Lead defensive threat research on generative and agentic AI systems at RBC. Identify emerging threats and develop proof - of - concept exploits to enhance AI security.
About the role
- Manual Ethical Hacker assessing bank's applications to identify vulnerabilities and mitigate risks. Collaborate with partners to enhance security measures within the Cyber Security Assurance group.
Responsibilities
- Perform assigned analysis of internal and external threats on information systems and predict future threat behavior
- Incorporate threat actors' tactics, techniques, and procedures into offensive security testing
- Perform assessments of the security, effectiveness, and practicality of multiple technology systems
- Leverage innovative thinking to help solve problems or introduce new ideas to processes or products applicable to offensive security.
- Prepare and present detailed technical information for various media including documents, reports, and notifications
- Provide clear and practical advice regarding managed risks
- Learn and develop advanced technical and leadership skills, Mentor Junior assessors in technical tradecraft and soft skills
Requirements
- Minimum of 4 years of professional pentesting, application security or ethical hacking experience, preferably in a large, complex, enterprise environment
- Detailed technical knowledge in at least 3 of the following areas: security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services
- SQL injection/XSS attack without the use of tools
- Experience performing manual code reviews for security relevant issues
- Experience working with SAST tools to identify vulnerabilities
- Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, use scripting/coding techniques, proficiently execute common penetration testing tools, triage, and support incidents, and produce high value findings
- Experience performing manual web application assessments i.e., must be able to simulate a
- Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, Cookies)
- Experience with vulnerability assessment tools and penetration testing techniques
- Solid programming/debugging skills
- Experience of using a variety of tools, included, but not limited to, IBM AppScan, Burp and SQL Map
Benefits
- This role is currently benefits eligible.
- We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Entry - level role in information security at Applied Materials, managing technologies and assisting in compliance with security standards. Contributing to the development of awareness and training.
Staff Software Engineer designing and implementing identity, authentication, and authorization for agentic AI ecosystems at Walmart. Leading secure architecture and engineering excellence for non - human identities.
IT Consultant specializing in Security Engineering, working on national and international IT Security projects. Responsible for identifying security vulnerabilities and assisting customers' Security Management.
IT Info Security Specialist managing ERIE's information security program to protect digital assets. Collaborating with various teams to enforce security measures and resolve identity access issues.
CISA Auditor Cyber Security at an international bank, planning and conducting IT audit examinations, focusing on cyber threats. Requires IT auditing experience and a Master in Information Systems or Engineering.
Security Engineer responsible for managing cyber risk remediation measures at Tiime startup in Paris. Collaborating with product teams to ensure application security and risk evaluation.
Cybersecurity Engineer managing complex IT environments and providing support for clients. Involved in cloud, cybersecurity, and managed services within a dynamic startup environment.
Security Engineer ensuring compliance and managing security processes at Relax Gaming. Responsible for security operations, risk assessments, and developing secure systems.
Information Security Consultant at heyData supporting businesses in compliance with DORA and ISO 27001. Engaging with clients and enhancing security offerings in a dynamic startup environment.