Share this Job
Apply now »
ID:  119817

Montreal Qc, CA

Application Security Penetration Tester


CMA CGM Group, founded by Jacques R. Saadé, is a leading worldwide shipping & logistics group.

Now headed by Rodolphe Saadé, CMA CGM reinvents transport and logistics in order to offer an integrated maritime, port and land service that exceeds its customers' expectations. 

Present in over 160 countries through 755 offices, 750 warehouses, equipped with a young and diverse fleet of 511 vessels, CMA CGM serves 420 of the world's 521 commercial ports and operates on more then 200 shipping lines. The group currently employs 110,000 people worldwide, including nearly 2,400 in its headquarters in Marseilles.




The Application Security Penetration Tester role will be in charge of delivering penetration to improve the software security of the CMA CGM group.

Reporting to the Group Application Security Manager, this role will be a deep technical security expert, able to validate the proper security implementation of CMA applications.  




  • Deliver all kind of Applications penetration tests
    • Web Applications
    • APIs
    • Mobile Applications
    • Thick client applications
  • Deliver infrastructure penetration tests
    • Internal
    • External
    • Cloud
  • Perform external reconnaissance / OSINT
  • Compromise modern infrastructures (containerized, microservices…)
  • Avoid AV & EDR detection, WAF bypass
  • Provide technical expertise and understanding to other services (SOC/Forensic…)
  • Analyze external providers penetration test reports
  • Provide recommendations / Mitigations to remediate or mitigate vulnerabilities
  • Coordinate with various IT and business teams to prepare and organize penetration tests




  • Education: 
    • Bachelor or Master degree in Computer Science, Information Technology or relevant degree
    • OSCP/OSWE/OSCE/GPEN/GXPN or any other relevant certification


  • Knowledge & Experience:  
  • Excellent knowledge of Owasp Top10, CWE…
  • Excellent understanding of micro-services architectures & APIs
  • Knowledge and proven experience with modern containerized infrastructures (Kubernetes)
  • Proven Penetration tester experience
  • Use of various tools such as Burp Suite, Zap, Kali distribution…
  • Network skills (routing, encapsulation, VPN, firewalling, DNS…)
  • Other:
    • The ability to interact with CMA CGM colleagues, build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels. Change management skills an asset
    • Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
    • Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams.
    • Highly self motivated and directed, with keen attention to detail.
    • Planning, organization and coordination skills
    • Ability to properly manage time and priorities
    • Leadership, team spirit, creativity, rigor and quality
    • Customer-oriented approach
    • Fluent English mandatory, French optional

Come along on CMA CGM’s adventure !











Apply now »