Sr. Penetration Tester

Salary

: Industry Standards

Experience

: 7 to 10 Years

Joining Date

: ASAP

Job Location

: Dubai

Industry Type

: IT Software

Function

: Software Development

Reporting To

: Manager

Job Type

: Full Time

Job Description

Description
The Senior Penetration Tester will play a crucial role in assessing and
securing applications, mobile platforms, infrastructure, and cloud
environments across the organization. This individual will bring expertise
in application security, mobile security, DevSecOps, container security,
cloud and on-premises infrastructure security, and red teaming. As a senior
member of the security team, the role demands strong technical skills,
hands-on experience, and the ability to lead and execute complex
penetration tests and security assessments.
Conduct Penetration Testing and Vulnerability Assessments:

  • Perform in-depth penetration tests on web applications, mobile
    applications (iOS and Android), network infrastructure (web server,
    DB, Firewall, wireless access points), and cloud environments.
  • Conduct penetration testing and security assessments on Active
    Directory environments to identify and mitigate weaknesses in AD
    configuration, permissions, and access control. Test for potential
    privilege escalation, lateral movement, and data exfiltration risks
    within AD.
  • Simulate real-world privilege escalation scenarios during penetration
    testing and red teaming exercises to determine how vulnerabilities
    could be exploited by attackers. This includes demonstrating lateral
    movement, persistence, and access escalation through various attack
    vectors.
  • Develop and implement client-side attack payloads that mimic
    realistic threat actor tactics, techniques, and procedures (TTPs) to
    assess the effectiveness of security defences. Focus on gaining initial
    access through social engineering and phishing methods to evaluate
    how the organization’s detection systems respond.
  • Conduct regular red team exercises to evaluate and enhance the
    organization’s incident response and threat detection capabilities.
  • Analyze security findings, determine the potential impact, and
    provide recommendations to mitigate risk.
  • Collaborate with stakeholders to ensure clear understanding and
    documentation of red team findings and remediation measures.
    Conduct Application Penetration Testing:
  • Conduct in-depth penetration tests on web and mobile applications,
    identifying potential security risks and recommending mitigation
    strategies.
  • Perform vulnerability assessments, exploit identified weaknesses and
    simulate potential attack vectors.
  • Collaborate with development teams to remediate security
    vulnerabilities in web applications, APIs, and mobile platforms (iOS
    and Android).
  • Ensure security compliance of container and cloud environments
    according to industry standards and organizational benchmarks.
  • Build, integrate, and maintain security checks within the CI/CD
    pipelines to ensure security throughout the development lifecycle.
  • Design and execute test cases aimed at identifying weaknesses and
    bypasses in Web Application Firewall (WAF) configurations. The
    goal is to develop specific attack scenarios that can evade WAF
    protections, helping to strengthen the effectiveness of the WAF by
    identifying and patching bypass techniques. This involves
    understanding WAF signature detection, inspecting traffic rules, and
    crafting unique payloads.

Requirements

  • Bachelor’s degree in Cybersecurity, Information Technology, or a
    related field.
  • ·Minimum 5 – 7 years of experience application security or a related
    field
  • Mandatory Certifications: OSEP or OSWE
Powered By