Key Responsibilities
• Conduct advanced penetration tests for web applications, APIs, networks, and infrastructure systems.
• Perform vulnerability scanning, assessment, and exploitation using industry-standard tools.
• Conduct in-depth security assessments to identify weaknesses in applications and infrastructure.
• Prepare detailed technical reports and executive-level summaries.
• Collaborate with development, IT, and infrastructure teams to remediate identified issues.
• Design and maintain test cases, scripts, and security toolsets.
• Develop and improve internal security testing methodologies and best practices.
• Ensure compliance with security policies, frameworks, and regulatory requirements.
• Provide security recommendations and enhancements to strengthen overall security posture.
Basic Requirements
• 5 or more years of experience in Application Security & Infrastructure Security VAPT.
• Bachelor’s degree or above in Computer Science, Information Security, or a related field.
• Relevant certifications such as OSCP, CEH, CISSP, CISA, CRTP, GWAPT, GMOB, or GIAC are preferred.
• Strong knowledge of Web , Mobile & AI Application Security (OWASP Top 10), Secure Code Review, API Security, Cloud Security (AWS, Azure, GCP), and Infrastructure Security.
• Experience with security tools such as Burp Suite, SonarQube, Fortify, Metasploit, Nessus, Qualys, Nmap, Acunetix, ZAP, and Kali Linux.
• Understanding of data protection regulations (UAE- IA, ISO 27001, NIST, PCI-DSS, etc.).
• Strong technical writing and documentation skills.
• Scripting experience in Python or Bash.
Preferred Qualifications
• Relevant certifications such as OSCP, OSWE, CEH, or experience in Red Team operations.
• Experience performing security testing in cloud environments (AWS / Azure).
