Analista de Segurança Ofensiva (Pentester) Pl - Segmento Tecnologia
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Analista de Segurança Ofensiva (Pentester) Pl - Segmento Tecnologia based in Brazil.
In this role, you will join a high-performing cybersecurity team focused on offensive security, penetration testing, and Red Team activities across complex digital environments. You will assess the security of web applications, APIs, mobile systems, and infrastructure, identifying vulnerabilities before malicious actors can exploit them. The position plays a key role in strengthening product and infrastructure security through actionable technical findings. You will collaborate closely with product teams and Blue Team specialists to drive remediation efforts and improve defensive posture. The environment is agile, collaborative, and innovation-driven, with strong emphasis on continuous learning and technical excellence. You will also contribute to the evolution of methodologies, automation, and security tooling within the team. This is a hands-on role with real impact on the security maturity of critical systems.
Accountabilities:
- Execute penetration tests across Web applications, APIs, and infrastructure environments, progressively gaining autonomy in delivery and execution.
- Perform security assessments including Web Pentest, API Pentest, and Infrastructure/Active Directory testing.
- Participate in Red Team exercises, applying Tactics, Techniques, and Procedures (TTPs) aligned with real-world threat scenarios.
- Develop clear and structured technical reports, including evidence, risk analysis, and remediation recommendations.
- Collaborate with Product and Blue Team teams to validate vulnerabilities and support mitigation strategies.
- Contribute to continuous improvement of offensive security methodologies, including automation and tooling enhancements.
- Stay up to date with emerging threats, vulnerabilities, and offensive security techniques, sharing knowledge with the team.
- Hands-on experience with Web Pentesting, API Pentesting, and Infrastructure/Active Directory security assessments.
- Knowledge of security frameworks and methodologies such as OWASP Top 10, MITRE ATT&CK, and PTES.
- Solid understanding of Linux and Windows operating systems.
- Strong knowledge of networking concepts (protocols, firewalls, VPNs).
- Understanding of authentication and authorization mechanisms.
- Ability to develop automation scripts (Python, Shell Script or similar).
- Strong analytical and documentation skills for technical reporting.
- Good communication skills for presenting findings clearly to technical and non-technical audiences.
- Organized, ethical, and detail-oriented professional with a collaborative mindset and continuous learning attitude.
- Experience with Mobile Pentesting (Android/iOS).
- Knowledge of secure code review (Python, Node.js, Java).
- Participation in CTFs, Hack The Box, TryHackMe, or Bug Bounty programs.
- Familiarity with AI and data applied to cybersecurity contexts.
- Security certifications such as eJPT, eWPT, DCPT, eMAPT, CPENT, or equivalents.
- Meal and food allowance (iFood card).
- Home office support allowance.
- Health insurance plan.
- Dental care plan.
- Birthday day off.
- Life insurance.
- Extended maternity and paternity leave.
- Educational partnerships and learning support programs.
- Well-being partnerships (Total Pass and Clude Saúde).
- Reimbursement programs.
- Flexible working hours.
- Casual dress code (be yourself).
Requirements:
Differentials:
Benefits:
Security pay context
Based on 1,609 disclosed Security salaries on RoleSuite, the role pays a median of $143K/year, with most offers between $114K and $184K (10th–90th percentile: $94K–$216K).
See the full Security salary breakdown →