At Synechron, we believe in the power of digital to transform businesses for the better. Our global consulting firm combines creativity and innovative technology to deliver industry-leading digital solutions. Synechron’s progressive technologies and optimization strategies span end-to-end Artificial Intelligence, Consulting, Digital, Cloud & DevOps, Data, and Software Engineering, servicing an array of noteworthy financial services and technology firms. Through research and development initiatives in our FinLabs we develop solutions for modernization, from Artificial Intelligence and Blockchain to Data Science models, Digital Underwriting, mobile‑first applications and more. Over the last 20+ years, our company has been honored with multiple employer awards, recognizing our commitment to our talented teams. With top clients to boast about, Synechron has a global workforce of 16,850+, and has 60 offices in 20 countries within key global markets.You’ll bring deep offensive security expertise to the agentic AI vulnerability program. You’ll determine what’s truly exploitable, identify how vulnerabilities chain into real attacks, and validate that AI‑generated fixes close the actual root cause — not just suppress scanner alerts. Your offensive analysis, exploit chain reasoning, and false positive judgment will be channeled into AI agents through prompts, evaluation criteria, and workflows that scale your expertise across the bank. You’ll work alongside the vulnerability management team and AI capability suppliers, contributing the deep offensive perspective the program needs.Additional InformationThe base salary for this position will vary based on geography and other factors. In accordance with law, the base salary for this role if filled within Toronto, ON is CAD $130K - CAD $140K/year & benefits (see below).The Role ResponsibilitiesLead exploitability assessment and false positive analysis across SAST, DAST, SCA, IAST, container, and infrastructure findings — and translate that analysis into reusable AI agent prompts and skills.Identify exploit chains across vulnerability classes that traditional scanners miss and encode the reasoning into agent workflows so the capability scales.Validate that AI‑generated fixes close exploitable conditions, and feed validation patterns back into agent evaluation frameworks.Develop offensive prompts, attack scenarios, and evaluation criteria that the agentic AI capability uses to assess findings autonomously.Translate offensive insights into prioritization signals and remediation guidance for VM and engineering teams, delivered through AI‑driven workflows.Requirements10+ years in offensive security with hands‑on exploit development, red teaming, and penetration testing.At least one of the following certifications: OSCP, OSCE, OSEP, OSWE, GXPN, or GWAPT.Demonstrated ability to identify and validate exploit chains across vulnerability classes.Deep fluency in vulnerability classes including memory safety, injection, authentication and authorization flaws, deserialization, race conditions, and supply chain attacks — with real exploitation experience, not just theory.Hands‑on experience with application security testing tools (SAST, DAST, SCA, IAST), specifically around false positive analysis and exploitability validation.Preferred skillsPublic evidence of offensive capability: published CVEs, conference talks (DEF CON, Black Hat, OffensiveCon, Recon), CTF placements, bug bounty track record, or open‑source offensive tooling contributions.Software engineering experience and contributions to production codebases.Defensive engineering experience building detection and remediation capabilities.Working familiarity with frontier LLMs and agentic AI tools applied to security analysis.Modern CI/CD and container platform knowledge (Docker, Kubernetes, GitHub Actions, Jenkins).Financial services or regulated industry experience with exposure to SOX, SOC1, and audit.Hands‑on experience with enterprise vulnerability tooling (Tenable, Aqua, Snyk, BrightSec).We offerA multinational organization with 60 offices in 20 countries and the possibility to work abroad.15 days (3 weeks) of paid annual leave plus an additional 10 days of personal leave (floating days and sick days).A comprehensive insurance plan including medical, dental, vision, life insurance, and long‑term disability.Flexible hybrid policy.RRSP with employer’s contribution up to 4%.A higher education certification policy.On‑demand Udemy for Business for all Synechron employees with free access to more than 5000 curated courses.Coaching opportunities with experienced colleagues from our Financial Innovation Labs (FinLabs) and Center of Excellence (CoE) groups.Cutting edge projects at the world’s leading tier‑one banks, financial institutions and insurance firms.A truly diverse, fun‑loving and global work culture.SYNECHRON’S DIVERSITY & INCLUSION STATEMENTAll employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant’s gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.#J-18808-Ljbffr