Penetration Test Analyst

About Citco

Since the 1940s Citco has provided specialist financial services to alternative investment funds, investors, multinationals and private clients worldwide. With over 6,000 employees in 45 countries we pioneer innovative solutions that meet our clients’ evolving needs, and deliver exceptional service.

Our continuous investment in learning means our people are among the best in the industry. And our corporate social responsibility programs provide meaningful and fulfilling work in the community.

A career at Citco isn’t just a job – it’s an opportunity to excel in an environment that genuinely supports your personal and professional development.

About the Role:

The successful canadiate is responsible for working on application/network penetration tests, vulnerability assessment and other security activities as assigned to members of the Red Team. This position will involve working closely with development and projects teams to ensure that internal, secure development processes are adhered to and applications produced by the process are free from security vulnerabilities.  Position will also be responsible for providing basic guidance with regard to development best practices, prevention and remediation of application and infrastructure vulnerabilities. 

Job Duties in Brief:

• Complete testing engagements, document results using approved report formats and track remediation
• Perform manual validation of results from automated/semi-automated tests
• Perform manual penetration test activities as needed
• Complete social engineering and physical on-site assessments as directed
• Utilize network mapping, host enumeration and scanning tools when necessary
• Complete project work accurately and within deadlines as required
• Complete analysis and draw conclusions of overall system risk, recommend remediation strategy.
• Coordinate with internal colleagues to follow up on vulnerability remediation.
• Develop and maintain effective working relationships with clients and other team members.
• Gain and maintain a working knowledge of the Security Products and Services
• Continually review and enhance existing knowledge of threats and analysis techniques
• Serve as part of the Enterprise Vulnerability Management team
• Perform annual Firewall rule review and remediation

About You:

• A bachelor's degree information systems or other related field; or equivalent work experience.
• Professional security certifications such as CISSP, GPEN, GCIA or GWAPT are a plus
• Demonstrate a self-directed approach to learning new technologies in the field; pursue professional development.
• Technical acumen in securing software and hardware
• Knowledge of Penetration testing tools and testing methodologies
• Analysis of operating system, application and network architectures to identify security vulnerabilities
• Extensive knowledge and experience of operating systems and distributions.
• Windows Server and Desktop Network and domain administration, enumeration and exploitation
• Understanding of the TCP/IP protocol stack and other protocols such as routing protocols, web services
• Knowledge of security issues related to many common databases including MySQL, MSSQL and Oracle
• Working knowledge of application testing tools and techniques such as XSS and SQL injection
• Scripting and programming skills are preferred
• Previous experience with enterprise vulnerability management applications, Firewall rules review, BURP Suite, IBM AppScan and Core Impact a plus

What We Offer:

• A challenging and rewarding role in an award-winning global business.
• Opportunities for personal and professional career development.
• Great working environment, competitive salary and benefits, and opportunities for educational support.
• Be part of an industry leading global team, renowned for excellence.

Confidentiality Assured.