View all jobs
Pentest Consultant - Senior (Web & Mobile)
Laval, QuébecJob Description
Reporting to the Director of Penetration Testing, and as a key member of the Pentesting team, the Web and Mobile Application Security Penetration Testing Consultant will be involved in assessing application security through advanced penetration testing and code reviews. This role requires deep technical expertise in application vulnerabilities, strong analytical skills, and precision in writing deliverables.
Key Responsibilities
Web & Mobile Penetration Testing
Knowledge, Qualifications, and Experience
Technical Knowledge
Benefits and Conditions
Benefits
Reporting to the Director of Penetration Testing, and as a key member of the Pentesting team, the Web and Mobile Application Security Penetration Testing Consultant will be involved in assessing application security through advanced penetration testing and code reviews. This role requires deep technical expertise in application vulnerabilities, strong analytical skills, and precision in writing deliverables.
Key Responsibilities
Web & Mobile Penetration Testing
- Perform advanced penetration tests on Web applications (front-end, back-end, APIs) and mobile applications (iOS, Android);
- Identify and exploit vulnerabilities following OWASP standards (Web Top 10, MASVS/MSTG);
- Use specialized tools such as Burp Suite, MobSF, Frida, adb, etc.;
- Conduct dynamic, static, and logical analyses of targeted applications;
- Provide concrete, tailored recommendations for client applications.
Secure Code Review
- Analyze source code to identify security flaws and risky behaviors;
- Collaborate with developers to explain vulnerabilities and best remediation practices;
- Apply a contextual approach (business logic + code understanding) to enhance audit coverage.
Documentation & Collaboration
- Write clear, structured, and educational reports intended for both technical and non-technical audiences;
- Contribute to the continuous improvement of testing methodologies;
- Actively monitor emerging threats, tools, and attack techniques.
Knowledge, Qualifications, and Experience
Technical Knowledge
- Advanced expertise in Web application security (authentication, access control, injection, business logic, etc.);
- Ability to chain multiple vulnerabilities to demonstrate attack paths;
- Solid knowledge of mobile application security (reverse engineering, root/jailbreak detection, obfuscation bypass, etc.);
- Proficiency with application testing tools: Burp Suite, MobSF, Frida, etc.;
- Experience with static code analysis tools and rule creation: Semgrep;
- Strong skills in code analysis and understanding of secure development models;
- Proficiency in at least one programming language (e.g., Python, JavaScript, Java, C#) and its web frameworks.
Qualifications
- Degree in Computer Science, Cybersecurity, or a related field.
Certifications
- Burp Suite Certified Practitioner (BSCP)
- Offensive Security Web Expert (OSWE)
Experience
- Minimum of 3 years of experience in Web and/or Mobile penetration testing;
- Experience in coordinating specialized teams (an asset).
Benefits and Conditions
Benefits
- Competitive salary;
- Comprehensive group insurance plan;
- Retirement plan;
- Exceptional training programs and career development opportunities;
- Hybrid remote work model.
Conditions
- Bilingualism in written and spoken communication (interactions with clients/partners across Canada).
Carrières OKIOK
Gestionnaire des ressources humaines
450 681-1681
carrieres@okiok.com
Gestionnaire des ressources humaines
450 681-1681
carrieres@okiok.com