Job Description
Role Overview
We are looking for a Security Engineer who will be responsible for Application, Infra, and API Vulnerability Assessment & Penetration Testing (VAPT) for:
•Existing applications
•New applications
•Each sprint cycle
Beyond VAPT, this role will also be responsible for initiating and executing Advanced Security Programs (ASP), ensuring we stay ahead of evolving threats.
Key Responsibilities:
Vulnerability Assessment & Penetration Testing (VAPT)
•Perform manual security testing for web, mobile, cloud, and APIs.
•Identify business logic flaws, API abuse scenarios, and complex attack vectors missed by automated tools.
•Conduct AWS security assessments and cloud penetration testing for our environments.
•Integrate VAPT testing into the CI/CD pipeline to ensure security at every development stage.
•Develop and maintain internal security playbooks and checklists for security testing.
Advanced Security Programs (ASP)
•Lead Red Team Assessments to simulate real-world cyber-attacks on our systems.
•Enhance Blue Team security monitoring & detection strategies.
•Organize Purple Team exercises, ensuring collaboration between offensive and defensive security teams.
•Develop and implement Emerging Threat Frameworks (ETFs) to proactively mitigate evolving threats.
Security Compliance & Best Practices
•Work with Development, DevSecOps, and IT Teams to remediate vulnerabilities and harden application security.
•Conduct code reviews and threat modelling for new features and applications.
•Stay updated with the latest vulnerabilities, exploits, and security trends, ensuring proactive risk mitigation.
RequirementsKey Skills & Experience:
•5-8+ years of experience in Application Security, Penetration Testing, or Offensive Security.
•Strong expertise in Web, API, Cloud, and Infrastructure Security Testing.
•Experience with security tools such as BurpSuite, ZAP, Metasploit, Nmap, SQLmap, Wireshark, etc.
•Familiarity with AWS, Azure and GCP security principles and cloud penetration testing methodologies.
•Hands-on experience with Secure SDLC (Software Development Lifecycle) and integrating security into CI/CD pipelines.
•Scripting skills (Python, Bash, or PowerShell) to automate security testing.
Certifications:
•OSCP (Offensive Security Certified Professional) - Mandatory
•CEH (Certified Ethical Hacker)- Mandatory
•AWS Security Specialty- Optional
•CISSP or GIAC Security Certifications - Optional
BenefitsAll Mandatory Benefits as per UAE law
