Senior Offensive Security Engineer

Summary

Join QuintoAndar, Latin America's largest real estate ecosystem, as a Penetration Tester. You will conduct regular penetration testing on corporate infrastructure, applications, and networks, developing and executing offensive security strategies. Automate offensive security processes and create detailed reports of findings. Lead Red Team exercises and collaborate with stakeholders to integrate findings into the security program. Stay updated on the latest vulnerabilities and exploits. This remote-first position offers competitive compensation and benefits.

Requirements

• Strong hands-on experience with penetration testing tools and frameworks (5+ years)
• Professional expertise in offensive security techniques, including vulnerability assessment, exploitation, and post-exploitation tactics
• Knowledge of modern exploitation techniques, web application vulnerabilities (OWASP Top 10), and network security weaknesses
• Familiarity with Zero Trust principles and how they apply to offensive security testing and hardening
• Experience conducting Red Team exercises and utilizing frameworks such as MITRE ATT&CK, Cyber Kill Chain and NIST
• Fluency in Portuguese and proficiency in English, especially for writing detailed reports, security documentation, and collaborating with global teams

Responsibilities

• Conduct regular penetration testing on corporate infrastructure, applications, and networks (including cloud environments) to identify and exploit vulnerabilities
• Develop and execute offensive security strategies to simulate real-world attack scenarios, providing insights into potential security weaknesses and paths to exploitation
• Automate offensive security processes, including vulnerability scanning, reconnaissance, and exploit deployment, to enhance testing efficiency and coverage
• Create detailed reports of findings and work closely with the incident response, SOC, and blue team to provide actionable recommendations for remediation
• Lead Red Team exercises, developing attack methodologies and leveraging the MITRE ATT&CK framework to improve detection and response capabilities
• Collaborate with various stakeholders to integrate offensive security findings into the broader security program, aligning with Zero Trust principles
• Stay up to date with the latest vulnerabilities, exploits, and offensive security tools to continuously improve the security posture of the organization

Preferred Qualifications

• Offensive Security Certified Professional (OSCP) or similar certifications are highly desirable
• Fluency in Portuguese and proficiency in English, especially for writing documentation, policies, and communicating with global partners

Benefits

• Competitive salary package
• Bonus
• Meal allowance ("Flash benefícios")
• Health plan
• Dental plan (optional)
• Life insurance
• Daycare subsidy
• Subsidy to sports practicing (Gympass)
• Extended maternity and paternity leave
• Reserved room for breast-feeding
• Discount on our parking lot
• Language learning support
• Free transfer from Vila Madalena and Fradique Coutinho stations to the office
• Free bike rack in our parking lot