<< Back to all jobs
Database Penetration Tester
| 2025-03-24 05:52:26
Apply Now

Summary:

Join our team as a Senior Database Penetration Tester to lead security assessments across relational and NoSQL databases, including Oracle, MySQL, PostgreSQL, and MongoDB. You’ll identify vulnerabilities such as SQL injection, privilege escalation risks, and misconfigured access controls, while conducting hardening assessments and recommending security controls. This role requires hands-on expertise in tools like SQLmap and Guardium, and a deep understanding of database encryption, RBAC, and auditing. Working in a hybrid model (3 days onsite/2 days remote), you’ll collaborate with teams to secure on-prem and cloud-based databases. Ideal for professionals with 10+ years in database security testing and Government “Secret – Level II” clearance.

 

Key Responsibilities:

Conduct penetration testing on relational and NoSQL databases (Oracle, MySQL, MSSQL, PostgreSQL, MongoDB, etc.).

Identify SQL injection vulnerabilities, privilege escalation risks, and misconfigured access controls.

Perform database hardening assessments and recommend security controls.

Assess database encryption, authentication mechanisms, and stored procedures.

Provide remediation strategies for database security threats.

 

Required Qualifications

Security Clearance: Government of Canada "Secret – Level II"

 

Experience:

10+ years in database security testing.

Experience leading/executing External Network- level Penetration Testing

Experience leading/executing Internal Network-level Penetration Testing

Experience leading/executing Application-level Penetration testing

Experience leading/executing PCI-DSS compliance penetration tests

Experience developing test plans

Experience leading/executing penetration tests in an Operational Technology (OT) environment

Experience leading penetration tests in Supervisory Control and Data Acquisition (SCADA environment

Experience conducting penetration tests in a Program Logic Control (PLC) environment

 

Certifications (any of the following or equivalent):

OSSTMM Professional Security Tester (OPST)

GIAC Penetration Tester (GPEN)

Offensive Security Certified Professional (OSCP)

 

Technical Skills:

Hands-on experience with SQLmap, DBShield, and Guardium.

Expertise in database encryption, RBAC, and auditing.

Familiarity with cloud-based databases (RDS, CosmosDB, DynamoDB, etc.).