61 Penetration Tester jobs in the United Arab Emirates

Own end-to-end offensive security assessments—web/API/mobile, infra/cloud, and Active Directory—and ship findings that matter. Act as the anchor for most pen-test delivery while contributing to purple-team detection tuning

Responsibilities

1. Assessment Delivery

• Plan and execute scoped tests across web, API, mobile, external/internal networks, AD, and AWS/Azure/GCP
• Emulate APT-style adversaries when scope allows (priv-escalation, lateral movement, data-exfil).

2. Impact Validation & Remediation

• Prove practical business impact (auth bypass, sensitive-data exposure, lateral paths).
• Draft remediation steps that developers/administrators can realistically implement

3. Content & Automation

• Build and maintain reusable checks: Nuclei/Burp/ZAP templates, Semgrep rules, custom scripts (Python/PowerShell/Bash).
• Automate evidence collection and reporting where it eliminates grunt work.

4. Engagement Leadership (rotational)

• Own scoping calls, daily stand-ups, mid-engagement risk reviews, and final report sign-off
• Enforce ROE and quality gates (evidence completeness, exploit reproducibility)

5. Purple-Team Rotation

Map top attacker TTPs to detections with Blue Team; validate coverage, tune SIEM/EDR rules, and document gaps

6. Research & Tooling

Track emerging TTPs, EDR bypass techniques, and cloud IAM abuses; integrate the useful ones into playbooks.

Qualifications

Must-have skills:

Offensive fundamentals:

• Solid OWASP/API testing, AD abuse basics (Kerberoasting, ACL misconfigs).
• Cloud IAM misconfig patterns across AWS, Azure, GCP (e.g., privilege-escalation paths, cross-account pivot).
• Manual exploitation discipline—no blind scanner drop-offs.

Tooling proficiency:
 Metasploit, Burp Suite, Nmap, BloodHound, Covenant/Sliver (or equivalent), plus custom scripting in Python/PowerShell/Bash.

Evidence quality:
 Screenshots, packet captures, logs—well-annotated and reproducible.

Reporting & comms:
 Concise technical write-ups and executive summaries; comfortable leading risk calls.

Certifications (preferred, not mandatory):
 OSCP, OSEP, CRTO, GXPN, or equivalent proven experience.

Nice to have skills:

• Exploit development (e.g., custom payloads, fuzzing)
• Experience bypassing modern EDR/XDR stacks
• Conference presentations or published research

Soft skills:

• Strong proficiency in both written and spoken English.
• Adaptability to thrive in dynamic, fast-paced environments and remote work settings.
• Effective team player with excellent collaboration and interpersonal skills.
• Ability to perform under pressure with a positive attitude and a focus on team success.
• Demonstrates high levels of responsibility, reliability, and accountability.
• Willingness and ability to travel internationally when required.

Role : Penetration Tester

Location : Dubai, UAE

Payroll : Skill Quotient

Experience : 3+ years

Duration: 1 year extendable contract

Required Skills & Experience

• Conduct VAPT across applications, APIs, cloud, and infrastructure.
• Identify, exploit, and document vulnerabilities (aligned with OWASP, PTES, NIST Provide remediation guidance and support revalidation.
• Develop scripts for custom testing and automation.
• Contribute to DevSecOps practices, integrating testing into CI/CD pipelines
• Coverage: Web, mobile, network, API, and cloud.
• Includes authenticated/unauthenticated testing.
• Adheres to OWASP Top 10, SANS 25, PTES, MITRE ATT&CK.
• Deliverables: Scope definition, testing, reporting, remediation validation

Job Type: Full-time

Pay: AED5, AED12,000.00 per month

Application Question(s):

• Curren Salary?
• Notice Period?

Experience:

• Penetration Testing: 2 years (Preferred)

VULNERABILITY ANALYST / PENETRATION TESTER

Purpose

Own the end-to-end vulnerability management lifecycle across infrastructure, endpoints, and cloud. Coordinate remediation with IT/GRC, govern penetration testing (internal and third-party), and continuously reduce exploitable attack surface without disrupting delivery.

