Senior Associate – Cybersecurity

You know those big cities that still feel like small towns? Where everyone’s friendly and helps each other out? That’s like Grant Thornton. Except here we’re all professionals and there isn’t a mayor or a general store. What we’re trying to say is that we’re a large and growing professional services firm that still feels like a community. We employ over 2500 people across Canada, and we truly care about our colleagues, our clients and the communities where we work and live. That’s what’s most important to us. We’re building a thriving organization that’s purpose-driven and still want to remember what your favourite milkshake flavour is.

As a Senior Associate, your duties and responsibilities include:

Client Responsibilities

  • Consistently deliver quality client services. monitor progress, manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Stay abreast of current business and industry trends relevant to the client’s business;
  • Demonstrate in-depth technical capabilities and professional knowledge. Demonstrate ability to learn and apply what you’ve learned;
  • Perform vulnerability assessments and penetration testing on web applications, mobile applications, APIs, wireless networks, etc.
  • Perform and document penetration test findings in accordance with industry best practices and frameworks

Colleague Responsibilities

  • Contribute to national team-related initiatives;
  • Maintain rapport and strong relationships with team members across Canada; and
  • Understand and follow workplace policies and procedures.

Be Grant Thornton

If you’re a bit like us, you’re driven to connect with how others are feeling and thinking. Here we walk in others’ shoes before taking action. Just imagine being part of a team that puts “we before me”, where flexibility is a mindset, and where you trust your colleagues to have your back. At Grant Thornton, you’ll work with inspiring leaders who support your development, both personally and professionally. This is a place where your insatiable curiosity enables you to think, see and hear from a variety of perspectives, a place where every day is different and having the courage to grow is part of who you are. And when all this comes together, well that’s when the magic happens!

Want to learn more about who we are and how we live our purple every day? Read our colleagues’ stories at

Think you’ve got what it takes to be a Senior Associate, Cybersecurity? Like the colour purple? Great. Here are a few more boxes we’re also hoping you can tick:

  • Bachelor’s degree in Information Systems, Computer Science, Computer Engineering, Engineering, Cyber Security or an equivalent combination of formal education and experience appropriate for the assigned duties;
  • Knowledge and 2-3 years of hands-on experience with key components of cybersecurity including penetration testing, red teaming, vulnerability management, malware development and exploitation, risk and compliance, security architecture, and privacy, would be an asset;
  • Have or willing to pursue one or more Industry recognized cybersecurity certifications, such as OSCP, OSCE, OSWP, OSWE, GWAPT, GPEN, GAWN, GICSP, or others;
  • Demonstrated hands-on experience in conducting infrastructure and application testing using tools such as those found on the Kali Linux platform (i.e. nmap, BurpSuite, etc.) and vulnerability assessment platforms (i.e. Nessus, Qualys, etc.)
  • Demonstrated hands-on experience in developing custom tooling that remains undetected by enterprise endpoint protection as well as C2 platforms such as Cobalt Strike.
  • Experience with PowerShell, Python and other related scripting languages.
  • Experience with performing manual and automated OSINT collection and organizing findings
  • Strong knowledge of modern offensive security tools and frameworks, such as Metasploit, PowerShell Empire, Bloodhound, Impacket, Mimikatz, etc.
  • Although not a requirement, demonstrated hands-on experience in conducting application security assessments and audits using Static Code Analysis and Dynamic code analysis with tools such as Checkmarx, Fortify, etc. would be a plus
  • Excellent written and verbal communication and experience writing assessment reports

At Grant Thornton, we’re focused on making a difference in the lives of our clients, our colleagues and our communities. That’s our purpose. Or, as we like to say, living our purple.