Maplesoft Group is currently seeking an IT Security VA Specialist for our Federal Government client.

Tasks and Responsibilities include, but are not limited to the following:
 
1 Undertake engagements that may perform penetration testing against a system of 
networked devices;
2 Undertake engagements that may perform penetration testing against a single device 
including the assessment of Operating Systems and Firmware;
3 Undertake engagements that may perform reverse engineering and penetration testing 
against a single endpoint application;
4 Undertake engagements that may perform penetration testing against hosted web 
applications or embedded device applications;
5 Undertake engagements that may perform penetration testing against wireless systems or 
devices such as WiFi or Bluetooth;
6 Undertake engagements that may perform penetration testing that focuses on identifying 
and validating vulnerabilities associated with physical security as well as employee’s ability 
to follow documented policies, procedures and best practices;
7 Undertake engagements that may perform Vulnerability Assessments (VA) using a wide 
variety of tools;
8 Use network discovery and scanning tools to perform port and service scanning, service 
enumeration and vulnerability scanning;
9 Attempt to exploit any discovered vulnerabilities. This may include attempts to guess or 
crack passwords or to gain access to encrypted information using tactics such as private 
key theft and cryptographic downgrade attacks;
10 Perform Application Assessments or Web Application Assessments as required;
11 Execute the agreed upon misuse cases against the System under Test (SUT) in order to 
study its behaviour to uncover weaknesses and attempt to exploit those weaknesses in 
order to gain unauthorized access to information system and assets;
12 Produce a Security Engineering Validation (SEV) report that enumerates all findings 
discovered as part of the assessment. Each finding includes a description of the 
vulnerability, the technical impact of the vulnerability if exploited, the probability that a 
sufficiently skilled threat actor could exploit the vulnerability, as well as recommendations 
expressed as additional security controls that could mitigate the vulnerability. Lastly, 
provide a severity rating for each finding based on the above information;
13 Provide a briefing to the client to discuss the findings including the recommended 
mitigations;
14 Provide security advice from an offensive perspective; conduct security related research; 
maintain a penetration testing lab environment for the development of customized 
penetration testing tools and capabilities; and perform offensive security demonstrations;
15 Remain abreast of newly disclosed vulnerabilities and assess the potential impact on the 
department’s information systems. This may include analysing exploit code, including 
proof-of-concept code, to develop a better understanding of the vulnerability and the 
conditions by which the vulnerability may be exploited;
16 Provide assistance to the client as well as other Cyber related units;
17 Design and develop opposing force attack scenarios for Cyber Training exercises such as 
the FVEYs Cyber Flag, Cyber Exercise (CyberX) and CFCOSO initiatives;
18 Provide end-of-day as well as end-of-exercise briefings to training exercise participants to 
ensure participants achieve maximum benefit;
19 Develop penetration testing tutorials for use as training materials for Cyber related units;
20 Assess existing offensive security tool set and make recommendations to improve and 
modernize the tool set;
21 Integrate client content into in-house developed “Capture the Flag” (CTF) cyber 
testing scenarios;
22 Develop, implement, and maintain solutions in accordance the Cyber security business 
requirements and Cyber Security Reference Architecture;
23 Identify gaps in the existing CSTE capability, services, technologies, capabilities and tools;
24 Design and implement CTF and training exercises with Industrial Control System (ICS) 
content; and
25 Design and implement CTF and training exercises with web application penetration testing 
content



Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people.  Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors. 

All employment decisions are made based on business needs, job requirements, and individual qualifications. 

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.