Key Responsibilities

1) Vulnerability Management Lifecycle

• Discovery & Coverage:
  Maintain a complete, tagged asset inventory (servers, endpoints, network devices, cloud workloads, containers/k8s, SaaS). Ensure
  authenticated
  scans wherever feasible.
• Scanning & Tuning:
  Operate and tune vuln tooling (ManageEngine/Tenable/Qualys or similar). Integrate credential vaults, schedule scans by asset criticality, minimize scan impact on production.
• Risk-Based Prioritization:
  Triage with
  CVSS v3.1 + EPSS + KEV
• exploit availability, internet exposure, and asset criticality. Escalate rapidly for external-facing criticals.
• Remediation & Change:
  Raise/track tickets in ITSM, align with patch/change windows, provide compensating controls when patching is not immediately possible.
• Validation & Retest:
  Re-scan and perform targeted verification (safe exploit/POC where appropriate). Close findings only on evidence-backed remediation.
• Exceptions & GRC:
  Document time-bound risk acceptances with business owners, map controls to NIST/CIS/ISO 27001 and relevant local regs, keep the exception register current.
• Reporting & Dashboards:
  Weekly ops reports, monthly exec dashboards (exposure by BU/technology, SLA compliance, trends, risk burndown, top KEV exposure).

2) Attack Surface Management (ASM)

• Own external perimeter monitoring (DNS, certificates, open ports, cloud object exposure, shadow IT). Drive takedown/closure of risky services and stale assets. Track "time-to-close" for external critical.

3) Penetration Testing (Governance & Execution)

• Plan & Scope:
  Build the annual PT calendar (external, internal, cloud, wireless, AD, selected apps) with clear Rules of Engagement, success criteria, data handling, and rollback plans. Choose testing modality by risk and objective: Black-box, Gray-box, and White-box.
• Execute/Coordinate:
  Perform targeted tests in-house and manage third-party engagements. Ensure evidence, reproducibility, and clear remediation guidance.
• Standards & Methods:
  Apply NIST SP , PTES, OWASP Testing Guide/ASVS (with AppSec), and map to MITRE ATT&CK for detection-engineering feedback.
• Enterprise Network & Firewall
• Aware Testing: Evaluate controls across NGFW/WAF/IDS/IPS, VPNs, segmentation (VLAN/VRF), egress filtering, DNS/security filtering, NAT, and cloud security groups/NACLs. Validate rulebase hygiene (shadowed rules, any-any, unused/overly permissive objects), attack surface exposure, and bypass paths, provide concrete policy/hardening recommendations.

4) Cloud, Container & Modern Stack Coverage

• Assess cloud (PaaS and SaaS Applications) configurations against CIS Benchmarks and native CSPM findings, integrate container/IaC scanning for infra drift, coordinate with DevSecOps for pipeline gates.

5) SOC/Detection Integration

• Enrich SIEM/XDR with vulnerability context for risk-weighted alerting. Partner with SOC to validate exploitability and to prioritize hardening based on active threats.

Required Qualifications & Skills

• Experience:
  5+ years in
  Vulnerability Management
  and
  Penetration Testing
  across enterprise environments (on-prem + cloud).
• Tooling:
  Admin-level hands-on with ManageEngine/Tenable/Qualys/SentinelOne (or similar), familiarity with EASM tools, practical use of EPSS, CISA KEV, SBOM/CVE workflows.
• Testing:
  Proficiency with common PT tooling (e.g., Burp Suite, Nmap, Responder, BloodHound, Impacket, Kali), safe exploitation, and evidence capture.
• Platforms:
  Strong Windows/Linux, AD, network fundamentals, cloud security (Azure/AWS/GCP), containers/k8s basics.
• Scripting/Automation:
  Python, PowerShell, or Bash for data wrangling and workflow automation.
• Frameworks:
  Working knowledge of NIST CSF/ISO 27001/CIS Controls, OWASP Top 10, MITRE ATT&CK mapping.
• Soft Skills:
  Clear written reporting for exec and technical audiences, stakeholder management, ability to negotiate patch windows and drive closure.

