Rogers, we recognize that success is determined by the strength and diversity of our people. We work together because we want to win together, and these e shared values guide and define our work:
:Simplify and innovate
:Take ownership of the what and the how
:Equip people to succeed
:Execute with discipline and pride
:Talk straight, build trust, and over deliver
Every day, we strive to build a brilliant digital future for Canadians. We work as one team, with one goal :serve our customers better.
The Rogers Information and Cyber Security Unit is seeking a qualified and experienced penetration tester/ethical hacker to help lead and govern the conduct of penetration testing at Rogers.
Reporting to the Senior Manager of Cyber Defence Management, the Senior Security Specialist is part of a team accountable for reducing the probability of technology security incidents at Rogers. Our job is to make Rogers a hard target. The means we include technical vulnerability assessment, platform configuration compliance enforcement, penetration testing and governance of key security controls to optimize their use for reduction of real world risks to the corporation and its systems.
The initial priority for this role will be to develop and formalize an internal penetration testing service at Rogers that can be leveraged by internal project and operational teams to engage and conduct penetration tests on demand, according to criteria we establish and conducted to standards we develop. It is expected the majority of actual hands:on:keyboard penetration testing will be conducted by vendors engaged for this purpose, so in this role you will draw upon your experience as a tester to help Rogers groups scope their tests and ensure vendors do not oversell us on testing services not in line with the risk level of the systems being tested. Your experience will also be crucial in selecting vendors and assessing their performance to ensure the services provided are to the highest standards and skillfully detect any system vulnerabilities before malicious actors can find them.
Additionally, this role will be expected to contribute to other aspects of the teams mandate including vulnerability management, security control governance and generally leading as a person who assumes there are vulnerabilities to find, seeks them out and gets them fixed without panic.
This is not theoretical security, this requires hands:on practical experience that can provide specific guidance to platform and application operators to ensure real world security against likely and plausible threats to Rogers.
Experience and Education
:Undergraduate degree or equivalent. 4+ years of applied technical experience.
:Certification(s) in penetration testing or ethical hacking such as GPEN, CWAPT, OSCP or equivalent experience employed specifically in this capacity
:Experience and awareness of a broad set of industry security specifications, standards and regulations such as (but not exhaustive): PCI, SOX, ISO:27001/2, PIPEDA, Canadian financial regulation
:CISSP or equivalent general security certification
:General network technical certifications (e.g. CCNA, CCNP) desirable
:Works with minimal supervision, while monitoring and executing a number of time critical actions
:Demonstrable experience in PEN tools such as metasploit (and prepared to discuss relative merits of various tools)
:Proven ability to yze and solve a wide range of technical problems.
:Detailed operational knowledge of systems relevant to field of work in terms of functionality and capability and/or detailed knowledge of services provided within the related field.
:Broad technical knowledge suitable to an information security professional: TCP/IP, Unix, Windows, firewall, IPS, database, web application, DDoS, malware, log ysis
:Project and/or people management skills gained through previous experience, where appropriate.