Conduct intrusion tests (internal and external) in corporate environments, web applications, APIs, networks, operating systems and cloud infrastructure.
Plan, execute and document simulated offensive campaigns (Red Team operations), focusing on defense evasion, lateral movement, persistence and data exfiltration.
Develop and apply adversary simulation techniques, based on frameworks such as MITRE ATT&CK, APT TTPs and other threat intelligence sources.
Use and customize offensive tools such as Cobalt Strike, Metasploit, Empire, Sliver, BloodHound, Burp Suite, among others.
Identify vulnerabilities, misconfigurations and potential attack vectors that could be exploited by malicious actors.
Prepare technical and executive reports with findings, evidence and recommendations for mitigation.
Work closely with Blue Team, SOC and Vulnerability Management teams, supporting Purple Team exercises and improving the organization's defenses.
Continuously update knowledge on new attack techniques, tools, exploits and threat landscape trends.

Bachelor's degree completed in Information Security, Computer Science, Computer Engineering, Information Systems or related fields.
Strong experience in penetration testing and Red Team operations.
Proficiency with offensive tools such as Metasploit, Burp Suite Pro, Nmap, Cobalt Strike, Sliver, Empire, BloodHound, Responder, Impacket, etc.
Hands-on knowledge of vulnerability exploitation, post-exploitation techniques, privilege escalation, and EDR evasion techniques.
Knowledge of major operating systems (Windows/Linux), networking and communication protocols (TCP/IP, DNS, SMB, LDAP, etc.).
Familiarity with frameworks such as MITRE ATT&CK, OWASP Top 10, PTES, NIST SP 800-115.
Experience in cloud environments (AWS, Azure, GCP) with a focus on offensive security is desirable.
Ability to develop scripts and exploits in Python, PowerShell, Bash and other languages.
Preferred certifications (not mandatory):
OSCP (Offensive Security Certified Professional)
CRTO (Certified Red Team Operator)
OSEP (Offensive Security Experienced Penetration Tester)
CRTP (Certified Red Team Professional)
eJPT, eCPTX, eWPTX
CEH (Certified Ethical Hacker)
CompTIA Pentest

Health plan with no monthly fee for you;
Dental plan with no monthly fee for you;
Life insurance;
Pipo Saúde: digital health and corporate benefits broker;
Zenklub: emotional health and wellbeing platform, with special discounts;
Wellhub: a platform that connects you to various networks to help care for your wellbeing (and your family's).
Private pension plan;
Transportation voucher;
Meal or food allowance;
Birthday day off: one day off during your birthday month;
Casual ISH – Comfort and professionalism go hand in hand: choose an outfit that reflects your well-being while respecting the work environment;
Morning and afternoon fruit provided to boost energy for on-site routines;
Employee referral program with cash bonuses;
Onboarding kit: we prepare a comprehensive kit to support you in your daily work.
Deeplearning: Our Corporate University – a space dedicated to continuous development of our employees, with courses, trainings and workshops for professional and personal growth;
Opportunity for professional growth;
Culture of feedback and development;
Leadership development program;
An informal, innovation-driven environment; our leadership is accessible—doors are always open, and you can find them in the company corridors.

Cyber Exploitation Analyst – Pentest

Key skills