Application Security Specialist

About Kueski

At Kueski we're dedicated to improving the financial lives of people in Mexico. Since 2012 we've been the leading buy now pay later (BNPL) and online consumer credit platform in Latin America known for our innovative financial services. Our flagship product Kueski Pay provides seamless payment solutions for both online and in-store transactions establishing itself as the preferred option for a quarter of Mexico's top e-commerce merchants. Notably we were the first to introduce BNPL on Amazon Mexico.

We're a tech company with a culture geared toward innovation collaboration and impact fostering a strong diverse and inclusive company culture. In 2023 Kueski was recognized as the top BNPL platform by Fintech Breakthrough and earned the title of one of Mexico's most ethical companies from AMITAI. Additionally we ranked as one of the Best Companies for Female Talent by EFY.

Purpose

The Application Security Specialist is responsible for recommending working with the Engineering team and ensuring the appropriate security is implemented in products developed. These evaluations through technical reviews using attacks application pen-testing activities among others to ensure all developed products and applications comply with the guidelines and definitions. The application security manager is also responsible for working with the different teams to implement and maintain the SSDLC and working with the different stakeholders to document and ensure the implementation of these controls is appropriate and complies with the defined elements.

Key Responsabilities

• Conduct and/or support authorized penetration testing on enterprise network assets

• Perform penetration testing as required for new or updated applications

• Apply and utilize authorized cyber capabilities to enable access to targeted networks and applications

• Perform analysis for target infrastructure exploitation activities

• Conduct independent in-depth target and technical analysis including target-specific information (e.g. cultural organizational political) that results in access

• Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities

• Examine intercept-related metadata and content with an understanding of targeting significance

• Collaborate with developers conveying target and technical knowledge in tool requirements submissions to enhance tool development

• Lead or enable exploitation operations in support of organization objectives and target requirements

• Develop test plans to address specifications and requirements

• Make recommendations based on test results

• Create auditable evidence of security measures

• Validate specifications and requirements for testability

• Perform developmental testing on systems under development

• Perform interoperability testing on systems exchanging data with other systems

• Perform operational testing

• Test evaluate and verify software to determine compliance with defined specifications and requirements

Position Requirements

• +2 years of penetration testing experience both at a network and application levels

• +1 year experience in penetration testing in cloud environments

• Experience in working with engineering teams to close the identified issues and perform retesting of the findings

• Clear understanding of agile methodologies DevOps and DevSecOps

• Experience using SAST DAST and other automated testing tools

• PenTesting Certification or similar is nice to have. (CEH PenTest+ CPT CEPT CRTOP GPEN OSCP etc)Knowledge of application vulnerabilities

• Knowledge of collection management processes capabilities and limitations

• Knowledge of front-end collection systems including traffic collection filtering and selection

• Knowledge of cyber attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks)

• Knowledge of attack methods and techniques (DDoS brute force spoofing etc.).Knowledge of evasion strategies and techniques

• Knowledge of identification and reporting processes

• Advanced English level

You’ll love working at Kueski because

• We have a mission-driven culture focused on customer value teamwork humility  and integrity

• Everyone is expected to have role clarity career growth and a personal development plan. Feedback and recognition  is embedded in our company processes systems and practices

• We ensure competitive salary medical insurance and wellbeing through ample and flexible time off as well as mental healthcare benefits. Everyone is an owner and eligible for competitive stock options with a company poised for success

• We´re committed to building an inclusive and diverse team and we know this leads to incredible work

Kueski: Where talent excellence improves Mexican lives.

#LifeAtKueski #KueskiTalent