Nice-to-Have Certifications

• PT/Vuln:
  OSCP, eCPPT, GPEN, GXPN, PNPT, eJPT
• Cloud/Sec:
  AZ-500, AWS Security Specialty, GCSA
• VM/Blue:
  GMON, GCDA, or vendor quals (Tenable/Qualys)

Job Summary:

We're seeking an experienced VAPT Engineer with 5+ years of experience in identifying security vulnerabilities and conducting penetration testing on systems, networks, and applications. The ideal candidate will have a strong technical background, excellent analytical skills, and the ability to communicate complex security issues to stakeholders.

Key Responsibilities
:

• Conduct comprehensive vulnerability assessments and penetration testing on systems, networks, and applications

• Identify and analyze security vulnerabilities, and recommend remediation strategies

• Develop and implement customized testing methodologies and tools

• Collaborate with security teams to implement solutions and enhance security systems

• Create detailed reports on findings, methodologies, and recommendations

Required Skills and Qualifications:

-
5+ years
of experience in vulnerability assessment, penetration testing, and cybersecurity

• Strong technical skills in operating systems, networking, and programming languages (e.g., Python, C++)

• Experience with penetration testing tools (e.g., Metasploit, Burp Suite) and frameworks (e.g., OWASP, NIST)

• Excellent analytical and problem-solving skills

• Strong communication and presentation skills

• Relevant certifications (e.g., OSCP, CEH, CISSP)

Nice to Have:

• Experience with cloud security (AWS, Azure, GCP)

• Knowledge of DevOps practices and tools (e.g., Jenkins, Docker)

• Familiarity with security frameworks and regulations (e.g., PCI DSS, HIPAA)

We are seeking an experienced Penetration Tester to join our dynamic IT operations team in Ajman, UAE. In this critical role, you will be responsible for proactively identifying security vulnerabilities in our systems, networks, and applications before they can be exploited. Your expertise will help safeguard Dicetek's digital infrastructure and ensure the highest standards of cybersecurity across all platforms. This is an exciting opportunity to work with a forward-thinking team dedicated to building secure and resilient IT environments.

Perform regular penetration testing on web applications, networks, and systems.
Identify, exploit, and document vulnerabilities with precision and clarity.
Conduct risk assessments and security audits to evaluate existing security controls.
Simulate real-world attacks to test the robustness of current defense mechanisms.
Collaborate with the IT and development teams to remediate vulnerabilities and improve security posture.
Stay updated on the latest security threats, tools, and trends.
Prepare detailed reports and presentations on findings for both technical and non-technical stakeholders.
Ensure compliance with security frameworks and industry regulations.

Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Minimum 6+ years of hands-on experience in penetration testing and vulnerability assessments.
In-depth knowledge of penetration testing methodologies, tools (e.g., Metasploit, Burp Suite, Nessus), and frameworks (e.g., OWASP, PTES).
Experience in ethical hacking, red teaming, and social engineering techniques.
Strong understanding of operating systems, networking protocols, and security architectures.
Relevant certifications such as OSCP, CEH, GPEN, or CISSP are highly desirable.
Excellent analytical, problem-solving, and communication skills.

At Dicetek LLC, we are a global IT solutions and services company committed to delivering technology-driven business innovations that empower enterprises across diverse industries. Headquartered in the UAE with a strong presence across the Middle East and Asia, Dicetek prides itself on its client-centric approach, deep domain expertise, and scalable delivery model. Our mission is to transform businesses by aligning cutting-edge technology with core organizational goals, while upholding values of integrity, innovation, and excellence.

