Specialist, Threat Emulation and Security Validation

Closing Date: February 28, 2025Position Status: VacantTeck is a leading Canadian resource company focused on responsibly providing the metals essential for global development and the energy transition while caring for the people, communities and land that we love.Teck's two regional business units, North America and Latin America, are responsible for Teck's assets through all phases of safe, sustainable development, operation and closure. The business units are supported by enterprise-wide functions that set strategic direction, establish standards and provide governance, as well as supporting the business through shared services, centres of excellence and business partnering.Reporting to the Manager, Cyber Threat Defence, the Specialist, Threat Emulation and Security Validation will collaborate with a team of third-party offensive security experts, develop innovative security processes, and collaborate with partners to improve our security posture. Your role will focus on automating offensive security tasks and building reusable scripts and tools to streamline and improve our testing capabilities. In this role, you will be responsible for conducting penetration tests, vulnerability assessments, and red team exercises to identify and address security weaknesses in our systems and networks.Develop your career with one of Canada's Top 100 Employers and join our team!

Responsibilities

•  Be a courageous safety leader, adhere to and sponsor safety and environmental rules and procedures
• Champion the 3 lines of defense model for risk management and act as a 2nd line of defense facilitator regularly interacting with the 1st line of defense
• Develop and implement automated penetration testing scripts and tools and maintain offensive security scripts and automation tools using languages such as Python, Ruby, or PowerShell
• Conduct regular automated penetration tests and vulnerability assessments using industry-standard tools and custom scripts
• Integrate offensive security tools with other security platforms to enable seamless orchestration and automation
• Collaborate with the threat intelligence and detection teams to ensure a comprehensive and integrated security approach
• Continuously update and refine offensive security tools, techniques, and methodologies to address emerging threats
• Provide guidance and support to the detection and response team on day-to-day operations and strategic projects

Qualifications

• 5+ years of experience in offensive security, penetration testing, and vulnerability assessment
• Certified Ethical Hacker (CEH) and Offensive Security Certified Professional (OSCP) or equivalent. Additional relevant certifications (e.g., GIAC, GPEN, GWAPT) are a plus
• Proven track record in automating security testing and developing custom security tools
• Experience in working with third-party security service providers
• Solid understanding of security operations, including threat intelligence, threat detection, incident response, and offensive security
• Expertise in penetration testing tools and platforms (e.g., Metasploit, Burp Suite, Nessus, Kali)
• Strong coding and scripting skills in Python, Ruby, PowerShell, or similar languages
• Experience with automating offensive security tasks and processes
• Knowledge of security automation and orchestration platforms (e.g., SOAR)
• Understanding of APIs and integration techniques for security tools
• Embody Teck values in daily activities by being responsible and courageous, respectful and inclusive, alongside humble and driven
• You are aware of, have a desire to, with knowledge in, and the ability to increase maturity by building on context, manage and assess risk and trade-offs, and to standardize process through writing and review
• You can demonstrate personal accountability, radical transparency and a growth mindset

Why Join Us?At Teck, we offer more than just a job – we provide a pathway to personal and professional enrichment. With captivating projects set against stunning backdrops, a culture of inclusivity and collaboration, and boundless opportunities to learn and grow, joining us means embracing a fulfilling and dynamic career adventure. Teck employees receive access to our total rewards program and comprehensive benefits package that promote physical, mental, financial, and emotional well-being. This includes but is not limited to:   • Annual Performance Bonus • Profit Share Plan • Health Spending Account • Personal Spending Account • Extended Health Care • Dental and Vision Care • Employer Paid Pension Plan • Life Insurance and Disability Coverage • Paid Sick Leave, Vacation and Holidays • Virtual Telemedicine and additional support for overall well-being • Employee and Family Assistance Program (EFAP)