Key Facts

Remote From:

Anywhere

Full time

English

Hard Skills

Other Skills

•
Collaboration
•
Communication

CloudWalk, Inc.

Fintech: Finance + Technology

About CloudWalk, Inc.

We are democratizing the payments industry in Brazil, by empowering entrepreneurs through technological, inclusive, and life-changing solutions. Based in Brazil, CloudWalk is a high-end global payment network built on modern technology and proprietary blockchain, focused in bringing a revolution to the payment ecosystem for small and medium-sized businesses. As a unicorn, the company has provided its customers with more than R$ 1 billion in savings by charging fair fees on its transactions and is now present in more than 300.000 businesses across 5.000 brazilian cities. With investors such as the Valor Capital Group, HIVE Ventures and Coatue, the company has already raised US$ 365.5 million in investments and R$3.4 billion in FDICs for anticipation of receivables in its network of financial solutions. In 2022, it was the only brazilian fintech to be featured in the "The Retail Tech 100" ranking by CB Insights, on the "Protection Solutions for Payments and Frauds".

Company type: SME

Industry: Fintech: Finance + Technology

Founded: 2018

Company size: 201 - 500

Website LinkedIn See all jobs →

Job description

About the Role

This is not a traditional pentesting role. At CloudWalk, you’ll go beyond running scans or writing reports. You’ll break into systems, exploit real weaknesses, and then engineer automations and agents to make sure those classes of vulnerabilities never come back. Your work will directly shape how CloudWalk defends itself at scale, turning offensive security knowledge into defensive engineering.You’ll be part of a team that blends red teaming, mobile/web pentesting, and security automation. If you enjoy moving fast, exploiting hard problems, and coding the solutions, this role is for you.

What You'll Do

Break things that matter. Pentest applications across our stack, identifying vulnerabilities in APIs, mobile apps (Android/iOS), and infrastructure before attackers do.

Run red team operations. Plan and execute realistic attack campaigns: phishing with custom domains, social engineering, lateral movement, privilege escalation. Measure real organizational resilience, not checkbox compliance.

Build offensive tooling. Engineer security platforms, scanning pipelines, and automation that multiply the team's impact.

Weaponize AI for defense. Design and build LLM-powered agents that detect, classify, triage and fix vulnerabilities in real time.

What We're Looking For

Strong knowledge of common vulnerabilities, exploitation techniques, and secure coding practices. You can find bugs in source code, not just with a proxy.

Experience with web application and API pentesting. Mobile pentesting (Android/iOS) is a strong plus.

You code daily. Proficiency in Typescript, Go, or similar, not just scripts, but tools and services others can rely on.

Familiarity with cloud infrastructure security (GCP/AWS/Azure), Kubernetes, and service mesh concepts.

Understanding of CI/CD pipelines and how to embed security checks into them.

Experience leveraging LLMs or AI agents for security tasks.

Excellent communication and collaboration skills to work effectively with engineering teams.

Bonus Points

Experience with red team operations: phishing infrastructure, social engineering, C2 frameworks.

Familiarity with payment industry security (PCI DSS, card tokenization, acquiring flows).

Experience building security platforms or internal tooling (dashboards, bots, vulnerability management systems).

Contributions to open source security tools, published security research or CTFs.

Join us at CloudWalk, where we're not just engineering solutions; we're building a smarter, AI-driven future for payments and credit—together.