VULNERABILITY ANALYST / PENETRATION TESTER

Purpose

Own the end-to-end vulnerability management lifecycle across infrastructure, endpoints, and cloud. Coordinate remediation with IT/GRC, govern penetration testing (internal and third-party), and continuously reduce exploitable attack surface without disrupting delivery.

Key Responsibilities

• Discovery & Coverage: Maintain a complete, tagged asset inventory (servers, endpoints, network devices, cloud workloads, containers/k8s, SaaS). Ensure authenticated scans wherever feasible.
• Scanning & Tuning: Operate and tune vuln tooling (ManageEngine/Tenable/Qualys or similar). Integrate credential vaults, schedule scans by asset criticality, minimize scan impact on production.
• Risk-Based Prioritization: Triage with CVSS v3.1 + EPSS + KEV + exploit availability, internet exposure, and asset criticality. Escalate rapidly for external-facing criticals.
• Remediation & Change: Raise/track tickets in ITSM, align with patch/change windows, provide compensating controls when patching is not immediately possible.
• Validation & Retest: Re-scan and perform targeted verification (safe exploit/POC where appropriate). Close findings only on evidence-backed remediation.
• Exceptions & GRC: Document time-bound risk acceptances with business owners, map controls to NIST/CIS/ISO 27001 and relevant local regs, keep the exception register current.
• Reporting & Dashboards: Weekly ops reports, monthly exec dashboards (exposure by BU/technology, SLA compliance, trends, risk burndown, top KEV exposure).
• Own external perimeter monitoring (DNS, certificates, open ports, cloud object exposure, shadow IT). Drive takedown/closure of risky services and stale assets. Track "time-to-close" for external critical.

• Plan & Scope: Build the annual PT calendar (external, internal, cloud, wireless, AD, selected apps) with clear Rules of Engagement, success criteria, data handling, and rollback plans. Choose testing modality by risk and objective: Black-box, Gray-box, and White-box.
• Execute/Coordinate: Perform targeted tests in-house and manage third-party engagements. Ensure evidence, reproducibility, and clear remediation guidance.
• Standards & Methods: Apply NIST SP 800-115, PTES, OWASP Testing Guide/ASVS (with AppSec), and map to MITRE ATT&CK for detection-engineering feedback.
• Enterprise Network & Firewall - Aware Testing: Evaluate controls across NGFW/WAF/IDS/IPS, VPNs, segmentation (VLAN/VRF), egress filtering, DNS/security filtering, NAT, and cloud security groups/NACLs. Validate rulebase hygiene (shadowed rules, any-any, unused/overly permissive objects), attack surface exposure, and bypass paths, provide concrete policy/hardening recommendations.

• Assess cloud (PaaS and SaaS Applications) configurations against CIS Benchmarks and native CSPM findings, integrate container/IaC scanning for infra drift, coordinate with DevSecOps for pipeline gates.

• Enrich SIEM/XDR with vulnerability context for risk-weighted alerting. Partner with SOC to validate exploitability and to prioritize hardening based on active threats.

• Experience: 5+ years in Vulnerability Management and Penetration Testing across enterprise environments (on-prem + cloud).
• Tooling: Admin-level hands-on with ManageEngine/Tenable/Qualys/SentinelOne (or similar), familiarity with EASM tools, practical use of EPSS, CISA KEV, SBOM/CVE workflows.
• Testing: Proficiency with common PT tooling (e.g., Burp Suite, Nmap, Responder, BloodHound, Impacket, Kali), safe exploitation, and evidence capture.
• Platforms: Strong Windows/Linux, AD, network fundamentals, cloud security (Azure/AWS/GCP), containers/k8s basics.
• Scripting/Automation: Python, PowerShell, or Bash for data wrangling and workflow automation.
• Frameworks: Working knowledge of NIST CSF/ISO 27001/CIS Controls, OWASP Top 10, MITRE ATT&CK mapping.
• Soft Skills: Clear written reporting for exec and technical audiences, stakeholder management, ability to negotiate patch windows and drive closure.

