Enable job alerts via email!
Penetration Tester
Antons Recruitment Agency
Dubai
On-site
AED 120,000 - 200,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading recruitment firm in Dubai is seeking a skilled Penetration Tester to enhance security across applications and infrastructure. Responsibilities include conducting penetration tests, assessing CI/CD security, and collaborating with development teams to strengthen security practices. The ideal candidate will have over 2 years of experience in penetration testing and a strong understanding of DevSecOps methodologies. This position offers opportunities to work with various security tools and implement proactive security measures.
Qualifications
- 2+ years of experience in penetration testing, application security, or ethical hacking.
- Proficiency in web and API security testing (OWASP Top 10).
- Hands-on experience securing CI/CD tools like GitHub Actions or Jenkins.
Responsibilities
- Conduct penetration testing on web applications and APIs.
- Perform security assessments of CI/CD pipelines.
- Identify vulnerabilities in automation tools and secrets management.
- Collaborate with teams to implement secure-by-design practices.
Skills
Tools
We are seeking a skilled Penetration Tester with strong experience in CI/CD pipeline security to identify, assess, and mitigate security vulnerabilities across applications, infrastructure, and automated deployment environments. The role focuses on proactive security testing, secure DevOps practices, and strengthening systems against evolving threats.
Conduct penetration testing on web applications, APIs, networks, and cloud environments.
Perform security assessments of CI/CD pipelines, including build, test, and deployment workflows.
Identify vulnerabilities related to source code repositories, automation tools, container images, and secrets management.
Test authentication, authorization, session management, and access controls.
Assess API security, including token handling, rate limiting, and authorization flaws.
Execute static (SAST), dynamic (DAST), and dependency security testing within CI/CD processes.
Validate security of containerized environments (Docker, Kubernetes).
Simulate real-world attack scenarios and document findings with clear remediation guidance.
Collaborate with development and DevOps teams to implement secure-by-design practices.
Support incident response investigations and post-incident analysis when required.
2+ years of experience in penetration testing, application security, or ethical hacking.
Strong understanding of CI/CD pipelines and DevSecOps methodologies.
Hands‑on experience securing tools such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar.
Proficiency in web and API security testing (OWASP Top 10, OWASP API Top 10).
Experience with authentication mechanisms (JWT, OAuth2, SSO).
Knowledge of common vulnerabilities: SQLi, XSS, CSRF, SSRF, IDOR, RCE, misconfigurations.
Familiarity with Linux environments, networking concepts, and cloud security fundamentals.
Penetration testing tools: Burp Suite, Metasploit, Nmap, OWASP ZAP, Nikto.
CI/CD security tools: Snyk, Trivy, SonarQube, Dependabot, GitGuardian.
Container and cloud security tools (experience preferred).
Scripting knowledge in Python, Bash, or PowerShell is an advantage.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
