Senior Analyst - Penetration Tester

sysco.ca

2d onsite
Web application and api testing
Cloud security testing (azure, aws, gcp)
Active directory and azure ad assessment
Lead penetration tests across web applications, APIs, cloud services, and internal environments using Veracode and Burp Suite, followed by deep manual testing

Job Summary

  • Lead penetration tests across web applications, APIs, cloud services, and internal environments using Veracode and Burp Suite, followed by deep manual testing.
  • Assess cloud environments (Azure, AWS, GCP) and Active Directory/Azure AD using specialized tools to identify misconfigurations and attack paths.
  • Participate in planned evening and weekend testing with compensatory days off to maintain a ~40-hour work week.

Matching Summary

Lead penetration tests across web applications, APIs, cloud services, and internal environments using Veracode and Burp Suite, followed by deep manual testing.

Skills & Requirements

Must-have

  • Web application and API testing
  • Cloud security testing (Azure, AWS, GCP)
  • Active Directory and Azure AD assessment
  • AI/ML/LLM security testing
  • Veracode SAST/DAST and Burp Suite
  • Manual vulnerability retesting

Nice-to-have

  • Mobile app testing experience
  • Custom scripting and exploit development
  • Research and tooling sharing

Key Requirements

  • 5+ years of penetration testing experience
  • Experience with Veracode or similar SAST/DAST
  • Advanced Burp Suite usage
  • Experience testing Azure, AWS, and GCP
  • Hands-on AD/Azure AD assessment with BloodHound
  • Experience testing AI/ML/LLM systems
  • Comfort with planned off-hours work

Work Rights

Not specified

Tailored Resume

Cover Letter