Ethical Hacker Mid to Senior Level (5+ Years) - LATAM

Company Profile

Insight Assurance is a security and compliance firm trusted by over 1200 organizations for their SOC 2, PCI DSS, ISO 27001, and HIPAA audit needs. Insight Assurance is a licensed CPA firm, PCI Qualified Security Assessor (QSA), and ISO 27001 Certification Body founded by former Big-4 professionals (Former EY) looking to simplify the world of IT compliance.

About the Role

We are seeking a highly skilled and experienced Red Team Operator to join our cybersecurity team. The ideal candidate will be responsible for simulating advanced persistent threats (APTs), conducting adversarial assessments, and helping strengthen our organization's security posture. You will work closely with cross-functional teams, including blue teams, to identify vulnerabilities, test incident response mechanisms, and provide actionable insights to mitigate risks.

Key Responsibilities

1. Adversary Simulation:
   • Plan and execute realistic attack scenarios simulating the tactics, techniques, and procedures (TTPs) of sophisticated threat actors.
   • Design and deliver red team engagements, including physical, social engineering, and cyberattack components.
2. Technical Assessments:
   • Perform penetration testing of networks, applications, and systems using tools such as Burp Suite, Metasploit, Cobalt Strike, and custom scripts.
   • Bypass defensive controls, including IDS/IPS, firewalls, EDR solutions, and WAFs.
   • Exploit vulnerabilities to achieve and escalate privilege levels while avoiding detection.
3. Reporting and Remediation:
   • Prepare detailed reports documenting findings, attack vectors, and recommended mitigation.
   • Present results to both technical and non-technical stakeholders.
4. Collaboration and Knowledge Sharing:
   • Collaborate with blue teams to refine incident detection and response capabilities.
   • Provide guidance on improving threat hunting and monitoring strategies.
5. Continuous Improvement:
   • Stay updated on the latest attack techniques, vulnerabilities, and defensive countermeasures.
   • Research and develop new tools, exploits, and methodologies to enhance the red team’s capabilities.

Qualifications and Experience

• Experience: Minimum 5 years in offensive security, penetration testing, or red team operations.
• Technical Expertise:
  • Proficient in scripting and automation using Python, PowerShell, Bash, or similar.
  • Strong knowledge of Windows and Linux systems, Active Directory, and cloud environments (AWS, Azure, GCP).
  • Familiarity with modern TTPs (e.g., MITRE ATT&CK framework).
• Certifications (Preferred):
  • Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester (GPEN), or other relevant certifications.
• Tools: Hands-on experience with Cobalt Strike, Metasploit, BloodHound, Impacket, Burp Suite, and other offensive security tools.

Soft Skills

• Strong analytical and problem-solving skills.
• Ability to work independently and within a team.
• Excellent communication skills, both verbal and written.
• Critical thinking and creativity in approach to security challenges.

Privacy Notice CCPA: 

• Insight Assurance shares your personal data/information with Greenhouse recruiting because this is the tool we use for the recruitment process.
• Insight Assurance does not sell personal data/information under any circumstances.
• You may exercise your rights under personal data protection legislation by reaching out to us via: HR@insightassurance.com or submit a request via mail at 400 N Tampa St. 15th Floor Suite 122, Tampa, FL 33602

Privacy Notice GDPR:

This notice informs you about the categories of Personal Data/ Information and the Purpose and Scope of Processing Activities to be undertaken by Insight Assurance (we, us, our), under its job application and recruitment process.

We resort to Greenhouse.com as the platform that supports our recruitment process, and therefore your Personal Data/ Information will be Processed on this tool (hosted, shared with, cross-referenced, accessed by our team); we have in place contractual terms and the commitment of Greenhouse.com that ensures the Security and Confidentiality plus Purpose limitation with regards to the Processing of your Personal Data.

When you reply to one of your job postings, you voluntarily and freely submit your Personal Data to us; this, allied with the fact that the Processing by us (and over Greenhouse.com) of that Personal Data has the sole Purpose of validating your application and proceeding with the inherent scrutiny and decision, allows us to argue having Legitimate Interest as the applicable Legal Basis to undertake the Processing of your Personal Data under this scope.

We are a U.S. based company, hence some or all Personal Data pertaining to you will be hosted in the U.S.

The categories of Personal Data under Processing consist of:

• Identification
• Contact
• Education and Professional
• Interview performance
• Evaluation

You may exercise several Rights as determined under applicable Personal Data Protection legislation, in short:

• Right of Access – meaning getting information about the Personal Data under Processing by us, except for the information you already know;
• Right of Erasure – you may ask for us to erase all Personal Data pertaining to you under Processing; this may imply you being excluded from the recruitment process, for without information we cannot proceed with it;
• Right of Opposition or Restriction of Processing – you may ask us to stop some Processing or restrict the Processing of some Personal Data, this may imply you being excluded from the recruitment process, at our sole discretion also for without information we cannot proceed with it;
• Rectification – you can rectify your Personal Data at anytime