• PT/Vuln: OSCP, eCPPT, GPEN, GXPN, PNPT, eJPT
• Cloud/Sec: AZ-500, AWS Security Specialty, GCSA

• Mid-Senior level

• Full-time

• Information Technology
• Industries: IT System Custom Software Development, Technology, Information and Media, and Computer and Network Security

Position: OT Penetration Tester

Location:
Abu Dhabi, United Arab Emirates

Company:
Anxinsec (AB) Technology Co., Limited

About Us

Anxinsec is a globally expanding cybersecurity company driven by AI innovation. Headquartered in Abu Dhabi, we deliver cutting-edge security technologies and professional services to government bodies and enterprises across MENA, APAC, and North America. Our mission is to build secure, resilient digital systems for the modern world.

Role Summary

We are seeking an OT Penetration Tester with hands-on experience in industrial control systems (ICS) security. This role involves performing safe and targeted assessments across OT environments, including SCADA, DCS, PLCs, and legacy infrastructure. Candidates must demonstrate a strong understanding of OT architecture, threat modeling, protocol exploitation, and stakeholder communication.

Key Responsibilities

• Perform vulnerability assessments and penetration testing on OT/ICS environments, including PLCs, RTUs, DCS, and HMIs
• Utilize OT-safe tools and adhere to strict safety standards (e.g., LOTO) to avoid operational disruption
• Analyze OT network architectures (e.g., Purdue Model) and test segmentation between IT/OT zones
• Identify and exploit vulnerabilities in OT protocols (Modbus, DNP3, S7comm, OPC UA) and embedded firmware
• Collaborate with control system engineers to define secure test scopes and operational constraints
• Translate technical findings into business and operational risks; provide mitigation recommendations
• Align assessments with standards such as IEC 62443, NIST SP800-82, and ISO 27001 for OT
• Document results with clear and actionable technical reports for both engineering and executive audiences

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Electrical Engineering, or related field
• 3+ years of experience in OT security assessment, ICS penetration testing, or critical infrastructure defense
• Deep knowledge of ICS components (PLCs, RTUs, HMIs), architectures (Purdue Model), and network protocols
• Proficiency with tools like Wireshark (OT dissectors), , Metasploit (with caution), GRFICS
• Familiarity with LOTO, MOC, and safety processes for industrial environments
• Excellent communication skills and ability to work with plant operators and cybersecurity teams
• High sense of responsibility when handling production environments

Preferred Certifications

• OT-Specific: GICSP, GRID, ICS410, ISA/IEC 62443
• General: OSCP, CEH, Pentest+, CCNA (Industrial optional)

Bonus Points

• Hands-on experience with WirelessHART, ISA100, LoRaWAN
• Scripting experience in Python/PowerShell tailored for ICS
• Incident response or physical security experience in OT environments
• Research or publications in OT threat analysis or protocol fuzzing

What We Offer

• Standard insurance & benefits plan
• Performance-linked year-end bonus
• Work visa support for UAE area
• Opportunity to work on critical national infrastructure projects
• Diverse and highly technical global team culture
• Career development through participation in top-tier security projects

Salt Abu Dhabi Emirate, United Arab Emirates

Salt Abu Dhabi Emirate, United Arab Emirates

Cyber Security Project Hiring / Contractors Strategic Hiring Partner across ( SOC , Network Security, GRC , Info Security, Pentesting ) at Salt

Location : UAE

Type : 6-Month Contract Extenable

About the Role :

We’re looking for an experienced Senior Penetration Tester to join our cyber security team and lead offensive security engagements across a variety of environments and technologies. You’ll play a crucial role in identifying security weaknesses before adversaries can exploit them, helping our clients improve their overall security posture.

