Sr. Penetration Tester

GSSTech Group

Posted on 27 Feb

Experience

8 - 12 Years

Job Location

Dubai - United Arab Emirates

Education

Bachelor of Science(Computers)

Nationality

Any Nationality

Gender

Not Mentioned

Vacancy

1 Vacancy

Job Description

Roles & Responsibilities

Perform penetration testing across multiple domains:

  • Web applications
  • Mobile applications (Android/iOS)
  • Internal and external networks
  • Wireless networks
  • APIs and cloud services
  • Source Code Review
  • Red Teaming / Purple Teaming
  • Table Top exercise
  • Conduct vulnerability assessments and exploit validation using industry-standard tools and manual techniques.
  • Identify security weaknesses, misconfigurations, insecure coding practices, and potential attack paths.
  • Prepare detailed technical reports with findings, risk ratings, and actionable remediation recommendations.
  • Validate fixes and perform re-testing to ensure vulnerabilities are properly addressed.
  • Support incident response teams with exploitation insights and threat-actor simulation knowledge.

Plan, execute, and document penetration testing engagements in accordance with approved scopes and timelines.

  • Ensure all testing activities follow internal policies, legal guidelines, and ethical standards.
  • Coordinate with application owners, infrastructure teams, and project managers to schedule testing windows.
  • Maintain accurate logs, evidence, and documentation for audit and compliance purposes.
  • Assist in continuous improvement of security tools, processes, and automation for testing workflows.
  • Track remediation progress and collaborate with stakeholders to ensure timely closure of vulnerabilities.
  • Collaborate effectively with cross-functional teams including development, infrastructure, SOC, and compliance teams.
  • Provide guidance and mentorship to junior penetration testers or security analysts.
  • Conduct knowledge-sharing sessions, workshops, or awareness programs on secure coding and common vulnerabilities.
  • Communicate complex technical issues in a clear, understandable manner to both technical and non-technical audiences.
  • Foster a culture of security awareness and proactive risk management across the organization.
  • Ensure penetration testing activities support business continuity, regulatory compliance, and customer trust.
  • Provide insights that help reduce business risk and strengthen resilience against cyber threats.
  • Contribute to cost-effective security improvements by prioritizing vulnerabilities based on business impact.
  • Support audit, compliance, and certification efforts (ISO 27001, PCI DSS, etc.) by providing testing evidence and reports.
  • Help the organization maintain a strong security posture that aligns with its long-term business goals.

Desired Candidate Profile

QUALIFICATIONS, EXPERIENCE & SKILLS:

Qualifications:

  • Bachelor s degree in computer science, Cybersecurity, Information Security, or a related field.
  • Advanced certifications preferred:
  • OffSec - OSEP (Experienced Penetration tester)
  • OffSec - OSWE (Web Expert)
  • OffSec - OSCP (Offensive Security Certified Professional)
  • CREST- CCT INF (Infrastructure)
  • CREST- CCT APP (Applications)
  • CRT (CREST Registered Tester).
  • CEH (Practical) Certified Ethical Hacker
  • EC-Council: LPT (Master) or
  • EC-Council: ECSA (Certified Security Analyst)
  • Additional cloud or security certifications are a plus (e.g., AWS Security, Azure Security, CISSP).

Experience:

8 -10 years of hands-on penetration testing experience in enterprise environments.

Language Fluency:

  • Fluent in English (spoken and written) essential for client communication and reporting.
  • Arabic proficiency is an advantage, especially for UAE government and semi-government clients. br

Job-Specific Skills:

  • Strong expertise in web, mobile, network, API, and cloud penetration testing
  • Advanced manual exploitation skills beyond automated tools
  • Deep understanding of OWASP, PTES, MITRE ATT&CK, and secure coding principles
  • Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF
  • Ability to write custom scripts (Python, Bash, PowerShell) for automation and exploitation
  • Strong vulnerability assessment, exploitation, and reporting capabilities
  • Experience conducting red team or adversary simulation exercises
  • Ability to review and assess security architecture and identify attack paths
  • Strong documentation and client-facing communication skills
  • Ability to lead engagements and mentor junior testers

Behavioral:

  • Strong analytical and problem-solving ability
  • Clear and confident communication
  • High attention to detail
  • Client-focused mindset
  • Team collaboration and leadership
  • Professionalism and integrity
  • Ability to work under pressure
  • Effective time management br

Technical:

  • Advanced penetration testing expertise (web, internal, external, mobile, network, cloud, API etc.)
  • Strong manual exploitation skills
  • Deep understanding of OWASP, PTES, MITRE ATT&CK
  • Proficiency with tools (Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF)
  • Scripting skills (Python, Bash, PowerShell)
  • Strong vulnerability assessment and reporting skills
  • Knowledge of secure coding and common attack vectors
  • Ability to lead and review complex PT engagements

Company Industry

Department / Functional Area

Keywords

  • Sr. Penetration Tester

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

GSSTech Group

https://apply.workable.com/gsstech-group/j/6BB6C89F8E/