Background image
HomeJoin our team!

Security Specialist Ssr

Position Summary

At Mikroways, we are looking for a Cybersecurity Specialist focused on offensive security and cloud environments, oriented toward participating in projects of high technical complexity on modern architectures.

The required profile must have demonstrable experience in the identification, exploitation, and analysis of vulnerabilities, as well as in the development of concrete remediation recommendations, with a comprehensive understanding of both technical and business impact.

Responsibilities

  • Execution of penetration tests on web applications and APIs (black/grey/white-box).
  • Identification of vulnerabilities in applications, services, and architectures deployed in cloud environments.
  • Security assessment of workloads on AWS, including identity, network, and service exposure configurations.
  • Analysis of attack vectors associated with architectures based on microservices, containers, and Kubernetes.
  • Preparation of technical and executive reports, with prioritization based on risk and impact.
  • Definition of remediation plans and technical support during their implementation.
  • Participation in security assessments, architecture reviews, and hardening processes.
  • Interaction with development, DevOps, and architecture teams for the continuous improvement of the security posture.

Technical Requirements

Offensive Security

  • Solid experience in penetration testing on web applications and APIs.
  • In-depth knowledge of OWASP Top 10 and OWASP API Security Top 10.
  • Mastery of testing methodologies such as OWASP Testing Guide, OSSTMM, and PTES.
  • Advanced handling of tools such as Burp Suite, Nmap, Metasploit, as well as experience in manual exploitation techniques.

Cloud Security

  • Practical experience in AWS environments (mandatory), GCP/Azure (desirable).
  • Knowledge of security for services such as IAM, S3, EC2, RDS, and Lambda.
  • Understanding of network configurations (VPC, Security Groups, NACLs) and their impact on the attack surface.
  • Familiarity with tools such as AWS Security Hub, GuardDuty, and WAF or similar.
  • Understanding of the shared responsibility model and cloud hardening best practices.

Architecture and DevSecOps

  • Knowledge of microservices-based architectures.
  • Experience with containers (Docker) and Kubernetes environments (desirable).
  • Understanding of the integration of security practices into CI/CD pipelines.
  • Familiarity with code analysis and security tools such as SonarQube, Snyk, and OWASP ZAP.

AI and Security (desirable)

  • Basic or intermediate knowledge of risks associated with applications that integrate artificial intelligence models.
  • Understanding of concepts such as prompt injection, data exposure, model abuse, and security in integrations with generative model APIs.
  • Familiarity with generative model tools and platforms.

Profile

  • Analytical capacity and critical thinking oriented toward offensive security.
  • Autonomy in the execution of end-to-end assessments.
  • Ability to communicate technical risks to non-technical audiences.
  • Results orientation and continuous improvement.

The following will be especially valued:

  • Experience in real pentesting projects in production environments.
  • Participation in bug bounty programs.
  • Certifications such as OSCP, CPTS, OSWE, or AWS Certified Security – Specialty (not mandatory).

Offer

  • Participation in projects of high technical complexity in cloud environments.
  • Integration with teams specialized in architecture, DevOps, and security.
  • Professional development in a strategic area of the company.
  • Dynamic work model, focused on results and technical growth.
Apply now