Remote Penetration Tester - Offensive Security
Malleum
Location: Hybrid / On-site at client locations as required
Department: Offensive Security & Adversary Simulation
About Malleum Malleum is at the forefront of next-generation cyber defense, partnering with marquee clients across space, aerospace, defense, government, financial services, and critical infrastructure. We're experiencing exceptional growth as demand accelerates for trusted advisors capable of delivering at the intersection of national security, allied intelligence cooperation, and enterprise resilience. Our offensive security consultants test the systems behind cutting-edge defensive technologies, sovereign space capabilities, and allied programs - finding the gaps before adversaries do, on networks that protect missions of genuine national consequence. If you take pride in breaking things ethically - and helping the most consequential organizations build back stronger - Malleum is where your craft meets purpose. The Opportunity
We're seeking a Penetration Tester to deliver hands-on offensive security engagements across client networks, applications, cloud environments, and operational technology. You'll work directly within client environments - including sovereign, regulated, and cleared settings - emulating real-world adversaries, documenting findings, and partnering with clients to drive meaningful remediation.
This is a hands-on consulting role for a practitioner who blends deep technical tradecraft with strong client presence and the discipline to deliver findings clearly, safely, and on schedule.What You'll Do
- Plan, scope, and execute penetration tests across external, internal, web application, API, mobile, cloud (Azure / AWS / GCP), wireless, and Active Directory targets
- Conduct red team and adversary emulation engagements aligned to MITRE ATT&CK, executing realistic TTPs against client environments
- Perform assumed-breach assessments, internal pivoting, privilege escalation, and lateral movement exercises
- Support purple team exercises in partnership with client SOC and Malleum's IR practice to improve detection and response
- Execute social engineering campaigns (phishing, vishing, physical) where contracted, with rigorous rules of engagement
- Conduct cloud configuration reviews against CIS Benchmarks, CSA CCM, and provider-specific baselines
- Support OT / ICS / SCADA security testing for defense and critical-infrastructure clients (with appropriate safety controls)
- Develop custom tooling, scripts, and payloads (PowerShell, Python, C#, Go) to evade modern EDR and ZTNA controls during sanctioned engagements
- Produce high-quality client deliverables: executive summaries, technical findings, reproduction steps, evidence, CVSS-scored risk ratings, and pragmatic remediation guidance
- Deliver findings briefings to client stakeholders — from engineers to executive leadership and boards - with clarity and professionalism
- Contribute to scoping, estimation, statements of work, and continuous improvement of Malleum's offensive security service offerings
- Maintain meticulous engagement hygiene: rules of engagement, scope control, evidence handling, and safe-listing coordination
- Participate in research, internal tooling development, CTFs, and conference contributions to grow Malleum's offensive capability and brand
What You Bring
- 4+ years of professional penetration testing or red team experience, ideally in a consulting, MSSP, or in-house offensive security team
- Demonstrated success working directly with clients - strong communication, professionalism, and stakeholder management skills
- Deep working knowledge of network, web application, and Active Directory attack paths (Kerberoasting, AS-REP roasting, NTLM relay, ADCS abuse, BloodHound-driven pathing)
- Hands-on proficiency with offensive tooling: Burp Suite Pro, Nmap, Nessus / Nuclei, Metasploit, Cobalt Strike, Sliver, Mythic, Impacket, BloodHound, CrackMapExec / NetExec, Responder, Mimikatz, and modern C2 frameworks
- Strong scripting skills in Python, PowerShell, and Bash; comfort reading and modifying C#, Go, or Rust tooling
- Experience evading or bypassing EDR (Defender, CrowdStrike, SentinelOne), AMSI, and modern Windows defenses
- Familiarity with cloud attack paths in Azure / Entra ID (Pass-the-PRT, illicit consent grants, managed identity abuse) and AWS (IAM privilege escalation, metadata service abuse)
- Solid grasp of ZTNA and identity-aware perimeters (e.g., Cloudflare Access, Zscaler, Entra Conditional Access) and how they reshape attacker tradecraft
- Comfort emulating adversary TTPs mapped to MITRE ATT&CK and known threat-actor playbooks
- Familiarity with testing standards: PTES, OWASP WSTG / MASTG / ASVS, NIST SP 800-115, OSSTMM
- Awareness of compliance contexts that frame client expectations: PCI DSS, SOC 2, NIST 800-171 / CMMC, CPCSC, ITSG-33, ISO 27001:2022
- Certifications such as OSCP, OSEP, OSWE, OSCE3, CRTO, CRTL, GPEN, GXPN, GWAPT, GMOB, GCSA / GPCS / GCLD (cloud), AWS Certified Security – Specialty, Microsoft SC-100 / AZ-500 strongly preferred; OSCP or equivalent practical certification (e.g., CRTO, HTB CPTS, PNPT) is a baseline expectation
- Demonstrated ability to perform under pressure - calm, methodical, and ethical when engagements surface sensitive findings
- Willingness and availability to work odd hours and extended shifts when supporting time-boxed red team windows, after-hours testing, or rapid-response offensive support during active IR matters
- Comfort working across multiple client environments, tooling stacks, and rules-of-engagement simultaneously
- Eligibility for Government of Canada security clearance (Secret or higher); existing clearance highly valued; or controlled-goods registration considered an asset
