The VAPT Specialist will perform complex security assessments, across infrastructure, applications, and cloud environments for internal as well as external clients. The ideal candidate will simulate real-world cyber-attacks to identify exploits/vulnerabilities and generate a report with those findings to share with internal team as well as external clients. This role requires deep technical expertise, strong communication skills, and the ability to mentor junior team members.
Responsibilities:
- Shape the organization’s offensive security strategy by identifying high‑impact risks and aligning testing efforts with business priorities and UAE cybersecurity regulations.
- Act as a senior advisor to leadership by translating technical findings into strategic security decisions that strengthen long‑term cyber‑resilience.
- Drive continuous improvement of penetration testing methodologies, tooling, and red‑team capabilities to stay ahead of emerging threats.
- Mentor and elevate the technical maturity of the security team, ensuring consistent adoption of best‑practice offensive security standards.
- Lead and conduct end-to-end penetration tests (Network, Web Application, Mobile, API, and Cloud) using both manual and automated techniques.
- Design and execute red‑team and adversary simulation exercises to evaluate detection and response.
- Translate complex technical findings into actionable executive summaries and detailed technical reports. Work closely with DevOps and IT teams to oversee remediation efforts.
- Ensure all testing methodologies and outcomes support compliance with UAE-specific regulations such as the Information Security Regulation (ISR) and NESA IAS.
- Conduct secure code reviews to identify logic flaws, insecure patterns, and vulnerabilities early in the development lifecycle.
- Collaborate with blue teams to test and refine detection and response mechanisms.
- Perform scheduled and on‑demand penetration testing engagements, ensuring timely delivery, proper scoping, and adherence to internal and UAE‑aligned testing standards.
- Maintain, update, and operate offensive security toolsets, including custom scripts, exploit frameworks, and testing environments to support ongoing assessments.
- Track, document, and manage vulnerabilities from discovery through remediation, ensuring accurate logging in ticketing or risk‑management systems.
- Coordinate with cross‑functional teams (IT, DevOps, SOC) during testing windows, retesting cycles, and operational security activities to minimize business disruption.
Qualification and Job specific skills:
- Bachelor’s degree in computer science, Cybersecurity, Information Security, or a related field.
- Should have 6 to 8 years of hands on penetration testing experience in enterprise environments.
- Proficiency with industry-standard tools like Burp Suite Professional, Metasploit, Cobalt Strike, Nmap, Kali Linux and Nessus/Qualys
- Deep understanding of Active Directory security, Kerberos attacks, and Cloud Security (Azure/AWS/GCP).
- Preferred technical certifications - OffSec - OSEP (Experienced Penetration tester) / OffSec - OSWE (Web Expert) / OffSec - OSCP (Offensive Security Certified Professional) / CREST- CCT INF (Infrastructure) / CREST- CCT APP (Applications) / CEH (Practical) – Certified Ethical Hacker EC-Council - LPT (Master) / EC-Council - ECSA (Certified Security Analyst).
