Fecha de publicación: 01 junio *
- lugar:
- hybrid (guadalajara)
- skills:
*required qualifications*:
- bachelor's degree in computer science, information technology, or a related field, or equivalent experience.
- 3+ years of professional experience in penetration testing and offensive security consulting.
- at least 2 years of experience conducting red team operations.
- at least 2 years of practical experience in cloud penetration testing (aws, azure, etc.), including identification and exploitation of misconfigurations and iam vulnerabilities.
- generalized penetration testing experience in areas such as infrastructure penetration testing, and manual web, mobile, or api penetration testing.
- ability to simulate real-world adversarial techniques and develop creative attack chains in controlled environments.
- strong understanding of network protocols, active directory, privilege escalation techniques
- demonstrated experience with c2 frameworks (cobalt strike, silver, etc.)
- proficiency in scripting or coding languages (python, powershell, bash, etc.)
*preferred qualifications*:
- experience leading technical projects, mentoring peers, or contributing to the development of team best practices.
- prior experience with cloud security or development security operations a plus
- experience with mentoring and training within teams and partnering with marketing teams to create valuable content for customers and prospects.
- actividades:
- *red team operations*: plan, execute, and report on operations including assumed breach, initial access, lateral movement, persistence, and data exfiltration.
- *cloud penetration testing*: conduct assessments across aws, azure, and gcp, identifying misconfigurations, privilege escalation paths, identity attacks, and container security issues.
- *offensive tooling*: use and customize tools such as cobalt strike, outflank, core impact, silver, bloodhound, burp suite, develop and utilize custom tooling; and develop custom scripts for post-exploitation and evasion.
- *threat simulation*: develop realistic threat scenarios based on mitre att&ck, apt tactics, and current breach trends.
- *reporting*: write detailed, high-quality reports outlining technical vulnerabilities and exploitation techniques, severity levels, steps to reproduce, and actionable remediation steps.
- *client communication*: brief clients on findings and provide strategic guidance on remediation, overall risk reduction, and tactics to increase security posture.
- *methodology development*: contribute to the advancement of internal testing methodologies, tooling creation and improvements, and red team infrastructure.
- *security research*: stay current with emerging threats, cves, offensive tactics, and evolving cloud security techniques.
- *skill development*: perform ongoing research, analysis, and testing to enhance individual and team technical capabilities.
- *engagement scoping*: assist in defining scope, estimating effort, and drafting statements of work (sows), including recommending tailored solutions for client needs.
- *mentorship*: coach and mentor less experienced staff, or those less experienced in specific expertise areas, to support professional development and service excellence.
- *team training*: train colleagues on areas of expertise and develop repeatable learning paths to support scalable team growth.
- *content development*: contribute to creating blog posts, articles, marketing or training materials, and participating in webinars or customer conferences.
- deseable:
- beneficios:
- vales despensa 1,000 pesos
- vales gasolina 1,000 pesos
- fondo de ahorro 6% (topado en ley)
- aguinaldo 30 días
- vacaciones ley
- pv de ley
- ptos 3 días
- sgmm sólo para empleado, con cobertura de 5 millones por evento
- seguro de vida sólo para empleado