[Ambev Global Tech] Offensive Security Manager (Red Team)

The largest brewery in the world has an open position for Senior Cybersecurity Engineer (Red Team). We are looking for a Senior Red Team professional who can operate as an adversary, collaborate with defensive teams and deliver professional penetration testing. You'll be responsible for planning and executing adversary emulation campaigns, conducting structured Purple Team exercises to validate detections, and leading pentests across applications, networks, and cloud environments — producing high-quality reports with clear recommendations.

In addition, you will have the responsibility of managing and developing a team of 4 junior pentesters, supporting them in technical growth, guiding them on projects and ensuring consistent and quality delivery.

Main responsibilities:

• Plan and execute Red Team campaigns (internal and external) aligned with MITRE ATT&CK and realistic adversary profiles.
• Conduct Purple Team exercises in partnership with SOC/IR, validating telemetry, adjusting detections, and measuring defensive effectiveness.
• Perform formal penetration testing on web applications, APIs, mobile apps, networks, cloud environments (AWS/Azure/GCP), and containers — from scoping to delivering professional reports.
• Manage a team of 3 junior pentesters: distribute activities, review deliverables, support technical development and provide continuous feedback.
• Validate technical reports produced by the team, ensuring prioritization of risks, technical evidence, and mitigation recommendations for technical and executive areas.
• Maintain pentest artifacts: authenticated test plans, exploration PoCs, verification steps, and retest scripts.
• Ensure that all tests follow rules of engagement, legal limits and ethical standards.
• Support in the definition of standards, Red/Purple/Pentest playbooks and the continuous evolution of the offensive security program.

• Team management: experience in leading, motivating and developing junior professionals, ensuring deliveries within deadlines and quality standards.
• Collaborative: ease of working with SOC, IR, engineering, product, legal and compliance.
• Customer/business oriented: translates technical problems into risk impact and priorities.
• Mentor: experience in training junior members, conducting labs and workshops.
• Integrity: strong OPSEC discipline, ethical handling of evidence, compliance with rules of engagement.
• 5+ years in offensive security, with at least 3+ years in Red Team/adversary emulation and formal penetration testing.
• Proven experience in Purple Team: execution of joint exercises, adjustment of detections, collaboration with SOC/IR.
• Strong experience in pentesting web applications/APIs (OWASP Top 10), authentication/authorization failures, mobile, network and infrastructure testing.
• Good communication in English (written and verbal), with the ability to interact with global stakeholders and produce/validate reports in English.
• Previous experience in leading or managing technical teams is highly desirable.
• Applied knowledge in MITRE ATT&CK, emulation methodologies and Purple Team metrics.
• Differential:
• Experience in modern environments: Active Directory, Linux, cloud (AWS/Azure/GCP), containers.
• Excellent written and verbal communication skills; Ability to create technical reports and executive presentations.
• Ability to lead projects autonomously, mentor other team members, and manage multiple deliverables.

• Wellhub (Gympass);

• Step 1: Registration 1 Registration
• Step 3: Hiring 3 Hiring

NOSSO JEITO TECH DE SER

QUER TRABALHAR COM A GENTE?