Share this Job

Please be advised that our Careers site will be unavailable from November 28 at 12am ET to November 29 12am ET for scheduled system maintenance.

Title:  Senior Penetration Tester (Ottawa Hub)




Requisition ID: 151665

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.


The Team

Scotiabank’s Cyber Security Red Team is responsible for delivery of offensive security services across Scotiabank globally, conducting annual & release penetration testing engagements, control effectiveness testing, purple team engagements, and security assessments through threat emulation, and adversarial means.


The role:

The Cyber Security Red Team (CSRT) is looking for a Senior Penetration Tester, with expertise in web and/or mobile application penetration testing to join our internal team. As a senior tester,  you will be working closely with our internal testing Service Advisory & Coordination team, to assess scope and level of effort based on identified areas of risk, and execute assigned engagements in alignment to common penetration testing industry frameworks.



Is this role right for you?

  • This role is ideal for experienced penetration testers who are looking to further develop their expertise and skills.
  • You enjoy working in a collaborative team, and sharing your ideas, perspective, and experience.
  • You have a natural curiosity for how things work, exploring unknowns, and unafraid to test perceived limitations.
  • You take initiative and dedicate time to continuing your education, practicing your craft, and honing your skills.
  • You adhere to strong morale and ethical standard
  • You have strong customer service skills


Do you have the skills that will enable you to succeed in this role?

Must Haves:

  • Candidates should have 3+ years of experience performing penetration tests
  • The ideal candidate has achieved multiple industry certifications, and at least one advanced level certifications (OSCP, OSWE, GWAN, OSWP, or equivalent).
  • Able to develop executive level  reports, write penetration testing reports and executive summaries with minimal error or edits
  • Ability to execute testing engagements against complex projects and systems
  • Experienced in developing custom tooling, leverage whitepapers and online resources to enhance testing
  • Possesses an in-depth understanding of testing methodologies, within their area of expertise. (ex OWASP Web & Mobile testing methodologies and OSSTMM, and the MITRE ATT&CK Framework.)
  • You possess strong communication (verbal/written/presentation) skills in English.


Nice to Haves:

  • You possess strong communication (verbal/written/presentation) skills in Spanish, as Scotiabank as a strong presence in Latin American Countries.


What's in it for you?

  • This position offers a hybrid work environment. You will have the opportunity to work from home for the majority of the time, however you will have the chance to visit our Ottawa hub location for key in-person moments.
  • Joining the Bank of Nova Scotia’s Cyber Security Red Team will enable you to rapidly accelerate your cyber career, by providing a wide range of opportunities and experiences to learn from:
    • Professional Training (ex SANS, Offensive Security, etc.)
    • Attend Industry Conferences
    • Experience testing a wide variety of technology, applications, and systems.
  • As an inhouse team member, you will have the opportunity to work in a diverse team, that encourages teamwork, and provides internal learning opportunities, time for knowledge sharing.
  • We offer a competitive total rewards package, including a performance bonus, company matching programs (pension & Employee Share Ownership), generous vacation; health/medical/wellness benefits; employee banking privileges.



Location(s):  Canada : Ontario : Ottawa 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Job Segment: Cyber Security, Testing, Technical Support, Investment Banking, Banking, Security, Technology, Finance