Senior/ Lead Penetration Test Engineer

Job Role:- Senior/ Lead Penetration Test Engineer

Job Location:- Dubai, UAE

Experience:- 6+ Years

Role Summary:-

Seeking a highly skilled Penetration Testing Security Consultant with expertise in identifying, assessing, and exploiting security vulnerabilities across web applications, mobile applications, APIs, cloud platforms, and containerized environments. The role involves conducting comprehensive security assessments, source code reviews, and providing actionable remediation recommendations.

Key Responsibilities:-

• Perform Web, Mobile, and API penetration testing using manual and automated techniques.
• Conduct source code security reviews to identify vulnerabilities and coding weaknesses.
• Assess application security against OWASP Top 10, OWASP API Top 10, and Mobile Top 10 standards.
• Perform security assessments of cloud environments (AWS/Azure).
• Evaluate containerized environments including Docker and Kubernetes for security risks.
• Identify, validate, and exploit vulnerabilities while maintaining testing methodologies and standards.
• Analyze network security controls, protocols, and attack vectors.
• Prepare detailed penetration testing reports with technical findings, risk ratings, proof-of-concepts, and remediation recommendations.
• Present findings to technical teams and business stakeholders.
• Support secure development practices and vulnerability remediation efforts.

Skills & Requirements:-

• Strong hands-on experience in Web, Mobile, and API Penetration Testing.
• Expertise in manual penetration testing methodologies and exploitation techniques.
• Advanced experience in Source Code Review (manual and automated).
• Deep understanding of:
• OWASP Top 10
• OWASP API Security Top 10
• OWASP Mobile Top 10
• Solid knowledge of Cloud Security concepts in AWS and/or Azure.
• Experience securing and assessing Docker and Kubernetes environments.
• Strong understanding of Network Security, protocols, and common attack vectors.
• Excellent technical documentation and report-writing skills.
• Ability to communicate security risks effectively to both technical and non-technical stakeholders.

Preferred:-

• Relevant offensive security certifications such as:
• CRTP (Certified Red Team Professional)
• OSTP (Offensive Security Testing Professional)
• OSWE (Offensive Security Web Expert)
• AWS Security Certification
• Azure Security Certification
• Experience with enterprise security assessments and secure SDLC practices.
• Familiarity with modern DevSecOps and cloud-native security practices.