Penetration Testing Analyst

Job Description

: At Sun Life, we work together, share common values, and encourage growth and achievement. We are seeking a skilled Penetration Testing Analyst to perform hands-on security testing of applications, infrastructure, and systems.

This role is primarily focused on Penetration Testing delivery , with secondary exposure to Red Team activities , contributing to adversary simulation exercises where required. The successful candidate will have strong technical testing capabilities, with an interest in developing broader offensive security skills.

Key Responsibilities

- Perform web, API, mobile, and infrastructure penetration testing across enterprise applications.

- Identify, exploit, and validate security vulnerabilities using manual testing techniques and industry tools.

- Conduct testing in line with established methodologies and security frameworks (e.g., OWASP).

- Produce clear, structured reports outlining:

Vulnerabilities and root cause

Business impact and risk rating

Practical remediation recommendations

- Perform research into new vulnerabilities, exploits, and attack techniques to enhance testing coverage.

- Support re-testing activities to validate remediation of identified issues.

- Support Red Team or adversary simulation exercises where required.

- Contribute to reconnaissance and attack surface mapping, Identification of potential attack paths.

- Support documentation of attack paths and identified security gaps.

- Assist in controlled exploitation activities under guidance, including:

Initial access techniques

Limited post-exploitation validation (e.g., privilege escalation concepts, lateral movement awareness)

- Collaborate with senior team members to understand real-world attacker behaviour and techniques.

Required Skills & Experience

Core Penetration Testing Skills (Essential)

- Hands-on experience in:

Web application security testing (OWASP Top 10)

API security testing

Basic network/infrastructure testing

- Strong understanding of:

Authentication, session management, and access control flaws

Input validation and injection vulnerabilities

- Experience with tools such as:

Burp Suite, Nmap, sqlmap, or similar

- Ability to perform manual testing beyond automated scanning.

- Strong documentation and reporting skills, with focus on clear risk articulation.

Red Teaming Skills (Desirable – Foundational Level)

- Basic understanding of adversary simulation concepts and attack lifecycle.

- Familiarity with:

Reconnaissance techniques

Common initial compromise methods

- Awareness of:

Privilege escalation and lateral movement concepts

Attack paths across enterprise environments

- Interest in developing Red Team and offensive security capabilities over time.

Qualifications

- Bachelor's degree in Computer Science, Information Security, or a related field.

- Certifications such as OSCP, OSWA, CISSP or CompTIA are desired but not required.

Benefits

- 22 Days Annual Leave - increasing to 25 days based on length of service

- Maternity Leave, Paternity Leave, Parental Leave

- C$400/€275 Fitness Reimbursement for gym membership annually

- Annual Bonus plan based on Company and Individual Performance

- 100% Private Health Insurance cover for employees and 50% contribution for family members from date of hire

- Study Assistance Programme inclusive of Masters Programme

- S&S Club, Wellness Programme, GP Scheme, Flu Vaccines, Eye Care Scheme as well as lots of discounted events and classes

- Defined Contribution Pension Scheme

- Access to Professional Development Training Platforms

Job Category:

IT - Technology Services Posting End Date:

03/07/2026