- Bilingualism (English/French) considered a strong asset
Why Malleum
- Test the systems behind programs with genuine national and allied security impact - across aerospace, defense, and critical infrastructure
- Join a rapidly scaling firm with a flat, high-trust culture and direct access to senior offensive, IR, and engineering leaders
- Exposure to a wide variety of advanced targets, sectors, and cleared environments
- Dedicated research time, lab budget, and support for conference talks, CVE research, and open-source contributions
- Competitive compensation, performance incentives, and comprehensive benefits
- Continuous learning budget, certification sponsorship (OSCP, OSEP, OSWE, CRTL, SANS), and clear paths into senior red team, exploit development, or offensive research specializations
Vacancy posted 26 days ago
Similar jobs that could be interesting for youBased on the Remote Penetration Tester - Offensive Security in Blainville, QC vacancy
$40 per hour
Who are we? Cohere is the leading security-first enterprise AI company. We build cutting-edge... ...BYOD - Bring Your Own Device (laptop). Remote work within Canada. 12 month contract. Performance... ...annotation tasks, including explicit, offensive, or other inappropriate material. If the...Remote workHourly pay16 hoursPermanent employmentContract workTemporary workPart timeFor contractors- ...organizations conquer their most intractable email security challenges. In partnership with... ...responsible for conducting in-person and remote product demonstrations, articulating the... ...execution of sales objectives and account-based penetration strategies • Conduct technical and...Remote work
- ...improvement opportunities and ensure consistency across deliverables • Secure all required usage rights, model releases, and compliance... ...the holidays) • Competitive compensation • Stock option grant • Remote first, work from anywhere in Canada • Incredible culture powered...Remote workInternship
- QA Intern Location: Ottawa, ON | Remote Department: Engineering Reports To: Rajat Budhiraja, QA Lead Type: Internship | Summer 2025 About... ...the tools to know sooner and act faster by transforming video security into real-time operational insights. Our cloud-based platform integrates...Remote workPermanent employmentFull timeSummer workInternship
- ...providers, and helping ensure our workspace is functional Maintain secure document practices by organizing, filing, and tracking key... ...We offer unlimited paid vacation and flexibility for occasional remote work, based on team needs. Check out our Careers website here...Remote workCasual workWork at officeFlexible hours
$70 - $80 per hour
...management industry. Role(s) Required: Network Consultant Location: Remote , Toronto, ON Employment Type: 6 months to start but this is a... ...issues in a timely manner. - Monitor network performance and security, and take proactive measures to ensure the stability and reliability...Remote workContract workImmediate start- ...Newcomer and Settlement Supports • Community Wellness, Counselling, and Family Supports • Seniors and Community-Based Supports • Food security programs including the Village Pantry Food Bank • Black-led, culturally responsive community development initiatives We are also an...Remote workLong term contract
- Remote Position - Any Location in Canada with Great Wifi Works! You will be the heartbeat of digital transformation, ensuring that when we deploy powerful Salesforce solutions, the people behind them are ready to thrive. This role is more than change project management; it is...Remote workShift work
$25 - $40 per hour
Installer, Security Alarms SSP Technologies Location Blainville, QC Salary 25.00 to 40.00 hourly (To be negotiated) / 40 hours per week Full time Day Starts as soon as possible Languages French Education Other trades certificate or diploma or equivalent experience Experience...Hourly payFull timeImmediate start- ...we can unlock your potential. LOCATION: Apply Digital is hybrid/remote friendly. The preferred candidate should be based in Canada, working... ...RESPONSIBILITIES - Lead the design and development of scalable, secure, and high-performance backend systems using Python and modern...Remote workInternshipWork at officeImmediate startFlexible hours
$175k - $250k per year
Location: Need to be able to work EST timezone. Remote | Full-time Compensation: $175K - $250K We are hiring on behalf of our client who... ...data for recruitment purposes only. This information is managed securely in accordance with MLabs Ltd’s Privacy Policy and Information...Remote workFull timeImmediate startShift work$80k - $100k per year
...creations across multiple genres. In 2022, we announced that our studio is implementing a four-day work week as well as supporting in-studio, remote within Canada, and hybrid work arrangements as permanent options to our employees. Do you love it when a plan comes together? Are you...Remote workLong term contractPermanent employmentTemporary work- ...initial mandate Hours per day or Week: 7.25 hours per day Security Level: No Clearance Required Must haves: Proven experience... ...teams, the specialist will ensure middleware platforms are secure, stable, and aligned with business and technical requirements....Remote workHourly pay
- Who we are: In 1996, Farmers Depot was established and has grown to be the complete animal health and equipment supplier for livestock producers across Canada providing thousands of quality animal health products at a competitive price with next day delivery, and product support...Remote workPermanent employmentFull timeInternshipLive outWork from homeNight shift
