Offensive Security Expert – Latin America. Own the offensive security strategy on the cloud platform, ensuring our financial platforms and customer data remain resilient against sophisticated attacks. Key Responsibilities Advanced Penetration Testing: Plan and execute comprehensive manual and automated penetration tests on our web applications and APIs using web pentesting tools, identifying critical logic flaws and security loopholes. Vulnerability Management Strategy: Orchestrate the end‑to‑end vulnerability lifecycle using security scanners and vulnerability analyzers. Triage findings, prioritize remediation based on risk, and manage our external bug bounty programs. Application Security (AppSec): Integrate security seamlessly into our CI/CD pipelines (GitLab / Jenkins) by implementing and overseeing SAST/DAST processes to ensure code is secure before deployment. Cloud Security Architecture: Monitor and harden our cloud platform on AWS using native AWS security tools, ensuring our infrastructure adheres to best practices and compliance standards. Remediation & Collaboration: Act as a technical advisor to engineering teams, providing clear guidance on fixing security flaws and fostering a "security first" culture within the development lifecycle. Requirements Background & Experience: 5+ years of experience in cybersecurity, focusing on penetration testing, application security, or cloud security, preferably in fintech or banking, with experience in PCI DSS audits. Technical Stack Expertise: Deep proficiency with Burp Suite for pentesting, WIZ for cloud visibility, and experience configuring SAST/DAST tools. Strong hands‑on knowledge of AWS services and security controls is essential. Linux Proficiency: Must be comfortable with any Linux distribution and testing tools such as nmap, Nikto, OWASP ZAP, Tenable, Postman, fuzzing tools, SQLMap, Puppeteer, and similar. DevOps Integration: Practical experience securing CI/CD pipelines using GitLab or Jenkins. Language Skills: Bilingual in Spanish and English with the ability to communicate complex technical risks to both local and international stakeholders. Certifications: Holding one of the following certifications—OSCP, CEH Practical, EWPT, AWS Security Specialty, BSCP—will be highly valued. Job Candidate Privacy Policy – #J-18808-Ljbffr