Share this Job
Requisition Number:  7936
Position Type:  Permanent
Position Length:  Indeterminate

Various locations, ON, CA

Remote Work:  Yes, within Canada
Closing Date:  May 31, 2022 23:59 EST

Diversity and Inclusion
We strive to make our policies, programs and workplace more inclusive, respectful and barrier-free. We encourage applications from women, Indigenous peoples, veterans, persons with disabilities, members of visible minorities and persons of all races, ethnic origins, religions, abilities, sexual orientations, and gender identities and expressions.

We make career growth and professional development a priority. We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce.

Let our team know if you need accommodation or support during the recruitment process due to a disability or other reason. We can provide support in multiple ways, from using this site and submitting your application, right through to the interview process. If you are the successful candidate, you can also discuss accommodation needs when you receive your offer.

Contact to discuss how.

Cyber Penetration Tester (Remote - Canada)

Take a central role
The Bank of Canada has a vision to be “a leading central bank—dynamic, engaged and trusted—committed to a better Canada.” No other employer in the country offers you the unique opportunity to work at the very center of Canada’s economy, in a diverse and inclusive organization with significant impact on the economic and financial well-being of all Canadians. You will be challenged, energized and motivated to excel in an environment where we are reinventing central banking, renewing ways of doing business and reinforcing a culture of innovation.


From the pension plan, to the benefits, and our high flexibility for work life balance - find out more about why the Bank of Canada is annually ranked as one of Canada's top employers:  Working Here - Bank of Canada


The Team:

With the ability to work anywhere in Canada, you will have the unique opportunity to join an innovative & collaborative team with the mission to truly “Break the Bank”. The team is tasked with creating real life threats, finding exploits, and coming up with solutions to keep Canada’s financial systems, applications, and overall economy safe, and secure. Lead by the Assistant Director of Cyber Security Assurance, we work as a team to help shape the future of IT security at Canada’s Central Bank!


Further – you will be provided with the autonomy to make decisions along with the opportunity to use innovative Enterprise Cyber Security tools and consistently learn as technology in the industry evolves. You will also have the full support of your leader and team to learn, grow, and further your Cyber career through the Bank’s customizable Learning & Development programs across various Cyber domains including tools, frameworks, and certifications.


What you will do 

You will play a central role in testing solutions that will strengthen the banking system for financial institutions in Canada. This includes performing vulnerability and penetration testing for new IT solutions and consulting on projects to ensure that IT security standards are met.


More specifically, you will:

  • Identify vulnerabilities on the target environments, measure criticality and potential impact
  • Answer the question “what could happen if someone exploits this vulnerability to break in?”
  • Research and develop new methods to discover and test vulnerabilities in IT systems.
  • Perform hands-on testing using real-world attack techniques, build exploitation Proof of Concepts, dive deep into technology assessments and propose solutions to newly discovered security flaws.
  • Utilize your experience to work through a hypothetical threat model to better understand potential paths of exploitation or risks inherent to systems
  • Collaborate with and educate solution architects, solutions integrators, principal consultants, project managers, system administrators and network specialists in operational teams
  • Review changes in the IT environment to protect against new security risks and develop plans to safeguard critical business data against accidental or unauthorized modification, destruction or disclosure.


What you need to succeed

You are resourceful and an innovative problem solver who can utilize common tools (Metasploit, CANVAS, Burp suite, nmap, venom etc..) along with any other resources to find exploits and build solutions. You are also a superb communicator (both oral and written), and an outstanding teammate willing to collaborate in a team environment.


In addition, you have:

  • The ability to gather and understand the functionality of tools, applications, and solutions where vulnerabilities can be exploited
  • Demonstrated experience in any of the following areas:
    • Cyber security frameworks (e.g., MITRE ATT&ACK, CIS, CSC, NIST SP 800-53, HTRA)
    • Security testing methodologies (e.g. OWASP - WSTG, OSSTM, PTES)
    • Secure system development methodologies. (e.g., AppSec, DevSecOps)
    • Security Code Review
  • Familiarity with security risk assessment methodologies and reporting (CSEC-RCMP, HTRA, etc..)
  • Experience with risk assessment and knowledge of penetration testing and vulnerability assessment strategies as well as web application security and code review


Nice-to-have Skills:

  • Experience in Purple Team exercises and/or Red Team exercises
  • Relevant certifications (OSCP, OSCE, OSWE, GSSP-Java, GSSP-.NET, GPEN, GWAPT or equivalent)
  • Previous experience working in a financial, banking, and/or payments environment


Your education and experience

Any relevant combination of education and experience which demonstrate that you have the experience, skills and/or are effective at learning and applying new skills will be considered


What you need to know

  • Language requirement: English or French essential
  • Priority will be given to Canadian citizens and permanent residents
  • Security level required: Be eligible to obtain Secret 
  • Please save a copy of the job poster. Once the closing date has passed, it will no longer be available.
  • In response to the COVID-19 pandemic and further to public health guidelines, preventative measures are being taken to ensure health and safety during the recruitment process. All interviews are conducted virtually.  
  • The official title for this position is “Senior IT Security Assessment Specialist ” 


Remote work #LI-Remote#LI-Remote

The Bank is conducting a trial of a hybrid working model which provides employees with the flexibility to telework for significant portions of each month.   For this position, you will be able to work 100% remote (within Canada)


Vaccination Policy  #LI-Remote

In response to the COVID-19 pandemic that was declared by the World Health Organization, the mandates issued by the federal government, and the direction provided by public health authorities, the Bank of Canada requires all new employees to be fully vaccinated prior to their start date. 


Selected candidates will be asked to provide proof of vaccination status at the reference stage. Candidates who are unable to be vaccinated against COVID-19 and require an accommodation for a legitimate medical, religious or other human rights-based grounds will follow a seperate process. 


Covid-19 Authorized Vaccines in Canada


We wish to thank all applicants for their interest and effort in applying for this position. Only candidates selected for interviews will be contacted.


What you can expect from us
This is a great opportunity to join a leading organization and be part of a high-performing team. We offer a competitive compensation and benefits package designed to meet your needs at every stage of your life and career. For more information on key benefits please visit A great deal to consider


  • Salaries are based on qualifications and experience and typically range from $86,780 to $108,465 (job grade 17)
  • Depending on performance, you may be eligible for performance pay for successfully meeting (7 to 10% of your base salary) or for exceeding expectations (15% of your base salary). Exceptional performers who far exceed expectations may be eligible for higher performance pay.
  • Flexible and comprehensive benefits so you can choose the level of health, dental disability and life and/or accident insurance coverage that meets your needs
  • Extra vacation days (up to five each year) that you can purchase to add to your vacation entitlement
  • Indexed, defined-benefit pension #LI-POST