Offensive Security Engineer

Sao Paulo (Remote)

dLocal

Simplify your cross-border payment operations in high-growth markets. Send and receive funds locally, reaching new customers. One easy integration, unlimited secure transactions.

View all jobs at dLocal

Apply now Apply later

Why you should join dLocal?
dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets. 
By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health, and learning benefits, among others. Being a part of dLocal means working with 900+ teammates from 25+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.

What’s the opportunity?

  • Assess network, environment, or technologies;
  • Write tooling to assist with offensive security assessment;
  • Conduct discovery activities to map environments;
  • Build, conduct, and participate in offensive security exercises;
  • Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews;
  • Work closely with development teams to mitigate or remediate security vulnerabilities;
  • Empower developers to do their jobs securely without creating additional friction;
  • Educate our engineers about security in application code and infrastructure;
  • Educate our non-technical employees about security good practices and attacks;
  • Assist in Incident Response activities (if it involves Security);

What skills do I need?

  • Advanced background in Offensive Security (Red Team active participation);
  • Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them;
  • A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset);
  • Well-rounded background in host, network and application security (Web, API and Mobile);
  • Huge familiarity with threat analysis (malware, phishing, social engineering, etc);
  • Attacker mindset ability to think about creative threats and attack vectors;
  • Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement;
  • Know-How of Threat modeling in a cloud environment;
  • Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others;
  • Familiarity with implementation and maintenance of SAST/DAST/IAST sensors;
  • In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks;
  • Understanding of a complete SDLC and how to make it secured (S-SDLC)
  • Familiarity with Cloud platforms (AWS or equivalent);
  • Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team);
  • Effective written and oral communication involving both business and technical sides of the business;
  • Quickly identify issues and solve them;
  • Ability to present technical risks to a broader audience (both written and spoken);

Nice to have!

  • Experience on research of vulnerabilities and development of exploitation tools
  • Building and automating common Red Team processes and activities
  • Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
  • Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
  • Exposure to PCI-DSS framework or any other relevant security standard will be valued
  • Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
  • Active participation in CTFs and also Bug Bounty programs

What happens after you apply?
Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpageLinkedinInstagram, and Youtube for more about dLocal!
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  9  1  0

Tags: APIs Application security AWS Burp Suite CEH Cloud DAST IAST Incident response Kali Linux Malware Metasploit Microservices Nmap Offensive security OSCE OSCP OSWE OSWP Pentesting Qualys Red team SAST SDLC Security assessment SHODAN Vulnerabilities

Perks/benefits: Career development Conferences Flex hours Health care Team events

Regions: Remote/Anywhere South America
Country: Brazil

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.