Senior Security Penetration Tester

AGAPIUnited Arab Emirates5 hours ago

Full-timeInformation Technology

Track This Job

Add this job to your tracking list to:

Monitor application status and updates
Change status (Applied, Interview, Offer, etc.)
Add personal notes and comments
Set reminders for follow-ups
Track your entire application journey

Save This Job

Add this job to your saved collection to:

Access easily from your saved jobs dashboard
Review job details later without searching again
Compare with other saved opportunities
Keep a collection of interesting positions
Receive notifications about saved jobs before they expire

AI-Powered Job Summary

Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.

Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.

POSITION OVERVIEW

We are seeking a highly skilled and analytical Senior Security Penetration Tester to join our Cyber Security team. This is not a checklist-based role; we are looking for a dedicated security professional who possesses an "adversarial mindset." The successful candidate will go beyond automated scanning to perform deep-dive manual exploitation, identifying complex logic flaws and architectural weaknesses that automated tools often overlook.

KEY RESPONSIBILITIES

Full-Spectrum Penetration Testing: Execute comprehensive security assessments across diverse environments, including Web Applications, Mobile Platforms (iOS/Android), Cloud Infrastructure (AWS/GCP), and internal corporate networks.
Deep-Dive API & IAM Analysis: Perform rigorous testing on the "backbone" of our digital services, focusing on API security, authentication protocols, and Identity & Access Management (IAM) to prevent unauthorized privilege escalation.
Vulnerability Chaining & Impact Analysis: Correlate disparate vulnerabilities to build comprehensive attack scenarios. Demonstrate the potential business impact of findings through clear, reproducible Proof of Concepts (PoC).
Strategic Remediation & Reporting: Deliver high-quality technical reports for both technical and executive audiences. Provide actionable, risk-based remediation guidance to development teams to strengthen the organizational security posture.
Security Research: Stay abreast of the latest threat actor TTPs (Tactics, Techniques, and Procedures) and integrate new exploitation methods into the testing lifecycle.

DESIRED QUALIFICATIONS (NICE-TO-HAVE)

Specialized Domain Knowledge: Previous experience in Game Security (including client/server architecture and anti-cheat systems) is highly regarded.
Professional Certifications: Holding industry-recognized certifications such as - OffSec: OSWE, OSCP, or OSEP and/or HTB/TCM: CWES, CWEE, PWPE, or PMPA.
Specialized: CMSE (Cloud), ASCP (API), or GIAC (GMOB, GWAPT, GCPN).
Industry Contributions: Active participation in Bug Bounty programs (HackerOne, Bugcrowd) or a history of discovered and documented CVEs.

Key Skills

Ranked by relevance

Ready to apply?

Join AGAPI and take your career to the next level!

Application takes less than 5 minutes

Apply