Navbar Example Job Listings
Senior Penetration Tester
← BACK

Senior Penetration Tester

DESCRIPTION:

About Kualitatem

Kualitatem is a global Consulting, Audit and Assurance company specializing in Software Quality Assurance, Information Security, Technology Process Optimization Cloud Infrastructure. Kualitatem is a TMMi Level 5, ISO 9001, ISO 27001 and SOC2 certified company. 

Position Summary
The Senior Penetration Testing & Security Assessment resource will be responsible for identifying, validating, and reporting security weaknesses across technology, processes. The role combines technical penetration testing with holistic security assessments to provide assurance that organizational systems, data, and operations are secure and compliant with industry best practices and regulatory requirements.

The Senior Penetration Tester will be responsible for planning, executing, and reporting on penetration testing engagements across applications, networks, cloud, APIs, and infrastructure. The role ensures vulnerabilities are identified, validated, and reported with actionable remediation steps, aligned to industry standards (NIST, OWASP, MITRE ATT&CK, CIS).

Key Responsibilities

Penetration Testing

  • Planning & Scoping: Define test objectives, methodology, and rules of engagement.
  • Execution: Perform security assessments penetration tests across Web/mobile applications (OWASP Top 10, API Top 10), Cloud environments , Networks and infrastructure (internal/external), APIs, microservices, wireless, and endpoints.
  • Exploitation & Validation: Develop PoCs for vulnerabilities, simulate real-world attack scenarios aligned to MITRE ATT&CK, validate security control effectiveness.
  • Reporting: Provide executive-level and technical reports with prioritized remediation.

Configuration & Hardening Reviews

  • Assess security configurations of servers, endpoints, cloud workloads, firewalls, and WAFs. Benchmark against CIS Benchmarks. 
  • Conduct Cloud Security Assessments. Review IAM, encryption, logging/monitoring, and data residency controls. Identify gaps in shared responsibility model.
  • Conduct Application Security Assessments. Secure code review and DevSecOps pipeline integration, Threat modeling and design review of critical applications.
  • Evaluate API security controls.

Network & Infrastructure Security Reviews

  • Firewall, VPN, and segmentation reviews, configuration reviews etc.

Required Skills & Experience

  • 7–10 years’ experience in penetration testing/red teaming. 
  • Strong expertise in application security, network security, and cloud environments. Expertise in Windows operating system. Knowledge on containerisation.
  • Proficiency with tools (Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, Nmap, etc.).
  • Knowledge of secure development practices (DevSecOps).
  • Certifications preferred: Any of these certifications OSCP, OSWE, OSEP, CREST, GPEN, GXPN. CREST certification holders will be prioritised.

    Mandatory requirement: OSCP and CREST certification

Dubai

  • Location: Dubai
  • Openings: 1
  • Salary Range: