Red Team PenTester

About the Role We’re seeking a highly skilled Penetration Tester with hands-on offensive security experience to join our growing security team. In this role, you will assess the security posture of web applications, networks, cloud platforms, and internal infrastructures through realistic attack simulations. This position is ideal for someone who enjoys challenging technical work, thrives in hands-on exploitation, and can translate findings into clear, risk-based guidance for both technical and non-technical audiences. Key Responsibilities •Perform web application, API, network, and infrastructure penetration tests •Identify, exploit, and document security vulnerabilities in real-world scenarios •Conduct manual testing beyond automated scanners •Execute adversary-style attack chains (lateral movement, privilege escalation, AD abuse) •Perform source code reviews (where applicable) •Assess cloud environments (AWS, Azure, GCP) for common configuration and architectural weaknesses •Produce high-quality reports with clear technical detail and business impact •Present findings and remediation guidance to engineering and management teams •Support remediation, mitigation validation, and retesting •Stay current with vulnerabilities, exploit techniques, TTPs, and offensive security research Required Skills & Experience Technical Skills •3+ years of hands-on penetration testing / offensive security experience •Strong understanding of: oWeb vulnerabilities (OWASP Top 10, API security issues) oInternal network and infrastructure attack techniques oActive Directory exploitation (Kerberoasting, delegation abuse, ACL misconfigurations, NTLM relay) oPrivilege escalation on Windows and Linux •Experience using core offensive tools: oBurp Suite, Nmap, Metasploit oBloodHound, CrackMapExec, Impacket •Solid understanding of foundational concepts: oTCP/IP, DNS, HTTP(S) oAuthentication (Kerberos, NTLM, OAuth2, SSO) •Comfortable working in: oLinux & Windows environments oBash, PowerShell, and basic Python scripting •Strong reporting skills (technical clarity + business impact) Soft Skills •Excellent verbal and written communication skills •Ability to explain risks to both technical and non-technical stakeholders •Self-driven, curious, and proactive •Effective time management across multiple engagements •Professional client-facing demeanor Nice to Have •Certifications: OSCP, PNPT, CRTO, OSWE •Red Team / adversary simulation experience •Cloud penetration testing experience •Source code review skills (Java, C#, Python, JavaScript) •Threat modeling and attack path analysis •Experience with EDR/AV evasion techniques (ethical/lab settings) #LI-FCC3 More information about NXP in Mexico... #LI-fcc3 NXP Semiconductors N.V. (NASDAQ: NXPI) enables a smarter, safer, and more sustainable world through innovation. As the world leader in secure connectivity solutions for embedded applications, NXP is pushing boundaries in the automotive, industrial & IoT, mobile, and communication infrastructure markets. For more information, visit www.nxp.com Bright Minds. Bright Futures. We believe that a key component to growing our business is to develop our people. To enable you to grow your career at NXP, we offer online and offline learning opportunities to help you develop some of your core and professional skills. Commitment At NXP. We recognize NXP is a powerful change agent as we continue to deliver innovative solutions that advance a more sustainable future. We remain steadfast in our commitment to sustainability and making measurable year-on-year progress. Also, we aim to create an inclusive work environment and we will not tolerate racism, discrimination or harassment of any kind. We have programs in place focused on diversity, inclusion and equality. Thank you for considering a career at NXP. To help you prepare for the different steps in our hiring process, see the following useful advice and tips. Are you already an NXP employee? Do not apply here. Instead, you must apply via our internal career page. Thank you for your interest in supporting our recruitment efforts. Please note that NXP operates under a strict Preferred Supplier List (PSL) for all recruitment activities. Any candidate profiles or resume submitted without a prior written agreement or explicit request from our Talent Acquisition team will be considered unsolicited. Such submissions will be deemed free of any obligations, and no fees will be paid by NXP or any of its affiliates, subsidiaries, or divisions - regardless of whether the candidate is hired, either coincidentally or otherwise. Thank you for your understanding.