Penetration Tester

Penetration Tester / Offensive Security ConsultantLocation: Remote (Canada) Toronto, Ontario, CA preferredCompany: Control Gap, a CyberGuard Advantage companyAbout UsCyberGuard Advantage is a modern cybersecurity compliance and risk advisory firm backed by Atlantic Street Capital. We help organizations navigate complex privacy, compliance, and security landscapes—covering SOC, PCI, ISO, HITRUST, and more.Control Gap, now part of CyberGuard, is Canada’s leading PCI compliance and offensive security consultancy. Together, we deliver one of North America’s most comprehensive cybersecurity and compliance platforms—helping Fortune 50 enterprises, financial institutions, and emerging tech companies safeguard their most critical assets.About the RoleWe’re looking for an experienced Penetration Tester / Offensive Security Consultant to help build and lead our growing Offensive Security practice. You’ll simulate real-world cyberattacks, identify weaknesses before the bad guys do, and help our clients strengthen their defenses.If you’re passionate about offensive security, thrive in complex technical environments, and want to work alongside some of the brightest minds in cybersecurity—this is your chance to make real impact.What You’ll DoConduct full-scope penetration testing on networks, applications, cloud environments, and APIsSimulate advanced adversary techniques to evaluate enterprise security postureDeliver detailed technical and executive reports that tell the story behind your findingsMentor and coach junior security testers and ethical hackersCollaborate directly with clients, helping them understand vulnerabilities and prioritize remediationResearch and develop new testing methodologies, scripts, and tools for emerging technologiesPartner with sales teams on scoping, pre-sales demos, and client workshopsOccasionally travel to client sites across Canada for testing and assessmentsWhat You Bring3+ years in penetration testing or red teaming (network, web app, or mobile)5+ years in IT or Information Security overallDeep knowledge of OWASP Top 10, vulnerability exploitation, and post-exploitation techniquesExperience with tools like Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, and custom scriptsFamiliarity with cloud environments (AWS, Azure, GCP) and secure configuration assessmentsUnderstanding of encryption, malware analysis, pivoting, or exploit development is a plusCertifications such as OSCP, OSCE, GXPN, PNPT, GWAPT, or GMOB are highly valuedSoft Skills That Set You ApartYou’re curious, analytical, and thrive under pressureExcellent communication—you can explain technical exploits to execs and engineers alikeOrganized, dependable, and passionate about helping clients stay one step aheadWhy Join UsCompetitive salary + 4 weeks paid vacationCompany-paid medical, dental, and wellness benefitsRRSP sharing, paid certifications, and ongoing professional developmentFully remote flexibility with team events throughout the yearA culture that values expertise, integrity, and innovation—where your work actually matters