Job Description

Sr. Penetration Tester
==========================


Salary
----------


: Industry Standards
Experience
--------------


: 7 to 10 Years
Joining Date
----------------


: ASAP
Job Location
----------------


: Dubai
Industry Type
-----------------


: IT Software
Function
------------


: Software Development
Reporting To
----------------


: Manager
Job Type
------------


: Full Time

-------------------


Description

The Senior Penetration Tester will play a crucial role in assessing and

securing applications, mobile platforms, infrastructure, and cloud

environments across the organization. This individual will bring expertise

in application security, mobile security, DevSecOps, container security,

cloud and on-premises infrastructure security, and red teaming. As a senior

member of the security team, the role demands strong technical skills,

hands-on experience, and the ability to lead and execute complex

penetration tests and security assessments.

Conduct Penetration Testing and Vulnerability Assessments:


• Perform in-depth penetration tests on web applications, mobile

applications (iOS and Android), network infrastructure (web server,

DB, Firewall, wireless access points), and cloud environments.
• Conduct penetration testing and security assessments on Active

Directory environments to identify and mitigate weaknesses in AD

configuration, permissions, and access control. Test for potential

privilege escalation, lateral movement, and data exfiltration risks

within AD.
• Simulate real-world privilege escalation scenarios during penetration

testing and red teaming exercises to determine how vulnerabilities

could be exploited by attackers. This includes demonstrating lateral

movement, persistence, and access escalation through various attack

vectors.
• Develop and implement client-side attack payloads that mimic

realistic threat actor tactics, techniques, and procedures (TTPs) to

assess the effectiveness of security defences. Focus on gaining initial

access through social engineering and phishing methods to evaluate

how the organization's detection systems respond.
• Conduct regular red team exercises to evaluate and enhance the

organization's incident response and threat detection capabilities.
• Analyze security findings, determine the potential impact, and

provide recommendations to mitigate risk.
• Collaborate with stakeholders to ensure clear understanding and

documentation of red team findings and remediation measures.

Conduct Application Penetration Testing:
• Conduct in-depth penetration tests on web and mobile applications,

identifying potential security risks and recommending mitigation

strategies.
• Perform vulnerability assessments, exploit identified weaknesses and

simulate potential attack vectors.
• Collaborate with development teams to remediate security

vulnerabilities in web applications, APIs, and mobile platforms (iOS

and Android).
• Ensure security compliance of container and cloud environments

according to industry standards and organizational benchmarks.
• Build, integrate, and maintain security checks within the CI/CD

pipelines to ensure security throughout the development lifecycle.
• Design and execute test cases aimed at identifying weaknesses and

bypasses in Web Application Firewall (WAF) configurations. The

goal is to develop specific attack scenarios that can evade WAF

protections, helping to strengthen the effectiveness of the WAF by

identifying and patching bypass techniques. This involves

understanding WAF signature detection, inspecting traffic rules, and

crafting unique payloads.


Requirements


• Bachelor's degree in Cybersecurity, Information Technology, or a

related field.
• + Minimum 5 - 7 years of experience application security or a related

field
• Mandatory Certifications: OSEP or OSWE
Apply Now
Powered By