Plan, execute and document internal and external penetration tests, including web applications, APIs, mobile apps, networks, servers, cloud environments and third-party components.
Perform in-depth vulnerability assessments, including manual exploitation and validation of findings identified by automated scanners.
Simulate real-world attacks, including scenario-based intrusion testing (Black Box, White Box and Grey Box).
Conduct Red Teaming/Adversary Simulation activities when applicable.
Prepare technical and executive reports detailing findings, attack vectors, severity and remediation recommendations.
Support technical teams in understanding and remediating vulnerabilities, providing clear, practical mitigation guidance.
Perform security reviews of code and architecture focused on identifying exploitation points (when applicable).
Contribute to the evolution of offensive security processes and methodologies, aligned with frameworks such as OWASP, MITRE ATT&CK and PTES.
Support the SOC and incident response team by providing offensive insights that contribute to more effective detections.
Deliver technical workshops and awareness training focused on offensive security and vulnerability prevention.

Bachelor's degree in Computer Science, Computer Engineering, Information Security or related fields.
Hands-on experience in offensive penetration testing, including exploitation of vulnerabilities in applications, networks, APIs and infrastructure.
Proficiency with security tools such as:

Burp Suite, ZAP, Nmap, Nessus, Nikto Metasploit, SQLMap, Hydra Feroxbuster, Gobuster, Subfinder, Amass

Strong knowledge of OWASP Top 10, ASVS, API Security Top 10, MITRE ATT&CK and PTES.
Ability to perform manual exploit development and identify issues not detected by automated scanners.
Understanding of application architecture, infrastructure, REST/GraphQL APIs, networks and cloud environments.
Familiarity with languages or scripting for exploitation and automation (e.g., Python, Bash, PowerShell).
Familiarity with IAM concepts, authentication protocols and API security (JWT, OAuth2, OIDC).
Strong analytical skills, clear communication and documentation organization.
Proactivity, technical curiosity and an offensive mindset.
Knowledge of cloud environments: AWS, Azure and GCP.

Health insurance – available when you need it
Dental insurance – because we value smiles
Renascer Program – supporting life transitions
Meaningful Dates – we celebrate what matters
Education investment – we support your learning journey
Profit sharing – we build together and celebrate together on Perten-ser Day
Individual Development Plan – we value your career ownership
Private pension plan – we like to plan for the future
Life insurance – an important benefit
Time Together – we recognize those who enjoy being with us
Meal and/or food allowance – a treat!
Commuting allowance – without payroll deductions
Childcare/babysitting allowance – because your child deserves a safe, welcoming place.

Information Security Analyst II – Penetration Testing

Key skills