Penetration Tester

Toronto, ON

Behavox

Behavioral Enterprise Risk & Compliance Management Software Solutions. Data And Communication Analytics Platform Powered By AI. Contact Us!

View all jobs at Behavox

Apply now Apply later

About Behavox:

Behavox is shaping the future for how businesses harness their most important raw material - data. Our mission is bold: Organize enterprise data into actionable information that protects and promotes the business growth of multinational companies around the world. 

From managing enterprise risk and compliance to maximizing revenue and value, our data operating platform presents a widespread opportunity to build multilingual, AI/ML-based solutions that activate data for every function within a global enterprise. 

Our approach is unique, and it’s validated by our customers who tell us to keep forging ahead because no one else is aggregating, analyzing, and acting on data to uncover opportunities or solve problems quite the way we are.

We are looking for fearless innovators who have an insatiable appetite for building what no one has built before. 

About the Role

The penetration tester will join the Information Security Assurance Red team and will be covering the day to day penetration test and vulnerability scanning activities. The penetration tester will actively exploit vulnerabilities and then help to develop solutions that will secure the enterprise and Behavox Products.

The main responsibilities of the penetration tester will be:

  • Developing and executing formal web application security testing plans to ensure the delivery of quality software applications. Involved in test planning, preparation and communication with the development team prior to security test execution.
  • Performs web application/network attack & penetration (A&P) testing to find security issues such as risks, defects, and logical errors. Collects and analyzes security data from manual, automatic and static source review, and integrates them to find the best way to address security issues to meet the needs of the business.
  • Documents all issues and assists in their resolution. Delivers security training and education to technical staff within findings and acts as an internal security consultant to advise or influence business or technical partners.
  • Provides quality web application security audits across the various IT functions to ensure quality standards, procedures and methodologies are being followed.
    Conduct regular knowledge-sharing sessions with the team and stakeholders to enhance communication and collaboration

What You'll Bring:

  • A strong and genuine interest in Behavox, demonstrated by alignment with its mission, technologies, and approach to security. (These is required as the first bullet on all Job Postings)
  • 5+ years of experience in penetration testing and ethical hacking, including web applications, infrastructure, and cloud environments, with at least 2 years in Red Team operations and vulnerability exploitation using tools like Burp Suite, Metasploit, and custom scripts.
  • Strong proficiency in web application security, including deep familiarity with testing tools (e.g., Acunetix, Nessus, ZAP), OWASP Top 10, and secure coding practices across development languages such as Java and Python.
  • Skilled in technical communication and documentation, with the ability to clearly report findings, articulate technical risk, and align recommendations with security frameworks like MITRE ATT&CK, NIST, and OWASP.
  • Holds relevant industry certifications, such as OSCP, OSCE, CRTP, or CEH, demonstrating validated expertise in offensive security and a commitment to professional development.

 

What You'll Do

  • Plan and execute targeted penetration tests on critical systems in collaboration with internal teams, identifying vulnerabilities and delivering actionable remediation guidance.
  • Collaborate with developers, IT, and DevSecOps teams to address code-level and system-wide vulnerabilities, providing expert guidance during assessments and reviews.
  • Exploit vulnerabilities and clearly communicate technical findings, attack paths, and mitigation steps through well-documented, risk-based reports for both technical and non-technical stakeholders.
  • Simulate real-world threats and advanced persistent attacks to test and evaluate the effectiveness of existing security controls and incident response.
  • Continuously research emerging threats and attack techniques, contributing to the organization's evolving security strategy and overall risk posture.

What We Offer

  • A truly global mission with a passionate highly talented community in locations all over the World
  • The ability to have significant impact and potential for learning as our aspirations require bold innovation
  • A highly competitive cash compensation package with performance bonuses baked into salary payments
  • A flexible work schedule that allows for Remote or Hybrid work as appropriate to the role and location
  • A very generous time-off policy (30 days annually), with public holidays for your geography in addition

 

About Our Process

We take Talent very seriously and we are building a community of extraordinary individuals working together in very high performing teams. We also know that the best Talent always has options so we believe that the process has to be a two way assessment - the company AND the candidate assessing the business needs alignment, the career next step alignment, and the cultural alignment. 

During the process we will begin by exploring the core factors regarding salary and location along with core experience and skills and values alignment. We will then deep dive explore the critical technical competencies we have identified for the role, and then we will deep dive in behavioral competencies.

The most aligned candidate will then be asked to do a practical work task simulation activity so we can make sure that you will enjoy the kind of work the role requires, and this task will typically be presented and discussed with a group of colleagues and managers. Finally we will ask you to meet with a number of our senior leaders to make sure that you are making the most informed call possible. Please note, all Zoom interviews will be recorded. 

 

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0
Category: PenTesting Jobs

Tags: Application security Audits Burp Suite CEH Cloud Compliance DevSecOps Ethical hacking Exploit Incident response Java Metasploit MITRE ATT&CK Nessus NIST Offensive security OSCE OSCP OWASP Pentesting Python Red team Security strategy Strategy Vulnerabilities

Perks/benefits: Career development Competitive pay Flex hours Flex vacation Startup environment Team events

Region: North America
Country: Canada

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.