Pentester (mid-Level)

Job Summary and Mission

Wizlynx Group, with the founding core of our company headquartered in Switzerland since 1992, is an ethical, trustworthy, and vendor-agnostic global Cyber Security provider. Our vision is to be a best-in-class global Cyber Security company, enabling customers to focus on their core business by providing high-quality, value-added, and innovative Cyber Security services.

This position is offered under a
hybrid work model
, requiring a
maximum of 4 on-site days per month at our offices located in the south of Mexico City (CDMX)
. The selected candidate will be
exclusively assigned to one of our strategic clients
, focusing 100% on supporting and securing their environment.

Role Responsibilities

In addition to the responsibilities described under Application Security Analyst, the following penetration testing responsibilities are also included:

• Plan and execute controlled penetration tests on web, mobile, and cloud applications.
• Perform adversary simulations to evaluate application security from an attacker's perspective.
• Identify and exploit critical vulnerabilities, reporting findings in a clear and actionable manner.
• Generate both executive and technical reports including risk, impact, PoC, and remediation plans.
• Collaborate with development teams for vulnerability retesting and fix verification.
• Develop and maintain custom scripts, exploits, and tools for advanced security testing.
• Participate in Red Team/Purple Team exercises, contributing with offensive tactics.
• Stay current on emerging threats, exploitation techniques, and vulnerabilities.

Candidate Evaluation Criteria

Candidates will be evaluated on their ability to:

• Perform end-to-end penetration testing (reconnaissance, exploitation, post-exploitation, reporting).
• Demonstrate expertise with tools such as Burp Suite Pro, Metasploit, OWASP ZAP, Nmap, Nessus, Kali Linux, etc.
• Explain complex vulnerabilities clearly to developers and non-technical stakeholders.
• Apply creativity and innovation in simulating sophisticated attack scenarios.

Typical Education and Experience

• Bachelor's degree or higher in Computer Science, Information Security, or equivalent experience.
• 1+ years of professional experience in IT security engineering, software engineering, or related field.
• 1+ years of hands-on development experience with HTML, C++, C#, JavaScript, Python, PHP, SQL, JSON, XML, etc.
• Strong understanding of SSL/TLS, REST, SAML, OAuth.
• Experience with tools like Confluence, Burp Suite, SAST/SCA, GitHub, ServiceNow.
• Experience validating and testing vulnerabilities found in penetration tests or bug bounty programs.
• Desired certifications: OSCP, OSWE, GPEN, GXPN, CEH Practical, eWPTX, or equivalent.
• Bug Bounty or CTF experience is a plus.
• Working knowledge of eCommerce platforms such as Salesforce Commerce Cloud is an advantage.
• Familiarity with Agile/SCRUM and Waterfall methodologies, and enterprise SDLC processes.
• Knowledge of web technologies (applications, services, architectures) and network/web protocols.

Language Skills

• Advanced spoken and written English is strictly required
  , as the role involves direct interaction with international teams and client stakeholders.
• Ability to communicate clearly and concisely, both orally and in writing, in English as well as in the local language.

Soft Skills

• Team oriented
• Flexible attitude, reliable, responsible, and proactive
• Professional and friendly approach and appearance
• Willingness to take on new responsibilities and learn new tools or processes