Penetration Tester

Role - Sr. Penetration Tester

Location: Abu Dhabi, UAE

Mode of work: On-site (Daily)

Qualification:

• Bachelor's degree in Computer Science/Information Technology, or a related field.
• 6+ years in Pen testing
• One of the certifications is mandatory from OSCP, CREST, CRTO, CRTP, and CRT

Required Skills

• Strong communication, presentation and collaboration skills.
• Direct Customer handling experience (Onsite)
• Hands-on experience on conducting thorough assessments of Infrastructure, cloud,
• web/API, and mobile
• Hands-on experience with DevSecOps toolchains:
• SAST (SonarQube, Checkmarx, Fortify)
• DAST (OWASP ZAP, Burp Suite Pro, Netsparker, Tenable)
• SCA (Black Duck, Snyk, WhiteSource)
• Container Security (Aqua, Prisma, Anchore, Trivy)
• Strong knowledge of CI/CD tools: Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions.

Roles & Responsibilities

• We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security
• assessments, identify vulnerabilities, and provide expert recommendations to strengthen one of our customers’ security postures. The candidate will be responsible for performing Infra, API/Web,
• Cloud & mobile Penetration Testing.
• The candidate will be deployed onsite at the customer location & will be part of the overall security operations of the customer.

Job Description

• Conducted in-depth web application, mobile (Android & iOS), Cloud and infrastructure assessments to identify vulnerabilities, debugged complex security issues, and guided clients through remediation for improved security posture.
• Specialised in vulnerability assessments using security tools such as Nessus, Burp Suite,
• MobSF, and Metasploit; engineered custom scripts to automate repetitive tasks and streamline testing processes.
• Administered security configurations and assessments on Windows/Linux environments, applying a deep understanding of its security model, Active Directory, and hardening techniques to mitigate potential attack vectors.
• Fortified Linux environments with advanced Bash scripting and automation, enhancing system resilience and reducing manual intervention by optimising security workflows.
• Integrate security-testing tools into CI/CD pipelines (SAST, DAST, SCA, Container Security).
• Automate security checks using DevSecOps practices to ensure early detection of vulnerabilities.
• Collaborate with development and DevOps teams to fix vulnerabilities and implement security best practices.
• Designed and implemented strategies to align security practices with compliance standards,
• standardising processes to ensure continuous improvement and risk management.
• Coordinate with the Application owners in fixing the vulnerabilities