About the role

Penetration Tester conducting security assessments and developing attack simulations at ISH. Join us to secure the digital world with proactive cyber defense strategies.

Responsibilities

Conduct intrusion/penetration tests (internal and external) across corporate environments, web applications, APIs, networks, operating systems and cloud infrastructure.
Plan, execute and document simulated offensive campaigns (Red Team Operations), focusing on defense evasion, lateral movement, persistence and data exfiltration.
Develop and apply adversary simulation techniques, leveraging frameworks such as MITRE ATT&CK, APT TTPs and other threat intelligence sources.
Use and customize offensive tools such as Cobalt Strike, Metasploit, Empire, Sliver, BloodHound, Burp Suite, among others.
Identify vulnerabilities, misconfigurations and potential attack vectors that could be exploited by threat actors.
Prepare technical and executive reports with findings, evidence and mitigation recommendations.
Collaborate with Blue Team, SOC and Vulnerability Management teams, supporting Purple Team exercises and improving organizational defenses.
Continuously stay up to date on new attack techniques, tools, exploits and threat landscape trends.

Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Systems or related fields.
Proven experience in penetration testing and Red Team operations.
Proficiency with offensive tools such as Metasploit, Burp Suite Pro, Nmap, Cobalt Strike, Sliver, Empire, BloodHound, Responder, Impacket, etc.
Practical knowledge of vulnerability exploitation, post-exploitation techniques, privilege escalation and EDR evasion techniques.
Familiarity with major operating systems (Windows/Linux), networks and communication protocols (TCP/IP, DNS, SMB, LDAP, etc.).
Familiarity with frameworks such as MITRE ATT&CK, OWASP Top 10, PTES, NIST SP 800-115.
Experience in cloud environments (AWS, Azure, GCP) with a focus on offensive security is desirable.
Ability to develop scripts and exploits in Python, PowerShell, Bash and other languages.
Preferred (not mandatory) certifications: OSCP (Offensive Security Certified Professional), CRTO (Certified Red Team Operator), OSEP (Offensive Security Experienced Penetration Tester), CRTP (Certified Red Team Professional), eJPT, eCPTX, eWPTX, CEH (Certified Ethical Hacker), CompTIA Pentest.

Health plan with no monthly fee for you;
Dental plan with no monthly fee for you;
Life insurance;
Pipo Saúde: Digital health and corporate benefits broker;
Zenklub: Emotional health and wellbeing platform, with special discounts;
Wellhub: Platform that connects you to various networks to support your wellbeing (and your family's);
Private pension plan;
Transportation allowance;
Meal or food allowance;
Birthday day off: Enjoy a day off during your birthday month;
ISH Casual – Comfort and professionalism go hand in hand: choose an outfit that reflects your wellbeing while respecting the workplace;
Morning and afternoon fruit available to keep you energized during on-site days;
Employee referral program with cash bonuses;
Onboarding kit: We prepare a comprehensive kit to support you in your daily work;
Deeplearning: Our Corporate University - a space dedicated to continuous development, with courses, training and workshops for professional and personal growth;
Opportunities for professional growth;
Culture of feedback and development;
Exclusive leadership program;
Relaxed, innovation-driven environment; our leadership is accessible, doors are always open and you can often find them in the company corridors.