Offensive Security Engineer
Sao Paulo (Remote)
dLocal
dLocal powers local payments connecting merchants with billions of emerging market consumers through one single API.dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health, and learning benefits, among others. Being a part of dLocal means working with 800+ teammates from 25+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.
What’s the opportunity?
- Assess network, environment, or technologies;
- Write tooling to assist with offensive security assessment;
- Conduct discovery activities to map environments;
- Build, conduct, and participate in offensive security exercises;
- Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews;
- Work closely with development teams to mitigate or remediate security vulnerabilities;
- Empower developers to do their jobs securely without creating additional friction;
- Educate our engineers about security in application code and infrastructure;
- Educate our non-technical employees about security good practices and attacks;
- Assist in Incident Response activities (if it involves Security);
What skills do I need?
- Advanced background in Offensive Security (Red Team active participation);
- Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them;
- A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset);
- Well-rounded background in host, network and application security (Web, API and Mobile);
- Huge familiarity with threat analysis (malware, phishing, social engineering, etc);
- Attacker mindset ability to think about creative threats and attack vectors;
- Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement;
- Know-How of Threat modeling in a cloud environment;
- Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others;
- Familiarity with implementation and maintenance of SAST/DAST/IAST sensors;
- In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks;
- Understanding of a complete SDLC and how to make it secured (S-SDLC)
- Familiarity with Cloud platforms (AWS or equivalent);
- Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team);
- Effective written and oral communication involving both business and technical sides of the business;
- Quickly identify issues and solve them;
- Ability to present technical risks to a broader audience (both written and spoken);
Nice to have!
- Experience on research of vulnerabilities and development of exploitation tools
- Building and automating common Red Team processes and activities
- Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
- Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
- Exposure to PCI-DSS framework or any other relevant security standard will be valued
- Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
- Active participation in CTFs and also Bug Bounty programs
Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpage, Linkedin, Instagram, and Youtube for more about dLocal!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security AWS Burp Suite CEH Cloud DAST IAST Incident response Kali Linux Malware Metasploit Microservices Nmap Offensive security OSCE OSCP OSWE OSWP Pentesting Qualys Red team SAST SDLC Security assessment SHODAN Vulnerabilities
Perks/benefits: Career development Conferences Flex hours Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs