Senior Pentester

We are a cutting-edge e-commerce company developing products for our technological platform. Our creative, smart, dedicated teams pool their knowledge and experience to find the best solutions to meet project needs while maintaining sustainable and long-lasting results. How? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative, and respectful culture.

You will protect our infrastructure by searching for and helping address vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.

Must also be bilingual: English/Spanish.

Key Responsibilities:

• Perform thorough penetration testing on various components of the organization's IT infrastructure, including networks, web applications, API, mobile applications, and cloud environments.
• Use various tools and techniques to identify security weaknesses, such as SQL injection, cross-site scripting (XSS), privilege escalation, and other vulnerabilities.
• Develop and execute attack scenarios to assess the effectiveness of security controls and defences.
• Conduct vulnerability assessments to identify and evaluate security flaws and weaknesses within systems and applications.
• Analyze and prioritize vulnerabilities based on risk assessment and potential impact on the organization.
• Create detailed reports documenting findings from penetration tests and vulnerability assessments, including descriptions of vulnerabilities, exploitation methods, and recommended remediation actions.
• Triage vulnerabilities reported in a bug bounty program.
• Prepare and present technical and executive-level reports that clearly communicate security issues, risks, and mitigation strategies.
• Ensure that documentation is accurate, comprehensive, and delivered on time.
• Work closely with IT, development, and security teams to address identified vulnerabilities and guide remediation efforts.
• Advise on best practices for securing systems and applications based on penetration testing findings and industry standards.
• Participate in developing and improving security policies, procedures, and practices.
• Stay updated with the latest penetration testing tools, techniques, and threat vectors.
• Develop custom scripts and tools to aid penetration testing and automate repetitive tasks.
• Contribute to the refinement and enhancement of testing methodologies and frameworks.
• Engage in ongoing training and professional development to enhance skills and stay current with emerging threats and technologies.
• Share knowledge and expertise with the team to foster a culture of security awareness and continuous improvement.
• Participate in internal and external security assessments, including red team exercises and vulnerability management programs.
• Ensure penetration testing activities comply with industry standards, regulatory requirements, and organizational policies.
• Maintain an open-source way of thinking when performing penetration testing.
• Adhere to different policies set out by the organization.
• Follow and improve existing procedures.
• Keep your work organized based on tickets (Jira).
• Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.
• Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.
• Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.
• Help the organization understand advanced cyber threats.

Knowledge and skills you need to have

• Five years of a university degree or four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience, are required.
• At least 5 years of work experience in similar roles.
• Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in web applications, APIs, operating systems (Windows and Linux), networks, databases, and application servers.
• Ability to prioritize remediation and handle mitigation planning.
• Experience in working collaboratively with cross-functional/transverse IT teams.
• Ability to apply a risk-based approach while working on assigned responsibilities.
• Good understanding of reporting needs at various organizational levels and ability to design, create, and present them.
• Experience in working with any BI tools to prepare dashboards.
• Troubleshooting and problem-solving capabilities.
• Excellent analytical, communication, and documentation skills.
• Ability to organize work and prioritize work as per the operation's needs.
• Ability to work independently and as part of the Information Security Team, and can work under minimal supervision.
• Should have time management skills and manage work in a fast-moving environment.