IT Security VA Specialist

Job Responsibility: Title IT Security VA Specialist Location Ottawa, ON (On Site) Start Date 08-01-2025 Language English Salary Negotiable Security Clearance Top Secret Duration 24+ Months Date Posted 05-23-2025 Job ID 13788-4 Recruiter Email View email address on ca.edajobs.com Maplesoft Group is currently seeking an IT Security VA Specialist for our Federal Government client. Tasks and Responsibilities include, but are not limited to the following: 1 Undertake engagements that may perform penetration testing against a system of networked devices; 2 Undertake engagements that may perform penetration testing against a single device including the assessment of Operating Systems and Firmware; 3 Undertake engagements that may perform reverse engineering and penetration testing against a single endpoint application; 4 Undertake engagements that may perform penetration testing against hosted web applications or embedded device applications; 5 Undertake engagements that may perform penetration testing against wireless systems or devices such as WiFi or Bluetooth; 6 Undertake engagements that may perform penetration testing that focuses on identifying and validating vulnerabilities associated with physical security as well as employee's ability to follow documented policies, procedures and best practices; 7 Undertake engagements that may perform Vulnerability Assessments (VA) using a wide variety of tools; 8 Use network discovery and scanning tools to perform port and service scanning, service enumeration and vulnerability scanning; 9 Attempt to exploit any discovered vulnerabilities. This may include attempts to guess or crack passwords or to gain access to encrypted information using tactics such as private key theft and cryptographic downgrade attacks; 10 Perform Application Assessments or Web Application Assessments as required; 11 Execute the agreed upon misuse cases against the System under Test (SUT) in order to study its behaviour to uncover weaknesses and attempt to exploit those weaknesses in order to gain unauthorized access to information system and assets; 12 Produce a Security Engineering Validation (SEV) report that enumerates all findings discovered as part of the assessment. Each finding includes a description of the vulnerability, the technical impact of the vulnerability if exploited, the probability that a sufficiently skilled threat actor could exploit the vulnerability, as well as recommendations expressed as additional security controls that could mitigate the vulnerability. Lastly, provide a severity rating for each finding based on the above information; 13 Provide a briefing to the client to discuss the findings including the recommended mitigations; 14 Provide security advice from an offensive perspective; conduct security related research; maintain a penetration testing lab environment for the development of customized penetration testing tools and capabilities; and perform offensive security demonstrations; 15 Remain abreast of newly disclosed vulnerabilities and assess the potential impact on the department's information systems. This may include analysing exploit code, including proof-of-concept code, to develop a better understanding of the vulnerability and the conditions by which the vulnerability may be exploited; 16 Provide assistance to the client as well as other Cyber related units; 17 Design and develop opposing force attack scenarios for Cyber Training exercises such as the FVEYs Cyber Flag, Cyber Exercise (CyberX) and CFCOSO initiatives; 18 Provide end-of-day as well as end-of-exercise briefings to training exercise participants to ensure participants achieve maximum benefit; 19 Develop penetration testing tutorials for use as training materials for Cyber related units; 20 Assess existing offensive security tool set and make recommendations to improve and modernize the tool set; 21 Integrate client content into in-house developed “Capture the Flag” (CTF) cyber testing scenarios; 22 Develop, implement, and maintain solutions in accordance the Cyber security business requirements and Cyber Security Reference Architecture; 23 Identify gaps in the existing CSTE capability, services, technologies, capabilities and tools; 24 Design and implement CTF and training exercises with Industrial Control System (ICS) content; and 25 Design and implement CTF and training exercises with web application penetration testing content Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people. Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees. Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans' status, Aboriginal peoples or any other legally protected factors. All employment decisions are made based on business needs, job requirements, and individual qualifications. We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at View email address on ca.edajobs.com. We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.