Penetration Tester

Job Responsibilities:

• Design new testing techniques and adapt industry best practices to the platform technical and cultural environment including automation and CI/CD integration
• Integrate threat modeling into the SDLC and proactively map attack paths for critical systems
• Stay current with the latest vulnerabilities threat actor TTPs and threat intelligence relevant to the travel hospitality and ecommerce sectors
• Provide actionable remediation guidance and communicate technical findings to both technical and non-technical stakeholders up to CISO/CSO level
• Mentor and train junior penetration testers and non-security technical staff to scale security impact across the organization
• Manage and optimize the use of external vendors for penetration testing ensuring value and ROI
• Support incident investigations with offensive security testing as needed
• Contribute to the mid- and long-term security assurance strategy including threat landscape reporting and continuous improvement of testing methodologies

• 5 years of hands-on experience in offensive security testing and engagement management
• Expert-level skills in web application/API infrastructure and cloud penetration testing (AWS GCP Azure)
• Experience with threat modeling methodologies (e.g. STRIDE PASTA) and integrating security into SDLC/CI-CD pipelines
• Strong knowledge of current vulnerabilities exploitation techniques (RCE buffer overflows privilege escalation etc.) and attacker TTPs
• Familiarity with security testing for AI/GenAI applications and cloud-native environments is highly desirable
• Proficiency with offensive security tools (BurpSuite Kali Linux etc.) and scripting languages (Python Bash PowerShell Ruby)
• Excellent communication and stakeholder management skills
• Ability to design manage and maintain penetration testing labs/infrastructure
• Analytical organized and able to work independently and as part of a multi-disciplinary team

Desirable Skills:

• Experience with red/purple team operations and attack path mapping
• Experience in security consulting incident response and threat intelligence
• Knowledge of regulatory and compliance requirements (PCI GDPR etc.) as they relate to penetration testing
  
  

We are the Stefanini group a global tech consulting company of Brazilian origin that believes in the power of people to transform businesses through technology.

We are present in over 40 countries and operate with the purpose of co-creating solutions TOGETHER WITH OUR CLIENTS that accelerate results and improve the experience of people and organizations.

Here we like to say that technology is not the end but the means: what really matters are the people who drive it all.

Our mindset is AI First meaning we invest in cutting-edge technology in everything we do focusing on results for our clients.

We are a company A GROUP that breathes collaboration and offers a dynamic environment where you will learn by doing grow alongside the team and have space to contribute with ideas and projects.

More than just talking about digital transformation we believe in real transformation that starts with people and impacts real businesses.

If you are looking for a place to develop innovate and be part of something bigger the Stefanini Group is your place.

#LI-HYBRID