Project overview:

This project involves safeguarding the company’s technological infrastructure by conducting comprehensive penetration testing and vulnerability assessments across various systems, including networks, web applications, APIs, and cloud environments. The goal is to identify and address security weaknesses while balancing user experience and protection. The project requires collaboration with IT and security teams to prioritize and remediate vulnerabilities, develop custom tools, and stay updated on emerging threats. Ultimately, the focus is on delivering robust, sustainable security measures that comply with industry standards while fostering a culture of continuous improvement and innovation.

Key Responsibilities:

• Conduct comprehensive penetration testing across IT infrastructure, including networks, web applications, APIs, mobile apps, and cloud environments.

• Identify security vulnerabilities such as SQL injections, XSS, and privilege escalations, using various tools and techniques.

• Develop and simulate attack scenarios to assess the effectiveness of existing security controls.

• Perform vulnerability assessments and prioritize risks based on impact.

• Document findings, including vulnerability details, exploitation methods, and remediation recommendations, in detailed reports.

• Manage and triage vulnerabilities reported through bug bounty programs.

• Prepare and present both technical and executive-level reports on security issues, risks, and mitigation strategies.

• Collaborate with IT, development, and security teams to guide remediation efforts.

• Provide expert advice on securing systems based on findings and industry best practices.

• Stay current with penetration testing tools, techniques, and emerging threats.

• Develop custom tools and scripts to assist in penetration testing and automate tasks.

• Participate in internal and external security assessments, including red team exercises.

• Contribute to improving security policies, procedures, and best practices.

• Ensure penetration testing complies with industry standards, regulations, and company policies.

• Maintain an open-minded, innovative approach to penetration testing and security assessments.

• Organize work using ticketing systems like Jira, following established processes and deadlines.

• Stay informed about emerging threats, offering analysis as needed.

Required Knowledge and Skills:

• Bachelor’s degree (5 years) or equivalent experience in Computer Science, Telecommunications, or a related field.

• Minimum of 5 years of experience in a similar role.

• Strong technical understanding of web application security, API testing, operating systems (Windows, Linux), networks, databases, and application servers.

• Exceptional communication and documentation skills in English and Spanish.

• Proven ability to identify and assess vulnerabilities and security weaknesses.

• Experience prioritizing and managing remediation efforts.

• Experience with Splunk SIEM. Experience with CrowdStrike is also required.

• Strong collaboration skills for working with cross-functional IT teams.

• Risk-based approach to security with a focus on balancing protection and usability.

• Ability to create and present clear, detailed reports at various organizational levels.

• Familiarity with BI tools for dashboard creation.

• Ability to manage workload in a fast-paced environment and work independently and as part of a team.

• Time management skills and adaptability in a dynamic setting.

Competencies:

• Reading Comprehension: Ability to interpret and understand tasks assigned in tickets and procedures.

• Organization: Manage 50% recurring tasks, 30% research tasks, 10% follow-up tasks, and 10% procedural improvements.

• Prioritization: Assign the right priority to vulnerabilities and ensure prompt handling.

• Communication: Strong interpersonal and written skills to convey security issues.

• Adaptability: Able to respond effectively under pressure and make sound decisions in emergencies.

• Attention to Detail: High accuracy and thoroughness in identifying and addressing security issues.

• Customer Service Orientation: Focus on delivering the best user experience while maintaining security.

Bonus Points:

• Penetration Testing certifications (CEH, OSCP, GPEN, Pentest+).

• Vulnerability Management certifications.

• Knowledge of CDN/WAF configuration (Cloudflare, Imperva).

• Additional Cybersecurity certifications.

Benefits:

• 22 days of annual leave

• 10 public/national holidays

• Health insurance options

• Access to online learning platforms

• On-site English classes (in select countries), and more!