Senior pentester

Do you want to participate in advanced offensive security assessments? The GMV Technical Audits team is looking for you!

We like to get straight to the point and tell you what you won't find online. If you'd like to learn more about us, visit the GMV website .

As a Senior Pentester
, you will not only execute technical assessments but also design realistic attack scenarios based on MITRE ATT&CK TTPs and lead audit projects, helping organizations understand how they could be compromised… before a real attacker does.

You will work on web and mobile applications, network infrastructures, Wi‑Fi networks, cloud environments (AWS, Azure, GCP), Active Directory and AI‑based systems.

You will also participate in Red Team and Purple Team exercises
, simulating real attacks and collaborating with Blue Team professionals to improve threat detection and response capabilities.

In your day-to-day work you will:

• 🛠️ Execute and lead penetration tests in complex corporate environments.
• 🎯 Participate in Red Team exercises, applying evasion techniques against EDR, XDR, WAF and antivirus solutions.
• 🔎 Identify vulnerabilities, analyze their impact and propose effective mitigation strategies.
• ⚙️ Develop or adapt offensive tools and automations using Python, Bash or Power Shell.
• 📝 Produce clear technical and executive reports focused on risk.
• 🗣️ Present findings to both technical and business audiences.
• 📊 Manage technical audit projects, coordinating scope, timelines and deliverables.

We are looking for someone with strong experience in offensive cybersecurity
, comfortable working in complex environments and able to independently lead technical security assessments.

For this position, it is important to have:

• 🏅 5+ years of experience in penetration testing (web, mobile, network, cloud, Active Directory, Wi‑Fi).
• 🕵️ Experience in Red Team operations designing and executing simulated attacks.
• 🧰 Advanced knowledge of tools such as Burp Suite, Nmap, Metasploit or C2 frameworks.
• 💻 Ability to automate offensive tasks through scripting (Python, Bash or Power Shell).
• 📄 Experience producing technical and executive reports focused on risk.
• 🤝 Strong communication skills and ability to present results clearly.
• 📌 Experience managing cybersecurity or technical audit projects
  .
• 🎓 Offensive certifications such as OSCP, OSEP, OSWE, eCPPT, CRTP or equivalent.
• 📚 Knowledge of frameworks and methodologies such as PTES, MITRE ATT&CK or OWASP
  .
• 🤖 Experience assessing security in AI or LLM‑based systems (OWASP Top 10 for LLMs).

• 💻
  Hybrid work model and up to 8 weeks per year of remote work outside your usual geographical area.
• 🕑
  Flexible working hours and intensive working days on Fridays and during summer.
• 🚀 A personalized career development plan
  , training opportunities and language learning support.
• 🌍
  National and international mobility
  . Coming from another country? We offer a relocation package.
• 💰
  Competitive salary with continuous reviews, flexible compensation and brand discounts.
• 💪
  Wellbeing program
  : health, dental and accident insurance; free fruit and coffee, physical, mental and financial wellbeing initiatives, and much more!

⚠️ Throughout our recruitment process you will always have direct contact with our talent acquisition team, either by phone or in person/online. We will never request bank transfers or credit card details. If you are contacted through any other process, please reach out to the person responsible for the recruitment process.

❤️ We promote equal opportunities in hiring and are committed to inclusion and diversity.