Web Application Pentester

hace 2 semanas

Ciudad de México, Ciudad de México wizlynx group A tiempo completo

Job description

We are looking for a
Mid–Senior Web Application Pentester
with strong hands-on experience in
web and API security testing
.

This role is
100% focused on web applications
, with limited exposure to mobile testing.

The ideal candidate has a strong offensive mindset, understands real-world attack scenarios, and is capable of identifying not only technical vulnerabilities but also
business logic flaws
, especially in
e-commerce and transactional platforms
.

Roles and Responsibilities

  • Perform
    manual-focused penetration tests on web applications
    , prioritizing real exploitation over automated scanning.
  • Conduct
    security assessments on REST and GraphQL APIs
    , including authentication, authorization, access control and data exposure testing.
  • Analyze and exploit
    authentication and authorization mechanisms
    , including:
  • OAuth 2.0 / OpenID Connect (authorization flows, scopes, token handling and misconfigurations)
  • JSON Web Tokens (JWT): claim manipulation, insecure algorithms, expiration and signature validation.
  • Identify and exploit
    business logic vulnerabilities
    , particularly in e-commerce platforms (price manipulation, payment bypass, discount abuse, privilege escalation).
  • Discover and exploit common and advanced web vulnerabilities, including:
  • SQL Injection, XSS, CSRF, SSTI
  • IDOR / BOLA, BFLA
  • Mass Assignment and insufficient server-side validation.
  • Produce
    clear and technical pentesting reports
    , including proof of concept, business impact and actionable remediation recommendations.
  • Collaborate with development and security teams to explain attack vectors and mitigation strategies.
  • Stay up to date with
    OWASP Top 10 (Web & API)
    and emerging web attack techniques.

Must-Have Requirements

  • Proven hands-on experience in
    web application penetration testing
    .
  • Strong understanding of
    HTTP/HTTPS, sessions, cookies and headers
    .
  • Practical experience testing
    REST APIs
    .
  • Solid knowledge of
    OAuth 2.0 / OpenID Connect
    .
  • Strong understanding of
    JWT structure, validation and common attack vectors
    .
  • Ability to identify and exploit
    business logic flaws
    , especially in e-commerce scenarios.
  • Advanced usage of
    Burp Suite
    , complemented by manual testing techniques.
  • Ability to write
    clear, technical and actionable reports
    .
  • Offensive mindset and strong analytical skills.

Nice-to-Have

  • Experience testing
    GraphQL APIs
    .
  • Scripting skills (Python, Bash, JavaScript).
  • Experience with
    e-commerce platforms
    .
  • Security certifications (OSCP, OSWE, eWPT, CRTO or similar).
  • Experience with CI/CD or DevSecOps environments.
  • Participation in
    CTFs or bug bounty programs
    .

Languages

English required

Work model

Hybrid (Office + Remote)

  • Web Application Firewall Engineer

    hace 7 días

    Ciudad de México, Ciudad de México DaCodes A tiempo completo

    Work at DaCodesWe are a firm of experts in high-impact software and digital transformation.For over 10 years, we've been building technology- and innovation-driven solutions thanks to our team of 300+ talented #DaCoders, including developers, architects, UX/UI designers, PMs, QA testers, and more. Our team collaborates on projects with clients across LATAM...

  • Pentester (mid-Level)

    hace 5 días

    Ciudad de México, Ciudad de México wizlynx group A tiempo completo

    Job Summary and MissionWizlynx Group, with the founding core of our company headquartered in Switzerland since 1992, is an ethical, trustworthy, and vendor-agnostic global Cyber Security provider. Our vision is to be a best-in-class global Cyber Security company, enabling customers to focus on their core business by providing high-quality, value-added, and...

  • Application Support Engineer

    hace 7 días

    Ciudad de México, Ciudad de México Cyferd A tiempo completo

    Job Title: Application Support EngineerLocation: Mexico City (initially remote)Department: Customer SuccessAbout CyferdCyferd is a fast-growing technology company offering a Composable Solutions Platform that enables businesses to create interconnected applications easily. We develop innovative solutions designed to help organizations work smarter, faster,...

  • Senior Retail Application Engineer

    hace 2 semanas

    Ciudad de México, Ciudad de México Oracle A tiempo completo

    DescriptionSenior Retail Application EngineerPreferred QualificationsThe Application Management Services Team provides Cloud-based Application, Infrastructure and Platform services to allow the Oracle Retail Global Industry Unit (RGIU) to deliver Cloud offerings for our products within the Retail vertical market. Main Responsibilities Install, configure...

  • Application Engineer

    hace 7 días

    Ciudad de México, Ciudad de México Experis México A tiempo completo

    Experis IT es una empresa de tecnologías de la información que vincula de manera efectiva al talento más competitivo con grandes empresas en México, Norteamérica y Europa. Experis IT es parte de la empresa Manpower Group no. 1 en atracción de talento a nivel mundial.Application Engineer – IC2)Modalidad:RemotoIdioma requerido:Inglés avanzado...

  • Marketing Web Developer

    hace 2 días

    Ciudad de México, Ciudad de México Jobgether A tiempo completo

    This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Marketing Web Developer in Mexico. This role focuses on building and optimizing high-impact marketing websites that directly support growth, lead generation, and brand visibility. You will take ownership of the technical web experience, translating creative...

  • Web Designer

    hace 5 días

    Ciudad de México, Ciudad de México Inside Out A tiempo completo

    ** IMPORTANT ** WATCH THIS QUICK LOOM VIDEO ON HOW TO GET HIRED: JOB TITLE Web Designer & Content CreatorJOB IDROBAYI2INDUSTRYSecurityLOCATIONLATAMJOB STATUSFull Time WORK SCHEDULE8:30am to 5:30pm EST (Monday-Friday) and on weekends, as needed to support client needs.SALARY$8 - $9 per hourTARGET START DATEASAP ROLE OVERVIEWAbout the Client: The client is a...

  • Penetration Tester/Ethical Hacker

    hace 1 semana

    Ciudad de México, Ciudad de México wizlynx group A tiempo completo

    Job Summary and MissionWizlynx Group, with the founding core of our company headquartered in Switzerland since 1992, is an ethical, trustworthy, and vendor-agnostic global Cyber Security provider. Our vision is to be a best-in-class global Cyber Security company, enabling customers to focus on their core business by providing high-quality, value-added, and...

  • E-Commerce Web Developer

    hace 1 semana

    Ciudad de México, Ciudad de México Hire Overseas A tiempo completo

    We're looking for a technically savvy Web Designer who's skilled at implementing tracking tools, working across CMS platforms, and supporting high-performance ad campaigns through clean, reliable instrumentation. This role is ideal for someone who loves the behind-the-scenes of digital performance—tagging conversion events, syncing ecommerce catalogs, and...

  • Associate Manager – IT Cloud and Application Security-2

    hace 1 semana

    Ciudad de México, Ciudad de México Kraft Heinz A tiempo completo

    Job DescriptionThe Associate Manager – IT Cloud and Application Security will be a critical function responsible for helping to evangelize the Application Security program at Kraft Heinz by fostering a collaborative and educational working relationship between the application security and the business / development teams. We are looking for individuals who...