Sicredi

Senior Information Security Analyst – Offensive Security Focus, Penetration Testing

Sicredi

full-time

Posted on:

Location Type: Hybrid

Location: Brazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudPython

About the role

  • Conduct penetration tests (pentests) on applications (web/mobile), AI, infrastructure, and cloud;
  • Execute Red and Purple team exercises;
  • Participate in adversary simulations;
  • Identify vulnerabilities and assess their associated risk levels in existing products and services;
  • Plan, execute, and document penetration tests (pentests);
  • Conduct vulnerability analyses on web systems, APIs, networks, and infrastructure;
  • Create technical reports with evidence and clear remediation recommendations;
  • Support internal teams in understanding risks and revalidating applied fixes;
  • Use frameworks and methodologies such as OWASP, PTES, MITRE ATT&CK, among others;
  • Perform internal pentests and manage external vendors;
  • Experience with AEV platforms – Adversarial Exposure Validation;
  • Ability to simulate real attacks including reconnaissance, initial access, lateral movement, privilege escalation, persistence, and exfiltration, including knowledge of post-exploitation frameworks (C2);
  • Defensive collaboration (purple team): ability to integrate red team with blue team, supporting the cybersecurity defense team in validating detections and creating security monitoring rules;
  • Research and vulnerability analysis skills, with knowledge related to defense evasion, fuzzing, reverse engineering, and malware analysis;
  • Knowledge of tools for security analysis of AI models, including prompt injection and data poisoning testing;
  • Knowledge of integrating machine learning to predict attack paths in security tests and adversary simulation exercises.

Requirements

  • Pentest tools (Burp Suite Pro, nmap, Metasploit, sqlmap, brute-force tools, vulnerability scanners, etc.);
  • Scripting languages (Shell scripting, PowerShell, Python, etc.);
  • Strong experience with web and mobile application security;
  • Practical knowledge of penetration testing methodologies (OWASP Top 10, PTES, MITRE ATT&CK, etc.);
  • Ability to perform high-quality technical tests and produce well-structured reports;
Benefits
  • Fixed 14th and 15th salaries;
  • Profit-sharing / performance-based bonuses (according to seniority);
  • Health and dental plans with no co-payment;
  • Wellness programs with Wellhub (formerly Gympass): nutrition, psychology, occupational health, massage, running group, and local gym;
  • Meal Allowance and Food Voucher – flexible allocation percentage between cards (VA/VR), no co-payment;
  • Extended maternity and paternity leave;
  • Childcare or nanny allowance for children up to 6 years and 11 months;
  • Support for children with disabilities, with no age limit;
  • Life insurance;
  • Private pension plan up to 8% of salary;
  • Training platform – Sicredi Aprende, with a variety of courses;
  • 40-hour workweek – using a time bank system;
  • Remote work allowance (except for positions that are 100% on-site).
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingvulnerability analysisrisk assessmentadversary simulationdefensive collaborationsecurity monitoringmachine learning integrationtechnical reportingweb application securitymobile application security
Soft Skills
research skillscommunicationcollaborationproblem-solvingattention to detail