Security Engineer (Penetration Tester) - Remote at Paramo Technologies

We are...

a cutting-edge e-commerce company developing products for our technological platform. Our creative, smart, dedicated teams pool their knowledge and experience to find the best solutions to meet project needs while maintaining sustainable and long-lasting results. How? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative, and respectful culture.

What you will be doing...

You will protect our infrastructure by searching for and helping address vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.

Must also be bilingual: English/Spanish.

Key Responsibilities:

• Perform thorough penetration testing on various components of the organization's IT infrastructure, including networks, web applications, API, mobile applications, and cloud environments.
• Use various tools and techniques to identify security weaknesses, such as SQL injection, cross-site scripting (XSS), privilege escalation, and other vulnerabilities.
• Develop and execute attack scenarios to assess the effectiveness of security controls and defences.
• Conduct vulnerability assessments to identify and evaluate security flaws and weaknesses within systems and applications.
• Analyze and prioritize vulnerabilities based on risk assessment and potential impact on the organization.
• Create detailed reports documenting findings from penetration tests and vulnerability assessments, including descriptions of vulnerabilities, exploitation methods, and recommended remediation actions.
• Triage vulnerabilities reported in a bug bounty program.
• Prepare and present technical and executive-level reports that clearly communicate security issues, risks, and mitigation strategies.
• Ensure that documentation is accurate, comprehensive, and delivered on time.
• Work closely with IT, development, and security teams to address identified vulnerabilities and guide remediation efforts.
• Advise on best practices for securing systems and applications based on penetration testing findings and industry standards.
• Participate in developing and improving security policies, procedures, and practices.
• Stay updated with the latest penetration testing tools, techniques, and threat vectors.
• Develop custom scripts and tools to aid penetration testing and automate repetitive tasks.
• Contribute to the refinement and enhancement of testing methodologies and frameworks.
• Engage in ongoing training and professional development to enhance skills and stay current with emerging threats and technologies.
• Share knowledge and expertise with the team to foster a culture of security awareness and continuous improvement.
• Participate in internal and external security assessments, including red team exercises and vulnerability management programs.
• Ensure penetration testing activities comply with industry standards, regulatory requirements, and organizational policies.
• Maintain an open-source way of thinking when performing penetration testing.
• Adhere to different policies set out by the organization.
• Follow and improve existing procedures.
• Keep your work organized based on tickets (Jira).
• Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.
• Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.
• Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.
• Help the organization understand advanced cyber threats.

Knowledge and skills you need to have

• Five years of a university degree or four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience, are required.
• At least 5 years of work experience in similar roles.
• Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in web applications, APIs, operating systems (Windows and Linux), networks, databases, and application servers.
• Ability to prioritize remediation and handle mitigation planning.
• Experience in working collaboratively with cross-functional/transverse IT teams.
• Ability to apply a risk-based approach while working on assigned responsibilities.
• Good understanding of reporting needs at various organizational levels and ability to design, create, and present them.
• Experience in working with any BI tools to prepare dashboards.
• Troubleshooting and problem-solving capabilities.
• Excellent analytical, communication, and documentation skills.
• Ability to organize work and prioritize work as per the operation's needs.
• Ability to work independently and as part of the Information Security Team, and can work under minimal supervision.
• Should have time management skills and manage work in a fast-moving environment.

Competencies:

• Reading comprehension: You must be able to read and understand the existing procedures and the tasks assigned to tickets. This is crucial for you to work under minimal supervision and excel. If you are a technical guru but don't understand the assigned tasks in writing or don't clarify doubts, this is not your job.
• Organization: This position has 50% recurring tasks (e.g. reviewing weekly vulnerability scans), 30% research tasks (e.g. identifying why a vulnerability scan isn't working as expected and solving it together with other teams), 10% chasing other teams (e.g. ensuring that a vulnerability is remedied), and 10% procedures (e.g. improving existing procedures).
• Prioritization: You must attend to the priorities of the assigned tasks and assign the right priority to the discovered vulnerabilities.
• Strong interpersonal, written, and oral communication skills.
• Able to conduct research into security issues and products as required.
• Ability to prioritize and execute tasks during a high-pressure moment and make sound decisions in emergencies.
• Ability to present ideas in a user-friendly language.
• Keen attention to detail.
• Proven analytical and problem-solving abilities.
• Strong customer service orientation.
• Ability to manage multiple projects, activities, and tasks simultaneously.
• Facilitation and change management skills.

Bonus points for the following

Additional requirements, not essential but "nice to have":

• Any Penetration Testing certification (i.e. CEH, OSCP, GPEN, Pentest+).
• Any Vulnerability Management certification.
• Knowledge of Splunk SIEM.
• Knowledge of CDN and WAF usage and configuration (i.e. Cloudflare, Imperva).
• Any other Cybersecurity certification.

Why choose us?

We provide the opportunity to be the best version of yourself, develop professionally, and create strong working relationships, whether working remotely or on-site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do. We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home.

We offer a range of benefits to support your personal and professional development:

Benefits:

• 22 days of annual leave
• 10 days of public/national holidays
• Health insurance options
• Access to online learning platforms
• On-site English classes in some countries, and more.

Join our team and enjoy an environment that values and supports your well-being. If this sounds like the place for you, contact us now!