- ...across all functions. You will employ best practices in development, security, accessibility, and design to achieve the highest quality of... ..., team offsites and working hubs, and socials (yes, even remotely!) We invest in our team members, with L&D budgets and RRSP/401K...Remote workFull timeFlexible hours
- ...platforms. We take care of our people ~4.5 days of work per week, year-round. (Friday pm off); ~ Truly flexible working: 100% remote (for residents of the province of Quebec), hybrid or 100% in person, the choice is yours; ~ Up to 7 weeks vacation per year, sick...Remote workFlexible hours
$20 per hour
VIBRANT Marketing Inc. est une firme spécialisée de marketing commercial qui bâtit et dynamise des marques depuis 2006. Notre collectif engagé dispose d’une couverture nord-américaine tout en déployant une expertise robuste au niveau de : la vente, le marchandisage et la distribution...Remote workFull timeContract workSummer workMonday to fridayDay shift$145 per day
...dependent) Requirements: • 6-years of winter driving experience • Monday to Friday both AM and PM availability • Responsible for finding a secure parking space for the small school bus at or near your home • Hold a valid Class 5 (non-GDL) Alberta driver’s licence or higher •...Remote workHourly payWeekly payPart timeSummer workMonday to fridayShift workAfternoon shift$209.2k - $313.8k per year
...de contrôle. • Développer et affiner les objectifs d’apprentissage qui s’harmonisent sur les paramètres de conduite du monde réel : sécurité, confort, conformité et efficacité. • Construire des pipelines évolutifs pour l’apprentissage multitâche et multimodal, en tirant parti...Remote workFull timeApprenticeshipWork at office- ...demonstrate creativity, a day-to-day ability to think outside the box, and an ability to work collaboratively and dependably with others in a remote setting. As StackAdapt is a Remote First company, you will work as part of a highly collaborative remote global Legal team. This is...Remote workContract workWork from homeHome office
- Starlink Aviation is seeking a Flight Coordinator (100% remote) associated with charter flight operations (Canadian Aviation Regulations CAR 703 & 704), private business aircraft operations (Canadian Aviation Regulations CAR 604) for multiple clients, as well as air ambulance...Remote workWork at officeRotating shift
- ...communication skills in English. • Proactive problem-solving skills and a solutions-oriented mindset. • Capable of working collaboratively in a remote team environment. • Ability to efficiently organize and prioritize work across multiple tasks. We Offer • A fun and collaborative...Remote workContract workFlexible hours
$60k - $85k per year
...We Love Working Here: • Competitive compensation and comprehensive benefits. • Investment in training and mentoring opportunities. • Remote work opportunities combined with frequent team-building activities. • Regular office shut-down days for extended long weekends and holidays...Remote workFull timeFor contractorsFreelanceWork at officeWeekend work$30 per hour
Nous recherchons un(e) Conseiller(ère) en orientation pour notre client, une firme spécialisée en gestion des ressources humaines, en transition de carrière, en évaluation psychométrique et en coordination de comités de reclassement mis sur pied lors de licenciements ...Remote workPermanent employmentContract workWork at officeDay shift- Description de l'entreprise Chez Point S, Distribution Stox et RSSW, la logistique et la distribution sont au cœur de nos activités en tant que distributeur de pneus et roues canadiens et nous avons comme vision d’être le distributeur de pneus le plus efficace et performant....Remote workWork at officeWork from homeFlexible hours
- Company Description Work with Us. Change the World. At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted...Remote workFull timeWork at officeLocal areaWorldwideRelocation packageFlexible hours
- ...work in a collaborative and innovative environment. • Professional growth and development opportunities. • Flexible working hours and remote work options. • Equity options for high performers. How to Apply: Please apply online or submit your resume and a cover letter detailing...Remote workWork at officeImmediate startFlexible hours
$4000 - $7500 per month
Employment Type: Full-Time or Part-Time Compensation: Base + Commission Schedule: Monday-Friday | 8AM-3PM About Us Client is a digital marketing agency headquartered in Costa Mesa, California. We help a wide range of businesses grow through results-driven online strategies. ...Remote workFull timePart timeMonday to friday- Tu veux jouer un rôle stratégique dans une entreprise québécoise en forte croissance ? Tu carbures aux défis, aux chiffres, et tu sais garder une vision d’ensemble tout en assurant l’exécution au quotidien ? Ce poste est fait pour toi. Pourquoi ce rôle est stimulant Tu seras...Remote workDaily paidPermanent employment
- ...multi-disciplinary team of thought leaders to provide organizational and project-based consulting services. Location: Calgary, Alberta (Remote) • Travel Required: Yes • Work Schedule: Monday - Friday with some evenings and weekends • Salary or Hourly: Salary • Management Role:...Remote workHourly payMonday to fridayAfternoon shift
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Remote Penetration Tester - Offensive Security. Be the first to apply!
Related searches
- teletravail informatique Blainville, QC
- remote english speaking Blainville, QC
- remote post production coordinator Blainville, QC
- remote manager Blainville, QC
- salesforce remote Blainville, QC
- java developer remote Blainville, QC
- health coach remote Blainville, QC
- assistante teletravail Blainville, QC
- remote executive assistant Blainville, QC
- remote personal assistant Blainville, QC
