Penetration Testing Analyst

Sun Life·Toronto, Ontario·Posted 1mo ago·via Talent.com

RegionCanada
Apply Now

Job description

Job Description

: At Sun Life, we work together, share common values, and encourage growth and achievement. We are seeking a skilled Penetration Testing Analyst to perform hands-on security testing of applications, infrastructure, and systems.

This role is primarily focused on Penetration Testing delivery , with secondary exposure to Red Team activities , contributing to adversary simulation exercises where required. The successful candidate will have strong technical testing capabilities, with an interest in developing broader offensive security skills.

Key Responsibilities

  • Perform web, API, mobile, and infrastructure penetration testing across enterprise applications.
  • Identify, exploit, and validate security vulnerabilities using manual testing techniques and industry tools.
  • Conduct testing in line with established methodologies and security frameworks (e.g., OWASP).
  • Produce clear, structured reports outlining:

Vulnerabilities and root cause

Business impact and risk rating

Practical remediation recommendations

  • Perform research into new vulnerabilities, exploits, and attack techniques to enhance testing coverage.
  • Support re-testing activities to validate remediation of identified issues.
  • Support Red Team or adversary simulation exercises where required.
  • Contribute to reconnaissance and attack surface mapping, Identification of potential attack paths.
  • Support documentation of attack paths and identified security gaps.
  • Assist in controlled exploitation activities under guidance, including:

Initial access techniques

Limited post-exploitation validation (e.g., privilege escalation concepts, lateral movement awareness)

  • Collaborate with senior team members to understand real-world attacker behaviour and techniques.

Required Skills & Experience

Core Penetration Testing Skills (Essential)

  • Hands-on experience in:

Web application security testing (OWASP Top 10)

API security testing

Basic network/infrastructure testing

  • Strong understanding of:

Authentication, session management, and access control flaws

Input validation and injection vulnerabilities

  • Experience with tools such as:

Burp Suite, Nmap, sqlmap, or similar

  • Ability to perform manual testing beyond automated scanning.
  • Strong documentation and reporting skills, with focus on clear risk articulation.

Red Teaming Skills (Desirable – Foundational Level)

  • Basic understanding of adversary simulation concepts and attack lifecycle.
  • Familiarity with:

Reconnaissance techniques

Common initial compromise methods

  • Awareness of:

Privilege escalation and lateral movement concepts

Attack paths across enterprise environments

  • Interest in developing Red Team and offensive security capabilities over time.

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • Certifications such as OSCP, OSWA, CISSP or CompTIA are desired but not required.

Benefits

  • 22 Days Annual Leave - increasing to 25 days based on length of service
  • Maternity Leave, Paternity Leave, Parental Leave
  • C$400/€275 Fitness Reimbursement for gym membership annually
  • Annual Bonus plan based on Company and Individual Performance
  • 100% Private Health Insurance cover for employees and 50% contribution for family members from date of hire
  • Study Assistance Programme inclusive of Masters Programme
  • S&S Club, Wellness Programme, GP Scheme, Flu Vaccines, Eye Care Scheme as well as lots of discounted events and classes
  • Defined Contribution Pension Scheme
  • Access to Professional Development Training Platforms

Job Category:

IT - Technology Services Posting End Date:

03/07/2026

first seen 2026-05-28 04:24:01 · last verified 2026-06-18 20:24:01


pentestcareers.com // breach the job market