Back to SearchLead Security Penetration Tester
Remote in Brazil
Security.Testing, Penetration testing
Choose an option
We are looking for a Lead Security Penetration Tester to join our team.
This position demands deep technical expertise in Web and Mobile application security, along with strong knowledge of modern technology stacks such as cloud platforms and LLM integrations. You will play a key role in uncovering vulnerabilities, setting security requirements, and helping to enhance the security posture of our clients.
Responsibilities
- Determine applicable security standards and specifications for each project
- Establish and document security requirements for systems and applications
- Choose suitable security tools and define related security checks
- Create detailed strategies for security testing
- Plan, estimate, and oversee multiple assignments with minimal supervision
- Perform vulnerability assessments and penetration testing across different environments
- Work closely with technical and management staff throughout the security assessment process
- Document all identified issues using various reporting tools, including Jira and Confluence
- Offer practical remediation guidance for discovered vulnerabilities
- Collaborate with proposal teams to assist with client presentations and supporting materials
- Join Security Champions meetings and support continuous improvement initiatives
Requirements
- Bachelor’s or Master’s degree in Computer Science, a related discipline, or equivalent background
- Minimum of 5 years of direct experience in penetration testing or security testing
- At least one year of experience leading and managing technical teams
- Hands-on experience with Web Services, including SOAP and RESTful APIs
- Advanced skills in testing Web Applications across diverse frameworks and architectures
- Experience in Mobile Application security for iOS, Android, and optionally Windows Mobile
- Familiarity with Client Applications, especially Windows and Linux thin and thick clients
- Understanding of Chatbots and LLM integrations, including adversarial testing and prompt injection
- Knowledge of Cloud Environments, focusing on application-layer security and identity management
- Proficiency with security tools such as Burp Suite, Nmap, OWASP ZAP, or similar
- Ability to assess requirements, processes, and technologies from a security standpoint
- Skilled in selecting, educating, and communicating appropriate security solutions to meet client objectives
- Capable of presenting assessment results to both technical and non-technical stakeholders
- Experience in developing security-related documentation
- Strong English language skills, both written and spoken, at B2+ level or above
Nice to have
- Knowledge and practical use of security testing methodologies like OSSTM, OWASP, and PTES
- Ability to design, implement, and oversee security assessment processes within projects
- Experience with static and dynamic analysis tools for mobile and client applications, such as MobSF or similar