Penetration Tester (Web)

Posted 01 March 2024
Salary 30-35K AED p/m and benefits
LocationDubai
Job type Permanent
Discipline FinTech
Contact NameBrett Lockett

Job description

Are you keen to join a leading innovative company specializing in end-to-end technology products and solutions?

We are partnering with a client that do just that and provide the very technology stacks and culturally diverse environment.

If you enjoy building next-generation technology for a global organization this could be the role for you…

Responsibilities

  • Conduct thorough penetration testing across a variety of web applications, examining both client-side and server-side aspects.

  • This includes an in-depth analysis of application structures, server setups, databases, and identifying business and logic flaws to detect security vulnerabilities.

  • Employ sophisticated techniques and adopt an adversary's mindset to uncover and exploit vulnerabilities, highlighting the potential impact to emphasize the need and urgency for remediation. This includes the development of custom payloads and leveraging known exploits.

  • Develop and communicate effective remediation strategies for mitigating identified vulnerabilities, ensuring clear guidance is provided to the development teams involved

Requirements:

  • A minimum of two years of experience in the field of web penetration testing

  • Qualifications and Certifications: While not strictly required, but possession of a relevant degree or industry-recognized certifications focused on practical skills, such as BSCP, OSWE, OSWA, HTB-CWEE, or HTB-CBBH, serve as substantial evidence of practical knowledge and expertise in penetration testing, demonstrating a commitment to and proficiency in the field.

  • Expertise in Web Pentesting: Comprehensive knowledge of web application vulnerabilities, to exploit security gaps/ vulnerabilities on endpoint applications. A solid understanding of OWASP/OSWAP API standards and proficiency in manual testing methodologies is a must

  • Programming Skills: Proficiency in at least one programming language (e.g., Python, Java, PHP, JavaScript) to support effective testing and exploitation methodologies

  • Bug Bounty Recognition: Achievements in bug bounty programs, indicating practical experience in identifying and reporting security vulnerabilities, are considered an advantage.

  • Cloud and Container Security: Experience with security assessments of cloud-based applications and services (e.g., AWS, Azure) and familiarity with the security considerations for containerized deployments are desirable.

Apply today!