intrus.io
HR & Recruiting

Pentest for HR and Recruiting Platforms

Offensive security in ATS, recruiting platforms, HR BPO and benefits.

Request an assessmentSee vectors
90% manual · 10% automated
OSCP · CISSP · CRTO · GPEN
BR · PT · IT · ES · MA · US · AU
OWASP · MITRE · PTES · NIST

Why now

The real pain

HR holds CVs, salaries, banking data, dependents, medical exams, performance reviews — all with name and ID. A leak here is LGPD fine, class labor lawsuit, and loss of talent who learns what colleagues earned.

Applicable regulation

LGPDCLTeSocialISO 27001

/attack-surface

Vectors we test in hr & recruiting

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

01

ATS and recruiting

Recruiting platform, candidate leakage, job fraud.

02

Payroll and benefits

Payroll system, meal ticket, health plan, eSocial integration.

03

Performance review

9-box, 360, succession. Review confidentiality.

04

Digital onboarding

Hiring signature, admission exam, ASO.

05

Employee portal

Payslip, income tax, vacation, income statement.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Engagements in HR BPO and recruiting platforms.

Caixa Econômica Federal
Banco BMG
iFood
ArcelorMittal
Multibanco
Polícia Federal
Fórmula 1
OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

DL

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — HR & Recruiting

Do you cover eSocial?

Yes. Audit of integration, hiring/payroll/termination events, communication security with the IRS.

Do you serve 9-box and performance reviews?

Yes. Confidentiality, manager segregation, leak prevention.

/contact

Ready for a serious pentest in hr & recruiting?

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to usSee other sectors

Other sectors we cover

/saude

Hospitals & Clinics

/planos-saude

Health Insurers

/fintech

Fintechs

/bancos

Banks & Credit Unions

/consorcios

Consortium Administrators

/seguros

Insurance & Brokers