Penetration Tester/Ethical Hacker

Penetration Tester/Ethical Hacker (Senior and mid Level) Formato hibrido "Oficina/remoto" Wizlynx Group, with the founding core of our company headquartered in Switzerland since 1992, is an ethical, trustworthy, and vendor-agnostic global Cyber Security provider. Our vision is to be a best-in-class global Cyber Security company, enabling customers to focus on their core business by providing high-quality, value-added, and innovative Cyber Security services. This position is offered under a hybrid work model , requiring a maximum of 4 on‑site days per month at our offices located in the south of Mexico City (CDMX) . The selected candidate will be exclusively assigned to one of our strategic clients , focusing 100% on supporting and securing their environment. We are looking for a Mid–Senior Web Application Pentester with strong hands‑on experience in web and API security testing . This role is 100% focused on web applications , with limited exposure to mobile testing. The ideal candidate has a strong offensive mindset, understands real‑world attack scenarios, and is capable of identifying not only technical vulnerabilities but also business logic flaws , especially in e-commerce and transactional platforms . Roles and Responsibilities Perform manual-focused penetration tests on web applications , prioritizing real exploitation over automated scanning. Conduct security assessments on REST and GraphQL APIs , including authentication, authorization, access control and data exposure testing. Analyze and exploit authentication and authorization mechanisms , including: OAuth 2.0 / OpenID Connect (authorization flows, scopes, token handling and misconfigurations) JSON Web Tokens (JWT): claim manipulation, insecure algorithms, expiration and signature validation. Identify and exploit business logic vulnerabilities , particularly in e‑commerce platforms (price manipulation, payment bypass, discount abuse, privilege escalation). Discover and exploit common and advanced web vulnerabilities, including: IDOR / BOLA, BFLA Mass Assignment and insufficient server‑side validation. Produce clear and technical pentesting reports , including proof of concept, business impact and actionable remediation recommendations. Collaborate with development and security teams to explain attack vectors and mitigation strategies. Stay up to date with OWASP Top 10 (Web & API) and emerging web attack techniques. Must‑Have Requirements Practical experience testing REST APIs . Solid knowledge of OAuth 2.0 / OpenID Connect . Strong understanding of JWT structure, validation and common attack vectors . Ability to identify and exploit business logic flaws , especially in e‑commerce scenarios. Advanced usage of Burp Suite , complemented by manual testing techniques. Ability to write clear, technical and actionable reports . Offensive mindset and strong analytical skills. Nice‑to‑Have Experience testing GraphQL APIs . Experience with e-commerce platforms . Security certifications (OSCP, OSWE, eWPT, CRTO or similar). Experience with CI/CD or DevSecOps environments. Participation in CTFs or bug bounty programs . Languages English required. Spanish a plus. Seniority level Mid–Senior Employment type Full‑time Job function Information Technology Computer and Network Security Get notified about new Penetration Tester jobs in Mexico City , Mexico . #J-18808-Ljbffr