Enable job alerts via email!
Security Testing Engineer
Ultimate HR Solutions
Dubai
On-site
AED 200,000 - 300,000
Full time
Job summary
A leading recruitment firm in Dubai seeks a Security Engineer to conduct application infrastructure and API vulnerability assessments. The role involves penetration testing and initiating advanced security programs to ensure the organization stays ahead of evolving threats. Candidates should have strong expertise in application security, a minimum of 5 years of experience, and relevant certifications such as OSCP and CEH.
Benefits
Qualifications
- 5+ years of experience in Application Security, Penetration Testing or Offensive Security.
- Strong expertise in Web, API, Cloud and Infrastructure Security Testing.
- Proficiency in secure SDLC and integration of security into CI/CD pipelines.
Responsibilities
- Perform manual security testing for web, mobile, cloud and APIs.
- Lead Red Team Assessments to simulate real-world cyberattacks.
- Conduct AWS security assessments and cloud penetration testing.
Skills
Tools
Role Overview
We are looking for a Security Engineer who will be responsible for Application Infra and API Vulnerability Assessment & Penetration Testing (VAPT) for:
- Existing applications
- New applications
- Each sprint cycle
Beyond VAPT this role will also be responsible for initiating and executing Advanced Security Programs (ASP) ensuring we stay ahead of evolving threats.
- Vulnerability Assessment & Penetration Testing (VAPT)
- Perform manual security testing for web, mobile, cloud and APIs.
- Identify business logic flaws, API abuse scenarios and complex attack vectors missed by automated tools.
- Conduct AWS security assessments and cloud penetration testing for our environments.
- Integrate VAPT testing into the CI/CD pipeline to ensure security at every development stage.
- Develop and maintain internal security playbooks and checklists for security testing.
- Advanced Security Programs (ASP)
- Lead Red Team Assessments to simulate real-world cyberattacks on our systems.
- Enhance Blue Team security monitoring & detection strategies.
- Organize Purple Team exercises ensuring collaboration between offensive and defensive security teams.
- Develop and implement Emerging Threat Frameworks (ETFs) to proactively mitigate evolving threats.
- Work with Development, DevSecOps and IT Teams to remediate vulnerabilities and harden application security.
- Conduct code reviews and threat modelling for new features and applications.
- Stay updated with the latest vulnerabilities, exploits and security trends ensuring proactive risk mitigation.
- Key Skills & Experience
- 58 years of experience in Application Security, Penetration Testing or Offensive Security.
- Strong expertise in Web, API, Cloud and Infrastructure Security Testing.
- Experience with security tools such as BurpSuite, ZAP, Metasploit, Nmap, SQLmap, Wireshark, etc.
- Familiarity with AWS, Azure and GCP security principles and cloud penetration testing methodologies.
- Hands-on experience with Secure SDLC (Software Development Lifecycle) and integrating security into CI/CD pipelines.
- Scripting skills (Python, Bash or PowerShell) to automate security testing.
- Certifications
- OSCP (Offensive Security Certified Professional) Mandatory
- CEH (Certified Ethical Hacker) Mandatory
- AWS Security Specialty Optional
- CISSP or GIAC Security Certifications Optional
All Mandatory Benefits as per UAE law
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
Follow us
