Job Search and Career Advice Platform

Enable job alerts via email!

Penetration Tester

Antons Recruitment Agency

Dubai

On-site

AED 220,000 - 294,000

Full time

Today
Be an early applicant

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Job summary

A recruitment agency is seeking a skilled Penetration Tester in Dubai, UAE, with strong experience in CI/CD pipeline security. You will identify and mitigate security vulnerabilities across applications and automated deployment environments while focusing on proactive security testing and DevSecOps practices. The ideal candidate has 2+ years of experience, a strong understanding of CI/CD pipelines, and proficiency in web and API security testing. This role provides the opportunity to strengthen systems against evolving threats.

Qualifications

  • 2+ years of experience in penetration testing, application security, or ethical hacking.
  • Strong understanding of CI/CD pipelines and DevSecOps methodologies.
  • Hands-on experience securing tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
  • Proficiency in web and API security testing (OWASP Top 10, OWASP API Top 10).
  • Experience with authentication mechanisms (JWT, OAuth2, SSO).
  • Knowledge of common vulnerabilities: SQLi, XSS, CSRF, SSRF, IDOR, RCE, misconfigurations.

Responsibilities

  • Conduct penetration testing on web applications, APIs, networks, and cloud environments.
  • Perform security assessments of CI/CD pipelines, including build, test, and deployment workflows.
  • Identify vulnerabilities related to source code repositories, automation tools, container images, and secrets management.
  • Test authentication, authorization, session management, and access controls.
  • Assess API security, including token handling, rate limiting, and authorization flaws.
  • Execute static (SAST), dynamic (DAST), and dependency security testing within CI/CD processes.
  • Validate security of containerized environments (Docker, Kubernetes).
  • Simulate real-world attack scenarios and document findings with clear remediation guidance.
  • Collaborate with development and DevOps teams to implement secure-by-design practices.
  • Support incident response investigations and post-incident analysis when required.

Skills

Penetration testing
Application security
Ethical hacking
CI/CD pipelines
DevSecOps methodologies
Web security testing
API security testing
Linux environments
Networking concepts
Cloud security fundamentals

Tools

Burp Suite
Metasploit
Nmap
OWASP ZAP
Nikto
Snyk
Trivy
SonarQube
Dependabot
GitGuardian
Job description

We are seeking a skilled Penetration Tester with strong experience in CI/CD pipeline security to identify, assess, and mitigate security vulnerabilities across applications, infrastructure, and automated deployment environments. The role focuses on proactive security testing, secure DevOps practices, and strengthening systems against evolving threats.

Key Responsibilities

  • Conduct penetration testing on web applications, APIs, networks, and cloud environments.

  • Perform security assessments of CI/CD pipelines, including build, test, and deployment workflows.

  • Identify vulnerabilities related to source code repositories, automation tools, container images, and secrets management.

  • Test authentication, authorization, session management, and access controls.

  • Assess API security, including token handling, rate limiting, and authorization flaws.

  • Execute static (SAST), dynamic (DAST), and dependency security testing within CI/CD processes.

  • Validate security of containerized environments (Docker, Kubernetes).

  • Simulate real-world attack scenarios and document findings with clear remediation guidance.

  • Collaborate with development and DevOps teams to implement secure-by-design practices.

  • Support incident response investigations and post-incident analysis when required.

Required Skills & Experience

  • 2+ years of experience in penetration testing, application security, or ethical hacking.

  • Strong understanding of CI/CD pipelines and DevSecOps methodologies.

  • Hands‑on experience securing tools such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar.

  • Proficiency in web and API security testing (OWASP Top 10, OWASP API Top 10).

  • Experience with authentication mechanisms (JWT, OAuth2, SSO).

  • Knowledge of common vulnerabilities: SQLi, XSS, CSRF, SSRF, IDOR, RCE, misconfigurations.

  • Familiarity with Linux environments, networking concepts, and cloud security fundamentals.

Tools & Technologies

  • Penetration testing tools: Burp Suite, Metasploit, Nmap, OWASP ZAP, Nikto.

  • CI/CD security tools: Snyk, Trivy, SonarQube, Dependabot, GitGuardian.

  • Container and cloud security tools (experience preferred).

  • Scripting knowledge in Python, Bash, or PowerShell is an advantage.

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
TrustpilotImage showing a rating of 4.5 out of 5 stars on Trustpilot for JobLeads, indicating a high level of customer satisfaction.
Rated “Excellent” based on 19,580 reviews
Top cities
Top companies
Popular jobs