Security Testing Engineer

OverviewRole Overview We are looking for a Security Engineer who will be responsible for Application Infra and API Vulnerability Assessment & Penetration Testing (VAPT) for:Existing applicationsNew applicationsEach sprint cycleBeyond VAPT this role will also be responsible for initiating and executing Advanced Security Programs (ASP) ensuring we stay ahead of evolving threats.ResponsibilitiesVulnerability Assessment & Penetration Testing (VAPT): Perform manual security testing for web mobile cloud and APIs. Identify business logic flaws API abuse scenarios and complex attack vectors missed by automated tools. Conduct AWS security assessments and cloud penetration testing for our environments. Integrate VAPT testing into the CI/CD pipeline to ensure security at every development stage. Develop and maintain internal security playbooks and checklists for security testing.Advanced Security Programs (ASP): Lead Red Team Assessments to simulate realworld cyberattacks on our systems. Enhance Blue Team security monitoring & detection strategies. Organize Purple Team exercises ensuring collaboration between offensive and defensive security teams. Develop and implement Emerging Threat Frameworks (ETFs) to proactively mitigate evolving threats.Security Compliance & Best Practices: Work with Development DevSecOps and IT Teams to remediate vulnerabilities and harden application security. Conduct code reviews and threat modelling for new features and applications. Stay updated with the latest vulnerabilities exploits and security trends ensuring proactive risk mitigation.Requirements58 years of experience in Application Security Penetration Testing or Offensive Security.Strong expertise in Web API Cloud and Infrastructure Security Testing.Experience with security tools such as BurpSuite ZAP Metasploit Nmap SQLmap Wireshark etc.Familiarity with AWS Azure and GCP security principles and cloud penetration testing methodologies.Hands-on experience with Secure SDLC (Software Development Lifecycle) and integrating security into CI/CD pipelines.Scripting skills (Python Bash or PowerShell) to automate security testing.Certifications:OSCP (Offensive Security Certified Professional) MandatoryCEH (Certified Ethical Hacker) MandatoryAWS Security Specialty OptionalCISSP or GIAC Security Certifications OptionalBenefitsAll Mandatory Benefits as per UAE law#J-18808-Ljbffr