Job Title or Location
RECENT SEARCHES

Ethical Hacker

Packetlabs - 7 Jobs
Mississauga, ON
Remote
Full-time
Experienced
Company Benefits
Flexible Work
Posted 19 days ago
Salary:

Packetlabs was built by an ethical hacker after seeing vulnerability assessments presented as penetration tests. Our slogan "Ready for more than a VA scan?" drives at the importance of not providing our clients with a false sense of security.

We are a passionate team of highly trained, proactive ethical hackers. We provide expert-level penetration testing services that are thorough and tailored to help foster a safe digital space where everyone has the right to privacy and security. Packetlabs consultants find weaknesses others overlook and continuously learn new ways to evade controls. We hold ourselves to a very high standard.

To do so, we only hire individuals with the same drive and passion.

Who we are looking for

  • Core values:
    • Customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
    • You deliver work that you take pride in. Your work is an autograph of your excellence.
    • Digs deeper into every finding. Doesn't stop until impact is proven.
    • Is comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
    • Is always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
    • Self-motivated and dependable.
    • Is humble. Egos don't have a place at Packetlabs.
  • Education and experience:
    • A graduate of Information Security or Computer Science degree program.
    • Has between two and five years of experience in a similar role.
    • Has professional qualifications (one or more): CISSP, OSCP, OSCE, GWAPT, GPEN, GXPN, OSEP, OSWE, OSED, BSCP. OSCP or Burp is mandatory.

What you'll be doing

  • Penetration testing of web applications, mobile applications, APIs, and cloud.
  • If ready according to Packetlabs standards:
    • Penetration testing of infrastructure that includes on-premises, hybrid, and cloud environments
      • Network Attacks: Developing access with no privileges but network access.
      • Active directory:
        • Unauthenticated Exploitation - AD exploitation as a user without access to a domain user account. Gain a foothold in the network through misconfigurations, exploitation and AD-specific attacks.
        • Authenticated Exploitation - Exploitation as a low-privileged domain user. Elevate privileges and laterally move within the network through abusing misconfigurations, exploitation and poor security configuration.
        • Exploitation: Local User - Elevating privileges on a specific machine.
        • Exploitation: Cross-Forest - Leveraging privileged access to compromise multiple segmented AD environments.
      • Advanced - Post-Exploitation Activities: Combining all of the above along with credential access, evasion, and lateral movement to demonstrate impact and risk.
    • Red teaming
      • Demonstrate the ability to engineer resilient infrastructure and creative TTPs as part of the red team lifecycle.
      • Ability to thrive in complex infrastructure environments and tackle technologies you might not be familiar with.
      • Utilize common offensive security testing tools and tradecraft, and ability to customize existing toolsets to remove common IOCs.
      • Possesses a deep knowledge of the entire red team lifecycle (Initial Access, Recon, Persistence, Lateral Movement, Privilege Escalation, Data Exfiltration, and Objective Completion).
    • Purple teaming
      • Possesses the ability to attack and avoid detection at different levels.
      • Have a "hunt yourself" mentality. If you can skirt defenses, are you capable of demonstrating valid methods to detect/protect against said TTPs.
      • Sitting and coaching defense teams to sprint through rule creation, alerting, and threat-hunting methodologies.
      • Demonstrate capability in the creation of a detection-based attack range.

Why us?

  • Immediate and continual offensive security training
  • Wealthsimple GRSP with corporate matching
  • Participation in corporate benefit plans
  • Amazing team and working environment
  • Competitive compensation and growth opportunity
  • Fully remote

remote work
#Information Technology jobs
Apply on company site
Save Job