Join our Delta Hats (Freelancers)
Delta Protect
At Delta Protect we simplify and automate Cybersecurity and Compliance for startups and SMEs in Mexico and Latam, automating certifications such as ISO 27001, PCI DSS, SOC 2, HIPAA accompanied by Pentesting, Vulnerability Analysis and Cyber Intelligence. 🚀
From Micro-enterprises, to unicorns 🦄 we believe that Cybersecurity and Compliance is for everyone.
- + More than 150 companies trust us 🔒.
- + 15 industries we love to work with 🤝
- + 7 countries where our customers are located 🌎
- + 600 critical vulnerabilities detected and corrected 💪
- + 1M of exposed data detected in the Dark Web 👁
Our RedTeam
Delta Protect's Red Team is responsible for conducting offensive security assessments, such as Penetration Testing, Vulnerability Analysis and Red Teaming Exercises, to identify as many vulnerabilities as possible in our clients' technology infrastructure. Our team of CISOs, Specialists, Ethical Hackers and Developers have over 25 years of cybersecurity experience and industry certifications.
How does the process work?
- Apply in our application form 📩
- In case your profile matches the vacancy, we will have a video call to get to know each other🤝.
- Once the video call is over, you will receive a challenge ⚙️.
- We would have a video call for you to explain how you solved the challenge 💡
- Then you will have to answer a Psychometric Test and an interview with the Head of People & Culture 🚀.
- Once you complete the above steps, the following documentation will be requested:
-A valid official ID (preferably a passport)
-Proof of residency in the country where you reside.
-Proof of being an active taxpayer in the country where you reside.
Freelance Responsibilities:
- Perform penetration testing on web applications, APIs, networks or mobile applications to identify vulnerabilities and security issues.
- Perform comprehensive safety assessments using manual and automated techniques.
- Identify and exploit vulnerabilities to simulate real-world cyber attacks and assess the security posture of systems.
- Generate reports of findings that are easy to understand and well structured.
- Conduct Re-Testing exercises to ensure that applications and systems are secure and protected by validating that vulnerabilities were successfully remediated.
- Conduct Technical Surveys to understand in detail the technological infrastructure of our clients.
- Review requirements, specifications and technical documents to provide reasoned and timely comments on them.
- Report progress on relevant findings to management and other stakeholders.
- Keep up to date with the latest security trends, tools and techniques to continuously improve penetration testing methodologies.
General Skills:
- Proficiency in performing comprehensive penetration testing in various domains based on your experience (web applications, APIs, networks, mobile applications and source code review).
- Strong understanding of common security vulnerabilities, attack vectors and exploitation techniques.
- Experience in using both manual and automated testing methodologies to identify and exploit security weaknesses.
- Familiarity with industry standard penetration testing frameworks such as OWASP and OSSTMM.
- Knowledge of regulatory compliance requirements and industry standards related to information security (e.g. GDPR, PCI DSS, HIPAA).
- Strong problem solving skills and attention to detail in identifying complex security vulnerabilities and weaknesses.
- Ability to work independently as well as part of a team, manage time effectively and prioritize tasks to meet project deadlines.
- Commitment to ethical conduct and adherence to professional standards in penetration testing engagements.
- 2+ years of experience as a penetration tester. Demonstrated track record of successful penetration testing in your area of expertise (web applications, APIs, networks, mobile applications and source code review).
- Certifications: Possession of relevant industry certifications such as:
-Certified Ethical Hacker (CEH)
-Offensive Security Certified Professional (OSCP)
-GIAC Penetration Tester (GPEN)
-Certified Information Systems Security Professional (CISSP)
-EC-Council Certified Security Analyst (ECSA)
-Extreme Web Application Penetration Tester (eWPTX)
Specific skills for each area:
Web Penetration Testing:
- In-depth knowledge of web application architectures, technologies and frameworks.
- Experience in identifying common web application vulnerabilities such as SQL injection, XSS, CSRF and SSRF.
- Experience in manual and automated web application testing methodologies.
- Proficiency in the use of web application security testing tools such as Burp Suite or OWASP ZAP.
- Understanding of web security standards such as SSL/TLS, HTTP headers and CSP.
- Ability to evaluate web server configurations, web application firewalls and session management mechanisms.
API Penetration Testing:
- Experience in testing APIs for security vulnerabilities and misconfigurations.
- Understanding of RESTful API, GraphQL and SOAP architectures and protocols.
- Ability to analyze API documentation and identify security risks.
- Proficiency in the use of API testing tools such as Postman, Burp Suite and OWASP ZAP.
- Experience in performing authorization and authentication tests on APIs.
- Knowledge of API security standards such as OAuth, JWT and OAuth 2.0.
Mobile Penetration Testing:
- Proficiency in testing mobile applications on various platforms (iOS, Android).
- Understanding of mobile application architectures, frameworks and technologies (Java, Kotlin, Swift and Objective C).
- Familiarity with mobile security best practices and common vulnerabilities.
- Experience in evaluating mobile application security controls, authentication mechanisms and data storage.
- Perform reverse engineering exercises to decompile applications and understand their inner workings.
- Knowledge of specific mobile attack vectors and exploitation techniques.
- Proficiency in the use of mobile penetration testing tools and frameworks such as Frida, MobSF and Drozer.
Network Penetration Testing:
- Strong understanding of network protocols, TCP/IP stack and OSI model.
- Proficiency in network scanning, recognition and enumeration techniques.
- Experience in identifying and exploiting vulnerabilities and misconfigurations at the network level.
- Familiarity with network security devices such as firewalls, IDS/IPS and VPNs.
- Proficiency in the use of network penetration testing tools such as Nmap, Wireshark and Metasploit.
- Ability to analyze network traffic and perform packet inspection for security analysis.
- Windows and Linux expert.