Security Engineer (Red Team)

iFood - PÁGINA DE CARREIRAS | Posted 4-05-2021

Campinas (Cíber segurança)


iFood is the biggest and fastest growing FoodTech company in Latin America, operating in Brazil and Colombia. We aim to make people lives more convenient and joyful, by simplifying and disrupting the way they eat through applied technology. Working with us means impact positively millions of lives, but we want to turn this number into a billion.

Are you a cyber security person and passionate about learning and developing?
I say more, how about doing this in a friendly team and leadership environment that stimulate your development? Introducing the iFood Cyber Team!
Here we have the constant challenge of keeping the largest Brazilian delivery company safe with real integration and collaboration from other teams and a great diversity of technology stacks and after all, we cannot maintain this level without stimulating training and individual development, right?

We are looking for a Security Engineer to join our Red Team to perform Pentests on web and mobile applications, infrastructure, networks and others. As part of this activity, he/she will report the identified points to the responsible teams, as well as suggest action plans to correct/remediate the vulnerabilities, prepare kill chains or PoC to demonstrate the exploitation of them when necessary.
It is desirable that the Security Engineer has a vision of automation and scalability for the processes in the area, that he/she also has the autonomy to perform and develop their own security testing exercises (Tech day, Pentestings, War Games, Phishing Simulations, etc.), because we are looking for an innovative professional who likes the challenge of testing controls and barriers, who can create a healthy culture working together with the defense team, development team, among others. We want people who are self-motivated and passionate about cyber culture.

Therefore, it is essential that the Analyst has experience in relationships with different areas of the group and also with external actors, partners and suppliers that we use to operationalize this process and services of the Red Team area.

A basic level of english comprehension is required, with the candidate willing to improve their english to a business professional level, as it will be required for meetings and projects.


As a Security Engineer (Red Team), your challenges will be:

  • Executing tests on web applications, APIs and microservices;
  • Mobile application testing (IOS, Android, React, Flutter);
  • Performing tests in infrastructure, servers and wireless network;
  • Performance of tests focused on fraud;
  • Preparation and presentation of (pentest) reports for technical teams and executives;
  • Performing/developing tasks and attacks in an automated manner;
  • Performing threat modeling and security requirements using industry best practices (e.g. MITRE and other methods);
  • Perform DAST and vulnerability management with automated tools;
  • Work closely with technology, security and other group business teams to test/evaluate incident detection and response capabilities;
  • Supporting the technology area and the Security area for mitigation, compensatory controls and vulnerability remediation.

The ingredients we're searching for:

  • Education: Higher Education in Computer Science, Information Systems or related areas;
  • Experience in penetration testing of Web applications, networks and internal environment
  • Experience with Offensive tools (Metasploit Framework, Ettercap, Acunetix, Nexpose, Sqlmap, aircrack-ng and others)
  • Experience with tools like Burp for manipulating pentests in Web applications
Some optional toppings:
  • Desirable to have market certifications such as OSCP and Offensive Security track as a whole, DCPT, eLearnSecurity track (eMAPT, eWPT) among others;
  • Experience in technical and management reporting desirable;
  • Experience in defining security architectures and solutions for environments, systems and applications;
  • Previous experience with code review and development security (SDLC) desirable;
  • Experience with AWS and Azure solutions and services;
  • Experience with integration and infrastructure vulnerability patching(CIS, NIST and SANS)
  • Offensive Mindset

Our Specials

  • Meal Allowance ("ticket refeição and/or ticket alimentação")
  • Fuel or public transportation allowance
  • Health and dental plan
  • Life insurance
  • Children Allowance
  • Subsidy to sports practicing (Gympass)
  • Subsidy to english classes
  • Relocation package for people who live 200km+ away from the office
  • Breakfast, beer, energy drink, video games, snacks, pet day and more.
  • You'll work in a very fast-paced and collaborative environment along with other ambitious people. Also, we have nice swags on our offices

Location

We are a remote friendly company and strive to onboard the best brilliant minds, wherever they are located! Additionally, iFood has several VERY NICE technology hubs spread over Brazil for our FoodLovers to use - Campinas/SP, São Carlos/SP, Osasco/SP, Porto Alegre/RS and Recife/PE - and also supports candidates that would like to relocate to some of those cities with a relocation plan.


Diversity & Inclusion

iFood is an equal opportunity employer, committed to creating a diverse environment. Here, we work hard to make sure everyone deserve respect, empathy and equal opportunities to succeed. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics or age."


Disclaimer

O iFood é uma empresa global que já opera em múltiplos países e por isso estimulamos o uso do inglês em nosso cotidiano. Aqui você será estimulado a fazer aulas, ler, escrever e falar em inglês através de expressões do dia a dia, eventos, cursos, entre outros. Apesar de não ser um pré-requisito, a compreensão de textos em inglês é muito importante para nós.