Offensive Security Engineer

3 semanas atrás


São Paulo, Brasil Cyber Crime Tempo inteiro

dLocal dLocal powers local payments connecting merchants with billions of emerging market consumers through one single API.

View company page

Why you should join dLocal?
dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health, and learning benefits, among others. Being a part of dLocal means working with 800+ teammates from 25+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.What’s the opportunity?

  • Assess network, environment, or technologies;
  • Write tooling to assist with offensive security assessment;
  • Conduct discovery activities to map environments;
  • Build, conduct, and participate in offensive security exercises;
  • Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews;
  • Work closely with development teams to mitigate or remediate security vulnerabilities;
  • Empower developers to do their jobs securely without creating additional friction;
  • Educate our engineers about security in application code and infrastructure;
  • Educate our non-technical employees about security good practices and attacks;
  • Assist in Incident Response activities (if it involves Security);

What skills do I need?
  • Advanced background in Offensive Security (Red Team active participation);
  • Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them;
  • A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset);
  • Well-rounded background in host, network and application security (Web, API and Mobile);
  • Huge familiarity with threat analysis (malware, phishing, social engineering, etc);
  • Attacker mindset ability to think about creative threats and attack vectors;
  • Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement;
  • Know-How of Threat modeling in a cloud environment;
  • Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others;
  • Familiarity with implementation and maintenance of SAST/DAST/IAST sensors;
  • In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks;
  • Understanding of a complete SDLC and how to make it secured (S-SDLC)
  • Familiarity with Cloud platforms (AWS or equivalent);
  • Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team);
  • Effective written and oral communication involving both business and technical sides of the business;
  • Quickly identify issues and solve them;
  • Ability to present technical risks to a broader audience (both written and spoken);

Nice to have
  • Experience on research of vulnerabilities and development of exploitation tools
  • Building and automating common Red Team processes and activities
  • Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
  • Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
  • Exposure to PCI-DSS framework or any other relevant security standard will be valued
  • Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
  • Active participation in CTFs and also Bug Bounty programs

What happens after you apply?
Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process
Also, you can check out ourwebpage ,Linkedin ,Instagram , andYoutube for more about dLocal Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr

  • São Paulo, Brasil dLocal Tempo inteiro

    Why you should join dLocal? dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads...


  • São Paulo, Brasil dLocal Tempo inteiro

    Why you should join dLocal? dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make...


  • Sao Paulo, Brasil Uber Tempo inteiro

    Conduct network infrastructure, Public Cloud (AWS and GCP), and data-layer offensive pen-testing - Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed - Basic Qualifications - A pen-test certification such as Offensive Security Certified Professional (OSCP) or CEH, OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, eWAPT, eMAPT and/or...


  • Sao Paulo, Brasil Kroll Tempo inteiro

    In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate...


  • Sao Paulo, Brasil C6 Bank Tempo inteiro

    **C6 BANK: O BANCO DA SUA VIDA**: Nós somos o banco que chegou com tudo em 2019! Atendemos pessoas físicas, MEIs e PMEs em todos os estados do Brasil. Sem agências físicas para te prender, oferecemos mais de 40 produtos e serviços financeiros feitos para todos os perfis de clientes. Nossa base fica em São Paulo, com mais de 3.500 CSixers que estão...


  • Sao Paulo, Brasil Kroll Tempo inteiro

    In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity—not just answers—in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate...


  • Sao Paulo, Brasil Kyndryl Tempo inteiro

    Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The...

  • Cyber Security Engineer

    3 semanas atrás


    São Paulo, São Paulo, Estado de São Paulo, Brasil Securecy Tempo inteiro

    Securecy, a prominent cybersecurity firm, is seeking a diligent Cyber Security Engineer to join our remote team. We welcome individuals from all locations to contribute to our mission of enhancing digital security practices. Employment Type : Full-time (Contract or Regular) Responsibilities Develop, implement, and manage security measures to protect systems...


  • São Paulo, Brasil Netvagas Tempo inteiro

    Atuação na área Acadêmica do maior ecossistema de Ensino Tech do país! Aqui compartilhamos nossa experiência de mercado com os alunos, propondo além de conhecimento, aulas mais práticas, no modelo hands on. Além de acompanhá-los em eventos digitais e presenciais (competições, hackathons, datathons, CTFs, chalenges, bootcamps, encontros). Nossos...

