Remote Offensive Security Engineer

Description:

• The Offensive Security Engineer will assess networks, environments, or technologies.
• The role involves writing tooling to assist with offensive security assessments.
• Conducting discovery activities to map environments is a key responsibility.
• The engineer will build, conduct, and participate in offensive security exercises.
• Responsibilities include performing penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews, and design/architecture reviews.
• The engineer will work closely with development teams to mitigate or remediate security vulnerabilities.
• Empowering developers to perform their jobs securely without creating additional friction is essential.
• The role includes educating engineers about security in application code and infrastructure.
• The engineer will also educate non-technical employees about security best practices and attacks.
• Assisting in Incident Response activities related to security is part of the job.

Requirements:

• Candidates must have an advanced background in Offensive Security with active participation in Red Team activities.
• A strong understanding of vulnerabilities, common attack vectors, and their solutions is required.
• The candidate should possess a keen ability to identify and analyze attacks on company assets and simulate internal/external attacks with an Ethical Hacker mindset.
• A well-rounded background in host, network, and application security (Web, API, and Mobile) is necessary.
• Familiarity with threat analysis, including malware, phishing, and social engineering, is essential.
• The candidate should have an attacker mindset to think creatively about threats and attack vectors.
• Knowledge in tailored reconnaissance, weaponization, exploitation, and lateral movement is required.
• Understanding of Threat modeling in a cloud environment is necessary.
• Experience with common security tools such as Nmap, SQLmap, Metasploit, Kali Linux, Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, and Censys/Shodan is expected.
• Familiarity with the implementation and maintenance of SAST/DAST/IAST sensors is required.
• In-depth knowledge of OWASP10, SANS25, and other well-known security frameworks is necessary.
• Understanding of a complete Software Development Life Cycle (SDLC) and how to secure it (S-SDLC) is required.
• Familiarity with Cloud platforms (AWS or equivalent) is necessary.
• The ability to lead teams to problem resolution regarding security is essential.
• Effective written and oral communication skills involving both business and technical aspects are required.
• The candidate should be able to quickly identify and solve issues.
• The ability to present technical risks to a broader audience, both in writing and verbally, is necessary.

Benefits:

• dLocal offers a flexible, remote-first dynamic culture with travel, health, and learning benefits.
• Employees will be part of a global team that impacts millions of people's daily lives.
• The company promotes a culture of building and facing challenges head-on.
• Employees will have the opportunity to develop an international career with a diverse team of over 900 teammates from 25+ different nationalities.