Job Description
- Perform manual and automated penetration testing on web applications, APIs, infrastructure, and cloud-hosted environments.
- Conduct red team/purple team exercises to simulate advanced threat actor behavior using frameworks like MITRE ATT&CK.;
- Identify security flaws, misconfigurations, and business logic vulnerabilities across hybrid and cloud environments.
- Use tools such as Burp Suite, Nmap, Metasploit, Cobalt Strike, and custom scripts to simulate attacks.
- Provide detailed reports with risk ratings, technical impact, and remediation recommendations.
- Collaborate with DevOps and application teams to validate, reproduce, and remediate identified issues.
- Continuously research and adopt emerging offensive techniques, vulnerabilities, and toolsets.
Cloud Security (Secondary but Required):
- Assess cloud environments (Azure, AWS, GCP) for security weaknesses, including exposed services, misconfigured IAM, and insecure storage.
- Assist in secure design reviews and threat modeling for cloud-native workloads.
- Use tools like Microsoft Defender for Cloud, Prisma Cloud, Wiz, or ScoutSuite to identify misconfigurations.
- Automate detection of insecure infrastructure via Infrastructure-as-Code (Terraform, Bicep, etc.).
- Support incident response activities related to cloud-based threats and unauthorized access.
Compliance and Governance Support:
- Understand and apply security testing methods aligned with:
- HIPAA (for healthcare application testing),
- PCI-DSS (for applications storing/processing cardholder data), and
- NESA (UAE-specific cybersecurity baseline).
- Participate in security audits and assessments by providing technical evidence and findings.
- Maintain documentation for vulnerability management, security testing scope, and remediation tracking.
Required Skills and Experience
- 2+ years of hands-on experience in penetration testing and offensive security engagements.
- Deep understanding of application security testing, OWASP Top 10, and real-world exploit techniques.
- Experience testing cloud workloads (Azure, AWS, or GCP) from an attacker's perspective.
- Familiarity with red/purple teaming, lateral movement, privilege escalation, and post-exploitation techniques.
- Strong proficiency with tools like Burp Suite Pro, Nmap, Metasploit, Cobalt Strike, etc.
- Scripting experience with Python, PowerShell, or Bash to develop custom tools and automate testing.
- Exposure to SIEM, CSPM, and EDR platforms for identifying and responding to test detections.
Preferred Certifications (Offensive & Cloud Focused)
- Penetration Testing / Offensive Security:
- OSCP (Offensive Security Certified Professional)
- OSEP / OSCE / GPEN / GWAPT / CRTO
- CEH (Certified Ethical Hacker – practical)
- Cloud Security (Supplementary):
- Microsoft Certified: Azure Security Engineer Associate
- AWS Certified Security – Specialty
- Google Cloud Professional Security Engineer
- Compliance (Optional but Useful):
- CISSP, CCSP, or CISM
- Certified HIPAA Professional (CHP), PCI ISA
- Familiarity with UAE’s NESA compliance standards
💡 Quick Summary
Seeking a career-building opportunity? The Penetration Tester position is now open for candidates interested in the Security Guard Jobs sector. This role in India offers a professional environment and growth potential.
Requirement Snapshot: Candidates should possess basic communication skills, a proactive attitude, and the ability to work in a team. Experience in Security Guard Jobs is a plus.
