Summary: Seeking a highly skilled Penetration Tester with hands-on offensive security experience to assess security posture through realistic attack simulations across various platforms. Highlights: 1. Perform web, API, network, and infrastructure penetration tests 2. Identify, exploit, and document security vulnerabilities in real-world scenarios 3. Produce high-quality reports with clear technical detail and business impact **About the Role** We’re seeking a highly skilled Penetration Tester with hands\-on offensive security experience to join our growing security team. In this role, you will assess the security posture of web applications, networks, cloud platforms, and internal infrastructures through realistic attack simulations. This position is ideal for someone who enjoys challenging technical work, thrives in hands\-on exploitation, and can translate findings into clear, risk\-based guidance for both technical and non\-technical audiences. **Key Responsibilities** * Perform web application, API, network, and infrastructure penetration tests * Identify, exploit, and document security vulnerabilities in real\-world scenarios * Conduct manual testing beyond automated scanners * Execute adversary\-style attack chains (lateral movement, privilege escalation, AD abuse) * Perform source code reviews (where applicable) * Assess cloud environments (AWS, Azure, GCP) for common configuration and architectural weaknesses * Produce high\-quality reports with clear technical detail and business impact * Present findings and remediation guidance to engineering and management teams * Support remediation, mitigation validation, and retesting * Stay current with vulnerabilities, exploit techniques, TTPs, and offensive security research Required Skills \& Experience **Technical Skills** * 3\+ years of hands\-on penetration testing / offensive security experience * Strong understanding of: oWeb vulnerabilities (OWASP Top 10, API security issues) oInternal network and infrastructure attack techniques oActive Directory exploitation (Kerberoasting, delegation abuse, ACL misconfigurations, NTLM relay) oPrivilege escalation on Windows and Linux * Experience using core offensive tools: oBurp Suite, Nmap, Metasploit oBloodHound, CrackMapExec, Impacket * Solid understanding of foundational concepts: oTCP/IP, DNS, HTTP(S) oAuthentication (Kerberos, NTLM, OAuth2, SSO) * Comfortable working in: oLinux \& Windows environments oBash, PowerShell, and basic Python scripting * Strong reporting skills (technical clarity \+ business impact) Soft Skills * Excellent verbal and written communication skills * Ability to explain risks to both technical and non\-technical stakeholders * Self\-driven, curious, and proactive * Effective time management across multiple engagements * Professional client\-facing demeanor **Nice to Have** * Certifications: OSCP, PNPT, CRTO, OSWE * Red Team / adversary simulation experience * Cloud penetration testing experience * Source code review skills (Java, C\#, Python, JavaScript) * Threat modeling and attack path analysis * Experience with EDR/AV evasion techniques (ethical/lab settings) \#LI\-FCC3 More information about NXP in Mexico... \#LI\-fcc3