Offensive Security Analyst – Pentester

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Develop and implement penetration testing strategies (black box, gray box, and white box) for web and mobile applications, APIs, internal and external networks, as well as cloud environments.

• Conduct social engineering, phishing simulations, and Red Team exercises as appropriate.

• Record findings in comprehensive technical and executive reports, including evidence, risk classification (CVSS), and recommendations for remediation.

• Monitor and confirm the remediation of vulnerabilities in collaboration with development and infrastructure teams, conducting retests when necessary.

• Offer additional support for Threat Intelligence initiatives, which includes:

• Monitoring and analyzing data breaches.

• Investigating and analyzing phishing campaigns.

• Facilitating and following through on takedown processes (removal of malicious domains, pages, and content).

• Mentor junior and mid-level analysts, aiding in the team's technical growth.

• Keep informed about emerging attack techniques, CVEs, TTPs (MITRE ATT&CK), and trends in the threat landscape.

⛳️ Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or a related discipline.

• Possess one of the following certifications: OSCP, DCPT, or CEH (mandatory).

• Significant experience (at least 5 years) in penetration testing and offensive security.

• Extensive knowledge of vulnerability exploitation (OWASP Top 10), Active Directory, post-exploitation and lateral movement, as well as techniques for evading defenses.

• Proficiency in scripting/automation (Python, Bash, or PowerShell).

• Strong written communication skills and the capability to create both technical and managerial reports.

🏝️ Benefits

• Health insurance

• Dental insurance

• Workplace exercise program

• Career development plan

• Pluxee – meal and/or food vouchers (VA and/or VR)

• Day off for your birthday