Job Description

Job Title: PenTesting Engineer Department: IT Minimum Total no. of years of experience in relevant field: 4+Work location: Dubai/RiyadhShift timing: General Travel requirement:5% of working hours Position Overview:  

As a PenTester Engineer, you will
assess the security systems within an organization by conducting tests and
purposefully attempt to exploit existing computer systems and software to
detect and correct system weaknesses. Acting as an ethical hacker, you will require
creativity, imagination, and a strong understanding of technology systems. You
will then develop recommendations and implement solutions to build the strength
of our information technology (IT) systems. 

 

Key Roles and Responsibilities: 

·       
Conduct
highly complex offensive security operations testing consistent with known
adversary tactics techniques and procedures and contribute to the development
of objectives and approaches taken to remediate risk

·       
Document
security issues and impacts identified through offensive operations in a clear
and concise manner to facilitate reporting to impacted stakeholders

·       
Provide
guidance and recommendations to stakeholders responsible for security
remediation actions to close identified gaps and remediation validation testing

·       
Consult
with defensive operations teams on adversary tactics to guide and mature cyber
defensive countermeasures

·       
Independently
handle complex issues with minimal supervision, while escalating only the most
complex issues to appropriate staff


Web application penetration testing
Mobile application penetration testing
Source code vulnerability analysis


Required
Skills/Abilities:

·       
Ability
to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary
file upload, etc.)

·       
Ability
to identify and exploit mobile vulnerabilities (API issues, insecure storage,
memory corruption, deep links, etc.)

·       
Network
penetration testing experience

·       
Protocol
analysis

·       
CTF
experience

·       
Secure
coding practices

·       
Cryptography

·       
Binary
analysis tools and debuggers (IDA Pro, Ghidra, WinDbg, etc.)

·       
Exploit
Development

·       
Embedded
systems experience

·       
Physical
security or red team experience

·       
Experience
in offensive security, with the ability to think like an adversary

·       
Strong
ability to identify and exploit security gaps/vulnerabilities on endpoint
devices, applications, and networks

·       
Strong
experience in the operating system and application security hardening and best
practices

·       
Strong
investigative mindset with attention to detail

·       
Experience
with multiple operating systems including Windows, Mac OS, Unix/Linux, and
mobile platforms

Required
work experience/Qualifications/Certification:

·       
A
degree in CS or a related field

·       
3+
years of experience in security principles such as attack frameworks, threat
landscapes, and attacker tactics, techniques, and procedures

·       
Minimum
of 4 years of related work experienceLanguage skills:

?      
Required language(s): English(mandatory) and Arabic(preferred)

Preferred industry/Organization/Location:

IT – FinTech/InsurTec

KSA-Riyadh

                                                                           

Required Knowledge, Skills, and Abilities

• testing
• gap analysis

Education + Experience

• Qualification: Degree