Position Description:

The Penetration Testing and Vulnerability Management Consultant is responsible for certain key functions within the Payroll Service Center (PSC)’s Security and Fraud Management team, including managing penetration testing, active threat hunting, and vulnerability management. He or she also provides support for other functions such as incident management and security in projects.

The PSP is a leading provider of payroll services for numerous clients across Canada. We play a key role in the Canadian economy. Cybersecurity and fraud management are therefore areas of critical importance. Working in the PSP’s Security and Fraud Management team also offers the opportunity to explore many areas and develop expertise in cybersecurity. This position reports directly to the CSP Director of Security and Fraud Management.

This position requires autonomy, strong cybersecurity knowledge, and the ability to learn new skills. It is also important to have strong communication skills and the ability to build good relationships with other teams.

Your future duties and responsibilities:

- Managing offensive testing
- Active threat hunting
- Vulnerability management
- Incident management support
- Security support for projects.

Penetration Testing (Red Teaming)
- Planning and coordinating penetration tests based on a principle of rotating targets and continuous testing
- Supporting the execution of corporate security tests (vulnerability scans and other tests as needed)
- Assisting project teams with conducting DAST (BurpSuite Enterprise) and SAST (SonarQube) tests, and, as needed, independently conducting light penetration tests
- Conducting “retests” to verify that certain vulnerabilities identified as fixed have been properly addressed
- Analyzing test results, re-evaluating severity levels, and verifying false positives
- Periodically conducting light, independent penetration tests on random targets, following a methodology approved by stakeholders
- Occasional participation in specialized conferences, penetration testing competitions, or other activities to maintain an adequate level of expertise in offensive testing
- Report and share relevant information with stakeholders affected by the results of offensive testing.

Active Threat Hunting
- In collaboration with the SOC Manager, analyze specific alerts and alert trends to determine whether certain attack patterns exploit vulnerabilities or security flaws that require remediation. This involves conducting periodic analyses using various monitoring tools: SIEM, WAF, DLP, Defender, etc.
- Note: This does not involve taking responsibility for handling alerts, but rather identifying attack patterns that may require preventive actions or vulnerability fixes.

Vulnerability Management
- Ensure that identified vulnerabilities are properly documented, tracked, and prioritized, with a remediation plan that has been approved by stakeholders
- Contribute expertise and provide recommendations for vulnerability remediation
- Ensure that vulnerability remediation is also properly documented and validated
- Sources for identifying vulnerabilities may include: SAST and DAST testing, penetration testing, compliance audits, anomalies detected by users or associates, configuration reviews, vulnerability scans, external bug bounty researchers, etc.
- Develop dashboards and metrics on vulnerabilities and their severity.

Incident Management Support
- Participate in incident management: investigations, containment, implementation of corrective actions, documentation, and post-incident analysis.

Project Security Support
- Assist specific projects and teams with implementing security measures: asset classification, risk analysis, security recommendations, planning and coordinating security testing, and tracking vulnerabilities and issues requiring correction.

The consultant may also assist with or lead any related tasks assigned by their manager.

Required qualifications to be successful in this role:

- Degree in risk management, cybersecurity, computer science, or related fields
- At least two (2) years of experience in cybersecurity
- Experience participating in or coordinating offensive security testing
- Strong written and verbal communication skills. Ability to communicate effectively with technical and non-technical audiences, senior management, and operational staff
- Leadership skills to successfully complete projects requiring the coordination of multiple teams
- Ability to work independently and organize tasks effectively
- Fluent French (written and spoken) required; functional English necessary
- Ability to work under pressure in a critical environment
- Ability to anticipate risks and propose concrete solutions
- Ability to collaborate effectively within a team.

CGI provides a reasonable estimate of the salary range for this position. This range is calculated based on various factors, including skill level, geographic market, experience, education, and professional licenses and certifications. Compensation decisions are made on a case-by-case basis. A reasonable estimate of this salary range is between $60,000 and $115,000. This position is currently open.

#LI-EH1

Skills:

• English
• French
• Analytical Thinking
• Customer Service & Support

What you can expect from us:

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.

To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our team—one of the largest IT and business consulting services firms in the world.