CAS | Senior Information Security Analyst – Focus on Offensive Security (Penetration Testing)

Description

Job Summary: An Information Security Analyst focused on offensive security, vulnerability management, Red Team activities, and security testing, leading and executing penetration tests and Red Team exercises. Key Highlights: 1. Focus on Offensive Security and Vulnerability Management 2. Engagement in Red Team, Penetration Testing, and Adversary Simulations 3. Use of methodologies such as OWASP, PTES, MITRE ATT&CK Have you ever considered joining a team whose purpose is to contribute to a more prosperous and secure society? We are seeking creative, passionate, and dedicated minds to join our Offensive Security team. If you are driven by passion, collaboration, proactivity, and ready for exciting challenges, this is your opportunity. We are looking for an Information Security Analyst with a focus on offensive security, directly engaged in vulnerability management, Red Team exercises, and security testing—possessing strong technical capability, agility, adaptability to change, and the ability to lead/execute security testing (penetration testing) and Red Team exercises. **Responsibilities and Duties** * Conducting Penetration Tests (Pentests) on applications (Web / Mobile), AI, infrastructure, and Cloud; * Executing Red and Purple Team exercises; * Participating in adversary simulations. * Identifying vulnerabilities and their respective risk levels in existing products and services. * Planning, executing, and documenting intrusion tests (pentests). * Performing vulnerability analyses on web systems, APIs, networks, and infrastructure. * Creating technical reports with evidence and clear remediation recommendations. * Supporting internal teams in understanding risks and revalidating applied fixes. * Using frameworks and methodologies such as OWASP, PTES, MITRE ATT&CK, among others. * Conducting internal pentests and managing external vendors. * Experience with Adversarial Exposure Validation (AEV) platforms * Ability to simulate real-world attacks—including reconnaissance, initial access, lateral movement, privilege escalation, persistence, and exfiltration—including knowledge of post-exploitation frameworks (C2) * Defensive collaboration (Purple Team): ability to integrate Red Team with Blue Team, supporting the cybersecurity defense team in validating detections and creating security monitoring rules * Skills in vulnerability research and analysis, including knowledge of defense evasion, fuzzing, reverse engineering, and malware analysis * Knowledge of security analysis tools for AI models, including prompt injection and data poisoning testing * Knowledge of machine learning integration for predicting attack paths in security testing and adversary simulation exercises **Requirements and Qualifications** * Pentest tools (Burp Pro, nmap, Metasploit, sqlmap, brute-force tools, vulnerability scanners, etc.). * Scripting languages (Shell script, PowerShell, Python, etc.); * Solid experience in web and mobile application security * Practical knowledge of intrusion testing methodologies (OWASP Top 10, PTES, MITRE ATT&CK, etc.); * Ability to conduct high-quality technical tests and produce well-structured reports; **Additional Information** **At the Sicredi Administrative Center (CAS)**, for positions in business areas, we adopt a hybrid work model consolidated as 3 days onsite at the company headquarters located at Av. Assis Brasil, 3940, São Sebastião, Porto Alegre/RS, and 2 days remote. For Tech area positions, we adopt a fully remote work model. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ____________________________________________________________________________________________________________________ At **Sicredi**, you will have: 14th and 15th fixed salaries; Profit Sharing (based on seniority); Health and Dental Plans with no co-payment, Well-being Programs via Wellhub (formerly Gympass), Nutrition, Psychology, Occupational Health, Massage, Running Group, and on-site gym; Meal Allowance and Food Voucher—with flexible % allocation across VA/VR cards, no co-payment; Extended maternity and paternity leave; Childcare or babysitter allowance for children up to 6 years and 11 months; Support for children with disabilities, with no age limit; Life insurance, Private Pension Plan up to 8% of salary; Training Platform – Sicredi Aprende, offering diverse courses; 40-hour weekly workload – using a time-banking system; Remote Work Allowance (except for positions requiring 100% onsite work). **Nice to meet you—we are Sicredi.** Our journey began over 120 years ago as Brazil’s first cooperative financial institution. Today, we continue growing and transforming daily alongside **over 50,000 employees**. They are the reason we are again ranked **Best Place to Work**, holding the top position according to Great Place To Work Brazil (GPTW). Together with **over 9 million members**, across all Brazilian states, we believe in the power of cooperation to **build a more prosperous society and generate positive impact in people’s lives.** A shared purpose that unites and inspires us, promoting local and sustainable development, education, and financial inclusion. We continue seeking talents who wish to help build a better world—and we want you on board. **#JoinSicredi!**