Cyber Security Specialist

About Freightcom:

Founded in 2010, Freightcom started with a Simple Vision: to create a solution that centralizes & simplifies the shipping process for small-and-medium sized Canadian businesses without compromising on speed, convenience, and cost-effectiveness.

In that time, we’ve grown to become the leading shipping solution in Canada, expanding our operations worldwide.

We are growing again! Freightcom is looking for highly motivated Cyber Security Specialist who is ready to contribute his experience in the logistics/shipping industry. We have great compensation programs and lots of room to grow.

Responsibilities may include:

Primary Focus:

• Défense, governance, risk, compliance, and ensuring overall protection of IT infrastructure.
• Offensive testing of systems and applications to uncover vulnerabilities before malicious actors do.
• Lead advanced, persistent, and realistic attack simulations to test organizational resilience.

Responsibilities

• Design, implement, and manage security policies, procedures, and standards aligned with frameworks (ISO 27001, NIST, SOC2, PCI DSS, GDPR, HIPAA, etc.).
• Conduct security risk assessments and gap analyses across networks, systems, applications, and cloud environments.
• Implement and manage security tools such as firewalls, IDS/IPS, SIEM, endpoint security, and vulnerability management platforms.
• Monitor network and system logs for anomalies, intrusion attempts, and malicious activity.
• Perform incident detection, response, containment, and forensic analysis during security events.
• Oversee identity and access management (IAM), least-privilege models, and zero-trust implementations.
• Conduct employee security awareness training, phishing simulations, and policy enforcement.
• Ensure secure system configurations, patch management, and hardening of servers, databases, and applications.
• Collaborate with compliance, audit, and IT teams to maintain certification and regulatory adherence.
• Report on security posture and threat trends to senior management and recommend mitigation measures.
• Perform penetration testing on web applications, networks, APIs, mobile apps, and cloud environments.
• Identify and exploit security weaknesses (misconfigurations, unpatched systems, weak authentication, etc.).
• Develop and use custom scripts, exploits, and tools to validate vulnerabilities.
• Conduct social engineering tests such as phishing, vishing, and physical intrusion attempts.
• Document findings in detailed reports with proof-of-concept (PoC) exploits, risk ratings, and remediation guidance.
• Collaborate with blue teams to verify fixes and ensure vulnerabilities are remediated.
• Stay updated on the latest exploits, malware trends, and offensive security tools.
• Work within the legal and ethical guidelines of responsible disclosure and organizational approval.
• Support purple team exercises to align offensive findings with defensive improvements.
• Design and lead full-scale red team campaigns simulating real-world threat actors (APT groups, insider threats, nation-state tactics).
• Develop long-term attack scenarios covering initial access, lateral movement, privilege escalation, persistence, and data exfiltration.
• Oversee a team of ethical hackers and penetration testers to execute coordinated adversary emulations.
• Use MITRE ATT&CK and threat intelligence to map realistic attacker techniques and procedures.
• Ensure stealthy execution of attacks to test blue team’s detection, response, and resilience capabilities.
• Assess and report on the effectiveness of incident response, SOC monitoring, and forensic readiness.
• Create post-engagement reports highlighting attack paths, dwell times, missed detection opportunities, and lessons learned.
• Work with CISOs and security leadership to improve threat-hunting capabilities, detection engineering, and playbook development.
• Mentor junior red team members in advanced offensive tradecraft.
• Continuously refine red team methodology and adopt new TTPs from evolving adversaries.

Certifications Required

Governance - Any Three (3)

Practical (hands-on) - Any Four (4)

Job Type: Full-time

Pay: $60,000.00-$90,000.00 per year

Ability to commute/relocate:

• Bolton, ON: reliably commute or plan to relocate before starting work (preferred)

Application question(s):

• Additional skills Required - Analytical Thinking , Problem-Solving, Attention to Detail, Communication Skills, Collaboration, Adaptability & Continuous Learning, Ethical Mindset

Experience:

• AWS: 2 years (required)
• Cybersecurity: 5 years (required)
• Team management: 2 years (preferred)
• Incident management: 3 years (preferred)
• Networking & System Administration: 2 years (required)
• Computer forensics: 3 years (required)
• Cybersecurity Tools & Technologies: 5 years (preferred)
• Cryptography: 2 years (preferred)
• Incident Detection & Response: 2 years (preferred)
• Cloud Security: 2 years (required)
• Application Security: 5 years (required)
• Risk Management & Compliance: 4 years (preferred)

Work Location: In person