Offensive Security Advisor - Red Team

At Desjardins, we believe in equity, diversity and inclusion. We're committed to welcoming, respecting and valuing people for who they are as individuals, learning from their differences, embracing their uniqueness, and providing a positive workplace for all. At Desjardins, we have zero tolerance for discrimination of any kind. We believe our teams should reflect the diversity of the members, clients and communities we serve.

If there's something we can do to help make the recruitment process or the job you're applying for more accessible, let us know. We can provide accommodations at any stage in the recruitment process. Just ask!

Job Level

NV-11

Do technical challenges keep you awake at night? Do you want to constantly learn, analyze, understand things and leverage your experience, knowledge and expertise?
Our Red Team needs an operator to perform adversary simulation and threat monitoring activities at Desjardins. In this role, you work with high caliber cyber defence and insider threat teams during activities requiring you to use modern and sophisticated offensive tools, in-house tradecraft and TTPs that you develop to effectively do your job.
As an Offensive Security Advisor, you help protect IT hardware, software and data against modification, destruction, and accidental or unauthorized disclosure. You also assist in authentication and access control by designing, administering and controlling proven security systems. You analyze IT system vulnerabilities and implement protective measures to back up, restore and secure systems.
You lead practitioners on development projects and innovative, complex strategic initiatives, including the development of IT security standards and policies. Your initiatives require extensive, in-depth knowledge of your line of work.
You make recommendations on the development and execution of projects and initiatives with a high degree of operational and conceptual complexity. You use your analytical skills and comprehensive, detailed knowledge of your line of business and the organization. Coordination is critical. You interact with many stakeholders working in a wide range of fields. Interpersonal savvy is therefore essential.
You serve as a specialist advisor and subject matter expert, as well as a resource person and coach for decision-making bodies.
We're looking for a team player who can manage a project and stay organized.

General Information on the Position

Main responsibilities

• Lead large-scale development projects, initiatives and activities in your specialty area that have a significant impact on the entire organization

• Advise your clients and partners to help them position, plan, develop, select solutions for, execute and monitor strategic projects and initiatives under your responsibility

• Develop and update policies, standards, models and programs to support your unit's strategic projects and initiatives

• Identify and analyze major issues. Diagnose issues and make recommendations to decision-making bodies

• Represent your unit before decision-making bodies

• Represent Desjardins when making agreements with external partners and organizations

• Design, develop and implement various attack chains for different levels of sophistication

• Perform the research and development required to maintain and contribute to the team's tradecraft

• Collaborate with the Desjardins cyber defence and insider threat teams to improve prevention, detection and response capabilities

• Document and communicate detailed observations and recommendations, using plain, simple language.

Other working conditions

• Workplace: Position located in Montreal, Lévis, Sherbrooke, Shawinigan, Drummondville, Saint-Lambert, Gatineau or Chicoutimi, depending on the applicant selected. The work arrangement for the position is hybrid work 

• Number of jobs available: 1

Qualifications

• Bachelor's degree in a related field

• A minimum of 8 years of relevant experience

• Experience in Offensive Security as a Red Team operator and/or with stealth pentesting

• Experience developing creative stealth tools and automating tasks in various programming languages

• Experience operating with C2

Please note that other combinations of qualifications and relevant experience may be considered

• For vacant positions available in Quebec, please note that knowledge of French is required

Specific knowledge

• Proficiency in application security and infrastructure operations

• Knowledge of modern evasive techniques (e.g., antivirus, EDR, NDR)

• General knowledge of defence mechanisms and business controls

• Familiarity with the MITRE ATT&CK framework

• Proficiency in advanced French

Why Desjardins's Red Team?

• Possibility of flexible work location

• Quarterly department meetings and in-person team activities (BBQ!)

• Attack simulation against formidable cyber defence teams

• Work-life balance a core value

• A team of 30 hackers backed by strong technical managers

• Flexible training budget

Desjardins invests in training its Offensive Security team by offering access to internationally-renowned conferences and training programs.

As an example, here's the training list for our team over the last 12 months:

• Adversary Simulation and Red Team Tactics by MDSec

• Adversary Tactics: Red Team Operations by SpecterOps

• Adversary Tactics: Tradecraft Analysis by SpecterOps

• Adversary Tactics: Vulnerability Research for Operators by SpecterOps

• An Analytical Approach to Modern Binary Deobfuscation by Arnau Gàmez i Montolio

• Dark Side Ops 1: Malware Dev by NetSPI

• Dark Side Ops 2: Adversary Simulation by NetSPI

• Initial Access Operation by FortyNorth Security

• Malware On Steroids by Dark Vortex

• Modern Malware OPSEC & Anti-Reverse Techniques Implementation and Reversing by Dr. Silvio La Porta and Dr. Antonio Villani

• Offensive Cloud Security by NCC Group

• OSCP, OSCE, OSEP, OSED, OSWP by Offensive Security

• Red Team Operator: Windows Evasion by Sektor7

• Unplugged: Modern Wi-Fi Hacking by SensePost

• Windows Internals by Paval Yosifovich

• Windows Kernel Exploitation by Ashfaq Ansari

Desjardins Cross-sector skills

Action oriented, Customer Focus, Differences, Nimble learning

Key competencies for the job

Interpersonal Savvy, Strategic mindset

Work Location

1, Complexe Desjardins, Montréal

Trade Union

Non Syndiqué

Unposting Date

2024-02-12

Job Family

Information technology (FG)

Desjardins Group is the largest cooperative financial group in Canada, and one of the largest employers in the country. It offers a full range of financial products and services and is home to a wealth of expertise in property and casualty insurance, life and health insurance, wealth management, services for businesses of all sizes, securities brokerage, asset management, venture capital, and secure, leading-edge virtual access methods.

Career development, Conferences, Flex hours