We are looking for professionals eager to innovate and grow alongside Every Cybersecurity! We are a solid company operating in **Privacy, Information Security, and Governance, Risk, and Compliance (GRC)**, with an exclusive focus on **customer satisfaction**. We boast a **visionary leadership team**, a **collaborative workforce**, and an **excellent organizational climate**. **In-person position – Brasília** Join us to **\#BeHappy at Every Cybersecurity!** **Responsibilities and Duties:** **RED TEAM PROFILE:** * Identify and dissect vulnerabilities, with or without tools; * Demonstrate the business impact resulting from identified vulnerabilities; * Validate exploitation points and post-exploitation scenarios, assessing both potential perimeter breaches and assuming the perimeter has already been breached; * Conduct application testing, validate new features and new projects; * Apply privilege escalation and lateral movement techniques within internal infrastructure and cloud environments; * Collaborate with the rest of the team to develop threat modeling processes and defense strategies. **BLUE TEAM PROFILE:** * Develop a methodology for managing the processes comprising an Information Security Management System (ISMS), such as incident management, vulnerability management, and information security risk management; * Perform the information security risk management lifecycle with clients; * Create/review information security policies and all related documentation constituting the information security documentation framework; * Conduct gap analysis using leading industry frameworks as normative references; * Develop an Information Security/Cybersecurity Master Plan; * Develop Business Continuity Plans, Operational Continuity Plans, Business Impact Analyses (BIA), and other documents supporting Business Continuity Management; * Design and implement controls required for an Information Security Management System; * Support/conduct business process/operational workflow modeling through interviews with responsible stakeholders; * Detect threats and vulnerabilities compromising corporate information; * Support/validate and record all agreed-upon events with the client via meeting minutes or action logs; * Provide necessary resources for technical training and skill enhancement of security team members; * Lead a security requirements assessment process aligned with ISO/IEC 27001 and 27701 requirements; * Generate reports on information security compliance and/or maturity based on the security requirements assessment process, and develop action plans for alignment—including recommendations for adopting security controls, processes, and tools for clients; * Deliver training sessions on current information security topics to raise awareness and foster a security-oriented culture; * Ensure the effectiveness and sustainability of organizational activities meeting mandatory requirements defined by the Information Security strategy. **Requirements and Qualifications:** **RED TEAM PROFILE:** * Knowledge of cyber threats and vulnerabilities; * Solid networking knowledge; * Solid knowledge of operating systems (Windows, Linux); * Knowledge of cloud architecture, including assessment of internal and cloud infrastructure; * Familiarity with security frameworks and standards (e.g., NIST CSF, PCI DSS, ISO/IEC 27000 series); * Knowledge of malware analysis; * Experience using the MITRE ATT&CK framework; * Experience with tools such as Burp Suite for web application testing; * Proven experience in penetration testing; * Experience with offensive security tools; * Ability to read, modify, interpret, and write scripts for Linux/Windows; * Completed undergraduate degree in one of the following fields: Systems Analysis, Computer Science, Data Processing, Information Systems, Informatics, Computer Engineering, or Information Security; * At least one of the following certifications—or equivalent market-recognized certifications covering Penetration Testing: CompTIA Security+, CompTIA PenTest+, Certified Ethical Hacker (CEH), OSCP (Offensive Security Certified Professional), eJPT (eLearnSecurity Junior Penetration Tester). **BLUE TEAM PROFILE:** * Experience creating and reviewing security policies, standards, processes, and procedures; * Knowledge of Brazilian and international legislation, as well as best practices in Information Security; * Experience conducting internal audits and preparing audit reports and documentation; * Knowledge of computer network infrastructure; * Analytical thinking, business acumen, strong interpersonal communication skills, and ability to handle complex tasks; * Familiarity with security and technology frameworks and regulations, including ISO/IEC 27001, ISO/IEC 27701, NIST CSF, CIS Controls, and MITRE ATT&CK®; * Experience performing Gap Analysis using security frameworks; * Experience in Information Security Risk Management; * ISO/IEC 27001 certification; * ISO/IEC 27005 certification.