Vulnerability Researcher (Cybersecurity)

TL;DR

Vulnerability Researcher (Cybersecurity): Identify real-world security vulnerabilities across modern web applications, APIs, and workflows, translating findings into scalable automated testing logic with an accent on offensive security techniques and automation. Focus on analyzing authentication/authorization mechanisms, developing payloads and exploit strategies, and replicating sophisticated attack scenarios at scale.

Location: Must be located in Latin America

Company

A leading nearshore staff augmentation provider headquartered in New York, partnering with U.S. companies including a hypergrowth cybersecurity startup building an Agentic Red Team platform for automated offensive security testing.

What you will do

• Perform security research on web applications, APIs, and complex workflows to identify and validate vulnerabilities.
• Analyze authentication, authorization, session management, and access control mechanisms.
• Translate manual penetration testing into automated detection, exploitation logic, payloads, and validation methods.
• Analyze HTTP traffic, browser behavior, and application flows to uncover weaknesses.
• Collaborate with engineering and product teams to enhance platform automation and red team capabilities.
• Document findings with technical details, impact analysis, and reproduction steps.

Requirements

• 5+ years of hands-on experience in vulnerability research, penetration testing, bug bounties, or offensive security
• Strong expertise in web application and API security
• Deep understanding of authentication/authorization flows (JWT, OAuth, SSO, sessions, cookies), access control, IDOR/BOLA, business logic flaws, auth bypasses, privilege escalation
• Experience with offensive tools (Burp Suite, Postman, curl, Browser DevTools)
• Ability to analyze/manipulate HTTP requests/responses and application behavior
• Scripting with Python or JavaScript; experience automating pentesting workflows
• Conversational English proficiency
• Must be located in Latin America

Nice to have

• Strong Python development skills
• Browser automation (Playwright, Selenium, Puppeteer)
• GraphQL, gRPC, WebSockets, mobile APIs
• Cloud security environments
• AI-driven security or automated exploitation
• Nuclei or custom vulnerability scanners

Culture & Benefits

• 100% remote work with autonomy to manage your time focusing on results.
• Highly competitive USD pay.
• Paid time off for well-being and recharge.
• Work with top U.S. companies on high-impact projects.
• Culture prioritizing work-life balance, engagement activities, and dynamic multicultural teams.
• Network with 600+ professionals across 25+ countries and collaborate with senior experts.