725 - Network Penetration Tester

We need an English-fluent Network Penetration Tester, based in Latin America, available to work remotely.
We are looking for someone with exceptional communication and relationship-building skills, who embraces changes while maintaining strong attention to detail. An interested and proactive person, who's constantly learning and improving their skills.

Are you the one we are looking for?

Responsibilities:

• Perform penetration testing on organizational networks, wireless systems, APIs, and digital infrastructure to identify vulnerabilities.
• Conduct both automated and manual testing to uncover security flaws, misconfigurations, and potential exploits within network environments.
• Simulate real-world network-based cyberattacks to evaluate the effectiveness of firewalls, intrusion detection systems, and other security controls.
• Work closely with IT and security teams to provide actionable recommendations for mitigating identified vulnerabilities.
• Analyze test results to assess risks and deliver comprehensive reports with prioritized remediation strategies.
• Continuously monitor and evaluate network systems for threats, breaches, and evolving attack vectors.
• Develop and maintain documentation outlining testing methodologies, findings, and mitigation protocols.
• Stay informed of emerging threats, advanced hacking techniques, and trends in network security.
• Provide input to enhance the organization’s security posture by refining policies, network segmentation, and defense mechanisms.
• Support compliance efforts, including security audits and adherence to regulatory standards such as PCI DSS, ISO 27001, or NIST frameworks.

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience).
• 4+ years of experience as a penetration tester or similar role.
• Strong knowledge of OWASP Top 10 vulnerabilities, web application security standards, and network security principles.
• Proficiency in using penetration testing tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, Nessus, etc.
• Understanding of common network protocols and services (TCP/IP, HTTP, DNS, FTP, etc.).
• Familiarity with various security frameworks (e.g., NIST, ISO 27001) and regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
• Experience with scripting and coding in languages such as Python, Bash, PowerShell, etc.
• Ability to explain technical issues to non-technical stakeholders in a clear and concise manner.
• Relevant certifications such as OSCP, CEH, CISSP, or GPEN are highly desirable.
• Strong analytical, problem-solving, and communication skills.

It's preferred:

• Compliance experience (PCI, HIPAA, etc.).
• Knowledge of Qualys Guard, Tenable.io, Tenable.ot.
• Knowledge of major web server software (IIS, Apache, WebSphere, Tomcat, WebLogic).
• Familiarity with common cybersecurity frameworks and standards (e.g., NIST, CIS).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Relevant certifications such as Certified Information Systems Security
• Professional (CISSP) or Certified Information Security Manager (CISM) is a plus.