  • Professor(a) de graduação

    2 semanas atrás


    São Paulo, Brasil Netvagas Tempo inteiro

    Atuação na área Acadêmica do maior ecossistema de Ensino Tech do país! Aqui compartilhamos nossa experiência de mercado com os alunos, propondo além de conhecimento, aulas mais práticas, no modelo hands on. Além de acompanhá-los em eventos digitais e presenciais (competições, hackathons, datathons, CTFs, chalenges, bootcamps, encontros). Nossos...

  • Network Security Engineer

    2 meses atrás


    São Paulo, Brasil Hyqoo Tempo inteiro

    Job Title: Network Security EngineerLocation: Hybrid (2 days onsite/Week)Address: (Rod. Pres. Dutra, Km 154 - s/n - Jardim das Industrias, São José dos Campos - SP, 12240-420, Brazil)Job Summary:We are seeking an experienced Network Security Engineer to join our team and protect our large enterprise network. The ideal candidate will have a strong...

  • Network Security Engineer

    2 meses atrás


    São Paulo, Brasil Hyqoo Tempo inteiro

    Job Title: Network Security EngineerLocation: Hybrid (2 days onsite/Week)Address: (Rod. Pres. Dutra, Km 154 - s/n - Jardim das Industrias, São José dos Campos - SP, 12240-420, Brazil)Job Summary: We are seeking an experienced Network Security Engineer to join our team and protect our large enterprise network. The ideal candidate will have a strong...

  • Network Security Engineer

    2 meses atrás


    São Paulo, Brasil Hyqoo Tempo inteiro

    Job Title: Network Security Engineer Location: Hybrid (2 days onsite/Week) Address: (Rod. Pres. Dutra, Km 154 - s/n - Jardim das Industrias, São José dos Campos - SP, 12240-420, Brazil) Job Summary: We are seeking an experienced Network Security Engineer to join our team and protect our large enterprise network. The ideal candidate will have a strong...

  • Network Security Engineer

    2 meses atrás


    São Paulo, SP, Brasil Hyqoo Tempo inteiro

    Job Title: Network Security Engineer Location: Hybrid (2 days onsite/Week) Address: (Rod. Pres. Dutra, Km 154 - s/n - Jardim das Industrias, São José dos Campos - SP, 12240-420, Brazil) Job Summary: We are seeking an experienced Network Security Engineer to join our team and protect our large enterprise network. The ideal candidate will have a strong...

  • Network Security Engineer

    2 meses atrás


    São Paulo, Brazil, BR Hyqoo Tempo inteiro

    Job Title: Network Security EngineerLocation: Hybrid (2 days onsite/Week)Address: (Rod. Pres. Dutra, Km 154 - s/n - Jardim das Industrias, São José dos Campos - SP, 12240-420, Brazil)Job Summary: We are seeking an experienced Network Security Engineer to join our team and protect our large enterprise network. The ideal candidate will have a strong...


  • São Paulo, Brasil Google Tempo inteiro

    There's no such thing as a "safe system" - only safer systems. Our Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly...


  • São Paulo, Brasil Signifyd Tempo inteiro

    Please apply in English About the role As a Senior Cloud Security Engineer at Signifyd, you will work to control and improve security outcomes across the company. You will operate at the front line of risk, identifying vulnerabilities and threats, and collaborate cross-functionally across the organization to implement defenses. As a core...


  • São Paulo, Brasil Signifyd Tempo inteiro

    Please apply in English About the role As a Senior Cloud Security Engineer at Signifyd, you will work to control and improve security outcomes across the company. You will operate at the front line of risk, identifying vulnerabilities and threats, and collaborate cross-functionally across the organization to implement defenses. As a core...


  • São Paulo, Brasil Media.Monks Tempo inteiro

    As an Application Security Engineer will be contributing to improve the security within the SDLC by identifying and implementing appropriate security controls such as training the teams in secure development practices, implementing SAST flows and growing security testing capabilities. You’ll be the POC for AppSec for development and operations teams.  ...


  • São Paulo, Brasil Media.Monks Tempo inteiro

    As an Application Security Engineer will be contributing to improve the security within the SDLC by identifying and implementing appropriate security controls such as training the teams in secure development practices, implementing SAST flows and growing security testing capabilities. You’ll be the POC for AppSec for development and operations teams.  ...