Job Description

Required experience: Does not exclude years of value-added capacity demonstrated in AppSec (formal work, controlled environments, CTFs or self-taught practice) Salary: According to profile and experience Contracts required: 1 Vaga Description: Leading software security company With more than 20 years in the market, specialized in helping organizations develop and implement secure software. Through its platform, it accompanies its clients in the understanding, management and remediation of vulnerabilities, guaranteeing high quality products for end users. The company values above all the capacity for autonomous learning, discipline, honesty and collaborative work.\nThe role of Ethical Hacker has an offensive and preventive approach: identifying threats and vulnerabilities in applications that automated tools do not detect, acting in advance in the development cycle to prevent errors from being checked to production.\nResponsibilities:\nExecute penetration tests in web applications, mobiles (Android and iOS) and desktop.\nPerform vulnerability research in static code and non-source code of web applications.\nApply SAST and DAST techniques in different stages of development.\nPerform penetration tests. penetration into local infrastructure and cloud environments.\nAutomate vulnerability analysis and detection processes using scripts.\nDocument and communicate clearly with the technical team.\nCollaborate actively in a remote, multicultural and multilingual team.\nRequired Skills:\nSolid technical and practical knowledge of offensive security.\nCapacity to demonstrate in one or more of the following areas:\nPentest of web applications\nVulnerability research in static code and source\nPentest in mobile applications (Android and iOS)\nPentest in desktop applications\nDomain of SAST and DAST.\nCapacity of analyze and detect vulnerabilities in source code.\nExperience or practice in local and/or cloud infrastructure hacking.\nCompetence in automation and scripting.\nLanguages:\nPortuguês: conversational or native (any country of origin)\nSpanish: functional communication, perfection is not required, but Sim ability to accompany mentoring and communicate with the team\nEnglish: B1 technical reading of documentation, CVEs, writeups, certifications and CTFs\nDesired Skills:\nParticipação in CTF competitions (Capture The Flag).\nExperiência in Red Teaming exercises.\nConhecimento do Secure Software Development Life Cycle (SDLC).\nAdditional Vague Details:\nRequired Education: A university diploma is not required in any specific training area. Avalia-se exclusively to demonstrated technical capacity and availability to continue learning autonomously.\nModalidade: 100% remote work.\nType of contract: Indefinite term for candidates in Colombia / Provision of services for candidates outside of Colombia.\nRequired level of English: B1 technical-passive. Not exclusive.\nSearch Note: Profiles without formal experience are only considered since they demonstrate skills in AppSec through CTFs, bug bounty, controlled practice environments (HackTheBox, TryHackMe, etc.) or documented personal projects.",