Penetration Tester

Job Summary: We are seeking a highly skilled and motivated Security Analyst to join our customer cybersecurity team. The ideal candidate will have a strong background in offensive and defensive security practices, with particular expertise in Adversary Simulation, Internal Penetration Testing, Control Infrastructure Review, and Network Penetration Testing. You will work collaboratively with Red and Blue Teams to simulate real-world attacks, assess defences, and strengthen our security posture.

Key Responsibilities:

Internal Penetration Testing & Adversary Simulation:

• Conduct internal penetration tests on systems, applications, and networks to identify vulnerabilities.
• Simulate advanced persistent threats (APTs) and provide actionable recommendations.

Control Infrastructure Review:

• Evaluate the effectiveness of security controls and identify gaps in security policies, configurations, and architectures.

Controls Testing:

• Test and validate the effectiveness of firewalls, IDS/IPS, EDR, and SIEM solutions.
• Measure compliance with security policies.

Network Penetration Testing:

• Perform network penetration testing on devices, protocols, and configurations.
• Identify and exploit vulnerabilities, demonstrating potential impact.

Purple Team Collaboration:

• Work with Red and Blue Teams to improve detection and response capabilities through real-world attack scenarios.

Windows Internals Expertise:

• Show expertise in Windows internals, including processes, memory, registry, and authentication.

Reporting and Documentation:

• Prepare detailed reports with risk ratings, impact analysis, and remediation recommendations.

🔑 Important Notes:

1. Preference will be given to UAE-based candidates.

2. Candidates with notice periods of more than 1 month are kindly excused.

Qualifications:

• Experience: Strong background in internal and network penetration testing.
• Tools: Proficiency with tools such as Metasploit, Cobalt Strike, Nmap, Burp Suite, Wireshark, and PowerShell.
• Frameworks: Familiarity with MITRE ATT&CK, NIST, OWASP.
• Security Solutions: Experience with SIEM (e.g., Splunk, Sentinel) and firewall/IDS/IPS technologies.
• Network Knowledge: Strong understanding of network protocols, segmentation, and VLANs.

Preferred Certifications:

• OSCP (Offensive Security Certified Professional)
• CISSP (Certified Information Systems Security Professional)
• GPEN (GIAC Penetration Tester)
• OSEP (Offensive Security Experienced Professional)

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Ability to thrive in a fast-paced, dynamic environment.