Sr. Penetration Tester - dubai - GSS Tech Group

Description

We are seeking a highly skilled Penetration Testing Engineer to join our cybersecurity team.

The ideal candidate will perform complex security assessments, across infrastructure, applications, and cloud environments for internal as well as external clients.

The ideal candidate will simulate real‑world cyber‑attacks to identify exploits/vulnerabilities and generate a report with those findings to share with internal team as well external clients.

This role requires deep technical expertise, strong communication skills, and the ability to mentor junior team members.

KEY ACCOUNTABILITIES
1: Capability Development

Support the organization's cybersecurity strategy by identifying emerging threats, attack trends, and vulnerabilities across web, mobile, network, and cloud environments.

Contribute to the development and enhancement of penetration testing methodologies, frameworks, and security standards.
Provide strategic insights to leadership on improving the organization's overall security posture.
Align penetration testing activities with risk‑management priorities and business objectives.
Participate in security architecture discussions to ensure new systems and applications are designed securely.
Establish testing standards, methodologies, and quality frameworks mapped to NIST, OWASP, PTES, and ISO 27001.
Build and mature red teaming, adversary simulation, and purple teaming program.
Lead adoption of continuous and autonomous penetration testing capabilities to improve coverage and efficiency.
Define KPIs, SLAs, and ROI metrics for penetration testing within managed security services.
Contribute to SOC detection engineering improvement by validating controls through offensive simulations.

2: Functional

Perform penetration testing across multiple domains:
Web applications
Mobile applications (Android/iOS)
Internal and external networks
Wireless networks
APIs and cloud services
Source Code Review
Red Teaming / Purple Teaming
Table Top exercise
Conduct vulnerability assessments and exploit validation using industry‑standard tools and manual techniques.
Identify security weaknesses, misconfigurations, insecure coding practices, and potential attack paths.
Prepare detailed technical reports with findings, risk ratings, and actionable remediation recommendations.
Validate fixes and perform re‑testing to ensure vulnerabilities are properly addressed.
Support incident response teams with exploitation insights and threat‑actor simulation knowledge.

3: Operations

Plan, execute, and document penetration testing engagements in accordance with approved scopes and timelines.
Ensure all testing activities follow internal policies, legal guidelines, and ethical standards.
Coordinate with application owners, infrastructure teams, and project managers to schedule testing windows.
Maintain accurate logs, evidence, and documentation for audit and compliance purposes.
Assist in continuous improvement of security tools, processes, and automation for testing workflows.
Track remediation progress and collaborate with stakeholders to ensure timely closure of vulnerabilities.

4: People

Collaborate effectively with cross‑functional teams including development, infrastructure, SOC, and compliance teams.
Provide guidance and mentorship to junior penetration testers or security analysts.
Conduct knowledge‑sharing sessions, workshops, or awareness programs on secure coding and common vulnerabilities.
Communicate complex technical issues in a clear, understandable manner to both technical and non‑technical audiences.
Foster a culture of security awareness and proactive risk management across the organization.

5: Confidentiality

Confidentiality:
Ensure non‑disclosure of confidential information to anyone within or outside the Authority, during or after employment at Moro.

Safety:
Follow and adhere to the QH&S Management System Manual as per the Data Hub's safety standards

6: Business Strategy

Ensure penetration testing activities support business continuity, regulatory compliance, and customer trust.
Provide insights that help reduce business risk and strengthen resilience against cyber threats.
Contribute to cost‑effective security improvements by prioritizing vulnerabilities based on business impact.
Support audit, compliance, and certification efforts (ISO 27001, PCI DSS, etc.) by providing testing evidence and reports.
Help the organization maintain a strong security posture that aligns with its long‑term business goals.
QUALIFICATIONS, EXPERIENCE & SKILLS
Qualifications
Bachelor's degree in computer science, Cybersecurity, Information Security, or a related field.

Advanced certifications preferred:
OffSec - OSEP (Experienced Penetration tester)
OffSec - OSWE (Web Expert)
OffSec - OSCP (Offensive Security Certified Professional)
CREST- CCT INF (Infrastructure)
CREST- CCT APP (Applications)
CRT (CREST Registered Tester).
CEH (Practical) – Certified Ethical Hacker

EC-Council:
LPT (Master)


EC-Council:
ECSA (Certified Security Analyst)

Additional cloud or security certifications are a plus (e.g., AWS Security, Azure Security, CISSP).
Experience
8 -10 years of hands‑on penetration testing experience in enterprise environments.
Language Fluency
Fluent in English (spoken and written) — essential for client communication and reporting.
Arabic proficiency is an advantage, especially for UAE government and semi‑government clients.
Job‑Specific Skills
Strong expertise in web, mobile, network, API, and cloud penetration testing
Advanced manual exploitation skills beyond automated tools
Deep understanding of OWASP, PTES, MITRE ATT&CK, and secure coding principles
Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF
Ability to write custom scripts (Python, Bash, PowerShell) for automation and exploitation
Strong vulnerability assessment, exploitation, and reporting capabilities
Experience conducting red team or adversary simulation exercises
Ability to review and assess security architecture and identify attack paths
Strong documentation and client‑facing communication skills
Ability to lead engagements and mentor junior testers
Behavioral
Strong analytical and problem‑solving ability
Clear and confident communication
High attention to detail
Client‑focused mindset
Team collaboration and leadership
Professionalism and integrity
Ability to work under pressure
Effective time management
Technical
Advanced penetration testing expertise (web, internal, external, mobile, network, cloud, API etc.)
Strong manual exploitation skills
Deep understanding of OWASP, PTES, MITRE ATT&CK
Proficiency with tools (Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF)
Scripting skills (Python, Bash, PowerShell)
Strong vulnerability assessment and reporting skills
Knowledge of secure coding and common attack vectors
Ability to lead and review complex PT engagements
#J-18808-Ljbffr