Penetration Tester

About This Role

Role Description

This is a full-time on-site role located in Dubai for a Penetration Tester. The Penetration Tester will perform

Job Summary:

We are looking for a highly skilled and motivated Penetration Tester specialized in Web and Mobile Applications to join our cybersecurity offensive team. The successful candidate will be responsible for identifying vulnerabilities, simulating real-world attacks, and supporting clients in strengthening their application security posture.

This role requires strong technical expertise, hands-on experience in offensive security, and the ability to clearly communicate findings to both technical and non-technical stakeholders.

Key Responsibilities:

Web & Mobile Application Security Testing

· Perform black-box, grey-box, and white-box penetration testing on web and mobile applications

· Identify, exploit, and document vulnerabilities in accordance with industry standards (e.g., OWASP Top 10, OWASP Mobile Top 10)

· Conduct secure code reviews when required

Vulnerability Analysis & Reporting

· Analyse vulnerabilities and assess their business and technical impact

· Produce detailed and high-quality penetration testing reports, including:

o Executive summaries

o Technical findings

o Risk ratings and remediation recommendations

· Present findings to clients and support remediation discussions

Offensive Security Activities

· Perform advanced testing techniques such as authentication bypass, session management attacks, API testing, and mobile reverse engineering

· Test REST APIs, microservices, and modern web architectures

· Support red team exercises when required

Tools & Methodologies

· Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, MobSF, Frida, and others

· Develop custom scripts or tools to support testing activities

· Follow structured methodologies and frameworks (OWASP, PTES, etc.)

Client Engagement & Support

· Interact directly with clients to understand application architecture and testing scope

· Provide clear and actionable remediation guidance

• · Support re-testing and validation of fixes

Knowledge Development & Research

· Stay up to date with emerging vulnerabilities, attack techniques, and security trends

· Contribute to internal knowledge sharing, labs, and research initiatives

· Participate in training, certifications, and cybersecurity events

Required Hard Skills:

· Degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)

· Minimum 2 years of experience in application security testing (web and/or mobile)

· Strong knowledge of web technologies (HTTP/S, APIs, authentication mechanisms, etc.)

· Experience with mobile platforms (iOS, Android) and related security risks

· Hands-on experience with penetration testing tools (Burp Suite, etc.)

· Solid understanding of OWASP Top 10 and secure coding practices

· Strong reporting and communication skills in English

Required Soft Skills:

· Residence in UAE

· Relevant certifications (e.g., OSCP, OSWE, eWPT, eMAPT, CEH)

· Experience with mobile app reverse engineering (Frida, Objection, JADX, etc.)

· Familiarity with cloud environments and API security testing

· Experience working with clients in the GCC region

· Strong analytical mindset and attention to detail

· Excellent interpersonal and teamwork abilities

· Flexibility and composure under stressful situations

· Willingness to travel within the GCC for on-site engagements if required

· Excellent communication skills in English (Arabic is a strong advantage)

Why Join Us?

· Opportunity to work in a growing cybersecurity environment

· Collaborative and dynamic team culture

· Real impact on security operations and client success

Be part of a high-impact cybersecurity team in one of the world’s most dynamic digital regions.

Apply now and help secure the future of our clients across the GCC, HereWeGo!