Cybersecurity Engineer developing solutions for complex security challenges protecting data and networks. Implementing next generation security solutions for government and commercial clients in hands - on roles.
About the role
- Cyber Security Specialist for Riachuelo's Red Team overseeing offensive security projects. Leading cyber threat intelligence and collaborating with internal teams on security improvements.
Responsibilities
- Lead the company's Cyber Threat Intelligence (CTI) function
- Perform offensive testing (Red Team, Penetration Testing and Adversary Emulation) on:
- web and mobile applications
- on-premises infrastructure
- cloud environments
- Simulate realistic attacks based on real adversary TTPs (MITRE ATT&CK)
- Translate technical findings into clear, actionable business risks
- Produce technical and executive reports, highlighting control, detection, and response gaps
- Work closely with the Blue Team, validating control effectiveness and supporting the team's technical development
- Provide technical support for investigations and incident response (CSIRT), applying an offensive perspective for emergency hardening
- Contribute to building and evolving the company's Red Team program
- Develop and automate offensive testing tools, integrating them into DevSecOps pipelines
Requirements
- Bachelor's degree in Information Security, Computer Science, Engineering, Information Systems, or related fields
- Minimum of 8 years of experience in Information Security, with at least 6 years in offensive security / Red Team
- Experience working in complex, dynamic, and preferably regulated environments
- Advanced English for technical reading and interaction with external materials
- Required technical knowledge:
- Offensive security in on-premises and cloud environments
- Exploitation of APIs, modern architectures, and microservices
- Cloud security (IAM abuse, privilege escalation, lateral movement)
- Scenario-based simulations using real-world threats and CTI
- Tools such as:
- Cobalt Strike or Sliver
- Burp Suite
- Metasploit
- Enumeration and privilege escalation tools
- Nice-to-haves / Differentials:
- Certifications such as:
- OSCP, CRTO
- OSWE, OSEP
- eCPPT, eCPTX
- GPEN, GXPN
- AWS Security Specialty or equivalent
- Practical experience in Purple Team
- Development of custom tools and Red Team automations
- Participation in real Red Team exercises and advanced CTFs
Benefits
- Medical insurance
- Dental insurance
- Meal voucher
- Food allowance
- Gympass
- Childcare assistance
- Culture voucher
- Home office allowance
- PPR — Results Participation Program (performance bonus)
- Private pension plan
- Group life insurance
- Educational partnerships
- Discounts at Riachuelo
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Information Security Manager responsible for security governance and risk management. Engaging with technical teams for compliance with security standards and best practices.
Customer Support Coordinator delivering technical support for complex security solutions. Collaborating with internal teams and external stakeholders to resolve service incidents while ensuring high performance standards.
Security Access Control Specialist at AMERICAN SYSTEMS managing database queries, document processes, and security measures. Supporting federal government programs through effective security operations in McLean, VA.
Site Security Specialist tasked with implementing security measures for client at Richmond site. Acting as point of contact for security team and client management.
Information Security Specialist responsible for developing ISMS under ISO 27001 and guiding audits. Collaborating closely with IT and management while ensuring compliance and documentation.
Senior Threat Detection & Response Engineer at ICF developing cyber analytic capabilities for federal cybersecurity. Engage in project design and countermeasure capabilities while collaborating with key stakeholders.
Technician in Occupational Safety at Telefônica working on safety programs to prevent workplace accidents. Ensuring compliance with safety regulations in Ribeirão Preto/SP.
Cybersecurity Engineer at Mythics implementing Zero Trust security architecture for federal systems. Collaborating with senior engineers on secure data movement and vulnerability remediation.
Lead Information Security Engineer focused on phishing mitigation in Cybersecurity at Wells Fargo. Engaging in threat detection and incident response across various teams.