About the Role

CGI is seeking a highly skilled Penetration Tester to join our offensive security initiatives. This pivotal role requires deep expertise in manual security testing, exceptional proficiency with Burp Suite, and a comprehensive understanding of industry security standards and frameworks. You will be instrumental in identifying and mitigating security vulnerabilities across various environments.

Your Future Duties and Responsibilities

• Lead and execute advanced manual penetration tests across web applications, mobile platforms, APIs, cloud infrastructure, and traditional IT environments.
• Leverage Burp Suite Professional and other leading industry tools for comprehensive vulnerability identification, exploitation, and detailed reporting.
• Develop and refine penetration testing methodologies, processes, and best practices to enhance efficiency and effectiveness.
• Mentor and manage junior testers, meticulously reviewing their findings to ensure high-quality deliverables.
• Serve as the primary liaison for security testing engagements, communicating effectively with clients and internal stakeholders.
• Provide strategic recommendations for risk remediation and the implementation of secure development practices.
• Ensure testing practices are aligned with critical security frameworks, including:
  • OWASP ASVS v5
  • OWASP Top 10 (2021)
  • NIST 800-115
  • ISO/IEC 27001/27002
  • PCI DSS (as applicable)
• Actively participate in threat modeling exercises, red team/blue team activities, and sophisticated adversary simulations.
• Prepare and deliver executive-level reports and conduct informative stakeholder briefings.
• Proactively stay abreast of emerging threats, tools, and techniques, integrating relevant innovations into the testing practice.

Must-Have Skills

• Extensive experience in Penetration Testing, Dynamic Application Security Testing (DAST), and Static Application Security Testing (SAST).
• Proficiency with the OWASP Top 10 vulnerabilities.
• A minimum of 3 years of dedicated experience in penetration testing.
• Advanced capabilities in manual testing, exploitation techniques, and vulnerability chaining.
• Expert-level proficiency with Burp Suite Pro (all modules) and other essential security tools such as Metasploit, Nmap, and Nessus.
• Strong understanding and practical experience in cloud security testing (AWS, Azure, GCP).
• Experience with Secure Software Development Lifecycle (SDLC), DevSecOps, and integrating security testing into CI/CD pipelines.
• Familiarity with scripting and programming languages (e.g., Python, PowerShell, Bash, JavaScript).
• Proven ability to mentor, coach, and lead security testing teams.
• Excellent client communication and presentation skills.