Senior Offensive Security Advisor

As a Senior Offensive Security Advisor, you contribute to identifying, analyzing, and remediating threats targeting the organization's exposed systems. You conduct advanced penetration tests, code reviews, threat modeling, and various offensive security activities. Your role goes beyond simply producing reports: you collaborate actively with security and infrastructure teams to understand the root causes of vulnerabilities, recommend practical solutions, and assist in their implementation. You will have access to a diverse scope, cutting‑edge offensive tools, and the opportunity for continuous testing to strengthen the organization's overall cybersecurity posture. More specifically, you will be required to:

• Plan and execute offensive assessments: penetration tests, threat modeling, and targeted technical analyses.

• Detect, analyze, and prioritize vulnerabilities, then support teams in applying concrete fixes.

• Collaborate closely with IT and security teams to understand root causes and deploy prevention and detection mechanisms.

• Produce clear, actionable reports including observations, technical evidence, and prioritized recommendations.

• Explore, map, and maintain visibility over exposed assets while continuously monitoring the external perimeter.

• Explain threats, present risks, and lead technical workshops to support decision‑making.

• Design and improve innovative offensive methods, tools, and approaches.

• Manage your mandates autonomously, including planning, prioritization, and coordination with stakeholders.

What we offer*

• Competitive salary and annual bonus

• 4 weeks of flexible vacation starting in the first year

• Defined benefit pension plan that provides predictable, stable income throughout retirement

• Group insurance including telemedicine

• Reimbursement of health and wellness expenses and telework equipment

* Benefits apply based on eligibility criteria.

What you bring to the table

• Bachelor's degree in IT or a related field

• A minimum of six years of relevant experience in information security, including three years in penetration testing (pentesting or Red Team)

• Please note that other combinations of qualifications and relevant experience may be considered

• Experience in threat modeling (STRIDE, OWASP) and visual flow representation

• Experience in manually identifying vulnerabilities and participating in bug bounty initiatives

• Advanced proficiency in French, both spoken and written

• Proficiency in source code and configuration analysis

• Deep knowledge of application and infrastructure exploitation concepts, as well as defense mechanisms (MITRE ATT&CK)

• Strong understanding of networks, identities, cloud, encryption, and application deployment

• Knowledge of standard methodologies (e.g., NIST 800‑115)

Trade Union (If applicable)

At Desjardins, we believe in equity, diversity and inclusion. We're committed to welcoming, respecting and valuing people for who they are as individuals, learning from their differences, embracing their uniqueness, and providing a positive workplace for all. At Desjardins, we have zero tolerance for discrimination of any kind. We believe our teams should reflect the diversity of the members, clients and communities we serve.

If there's something we can do to help make the recruitment process or the job you're applying for more accessible, let us know. We can provide accommodations at any stage in the recruitment process. Just ask

Job Family

Unposting Date