Key Responsibilities :

• Lead and execute advanced penetration testing and red team exercises across networks, web applications, APIs, mobile, cloud, and IoT environments.
• Perform threat modeling and vulnerability assessments aligned with the latest TTPs (MITRE ATT&CK, OWASP Top 10, etc.).
• Deliver detailed findings through clear, concise, and technically accurate reports tailored for both technical and executive audiences.
• Collaborate with blue teams to validate detections and improve defenses.
• Provide mentorship and guidance to junior team members.
• Contribute to tool development, methodology improvements, and knowledge sharing within the team.

Requirements :

Seniority level

Seniority level

Mid-Senior level

Employment type

Employment type

Contract

Job function

Industries

Engineering Services and IT System Testing and Evaluation

Referrals increase your chances of interviewing at Salt by 2x

Get notified about new Penetration Tester jobs in Abu Dhabi Emirate, United Arab Emirates .

Abu Dhabi Emirate, United Arab Emirates 2 weeks ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 20 hours ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 20 hours ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 20 hours ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 2 months ago

Senior Engineer , IT Security Operations – Firewall

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 7 months ago

Application Security Assurance Manager - Cyber Test & Evaluation

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 6 days ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 2 months ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 3 days ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 1 month ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 3 months ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 1 month ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 1 day ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 1 month ago

Abu Dhabi Industrial City, Abu Dhabi Emirate, United Arab Emirates 1 month ago

Abu Dhabi Emirate, United Arab Emirates 1 week ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 2 months ago

Abu Dhabi Emirate, United Arab Emirates 2 days ago

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 2 months ago

Senior IT / OT Cyber Risk & Compliance Engineer F / H

Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

Vulnerability Analyst/ Penetration Tester

Dubai, United Arab Emirates | Posted on 11/09/2025

IFZA Dubai is the most dynamic and truly international Free Zone Community in the UAE, optimizing the country's strategic location and world-class infrastructure. We provide easy, reliable, and fast company formation services through our network of Professional Partners and Government Authorities.

Purpose

Own the end-to-end vulnerability management lifecycle across infrastructure, endpoints, and cloud. Coordinate remediation with IT/GRC, govern penetration testing (internal and third-party), and continuously reduce exploitable attack surface without disrupting delivery.

Key Responsibilities

1) Vulnerability Management Lifecycle

• Discovery & Coverage: Maintain a complete, tagged asset inventory (servers, endpoints, network devices, cloud workloads, containers/k8s, SaaS). Ensure authenticated scans wherever feasible.
• Scanning & Tuning: Operate and tune vulnerability tooling (ManageEngine/Tenable/Qualys or similar). Integrate credential vaults, schedule scans by asset criticality, minimize scan impact on production.
• Risk-Based Prioritization: Triage with CVSSv3.1 + EPSS + KEV + exploit availability, internet exposure, and asset criticality. Escalate rapidly for external-facing criticals.
• Remediation & Change: Raise/track tickets in ITSM, align with patch/change windows, provide compensating controls when patching is not immediately possible.
• Validation & Retest: Re-scan and perform targeted verification (safe exploit/POC where appropriate). Close findings only on evidence-backed remediation.
• Exceptions & GRC: Document time-bound risk acceptances with business owners, map controls to NIST/CIS/ISO 27001 and relevant local regs, keep the exception register current.
• Reporting & Dashboards: Weekly ops reports, monthly exec dashboards (exposure by BU/technology, SLA compliance, trends, risk burndown, top KEV exposure).
• Own external perimeter monitoring (DNS, certificates, open ports, cloud object exposure, shadow IT). Drive takedown/closure of risky services and stale assets. Track “time-to-close” for external criticals.

3) Penetration Testing (Governance & Execution)

• Plan & Scope: Build the annual PT calendar (external, internal, cloud, wireless, AD, selected apps) with clear Rules of Engagement, success criteria, data handling, and rollback plans. Choose testing modality by risk and objective: Black-box, Gray-box, and White-box.
• Execute/Coordinate: Perform targeted tests in-house and manage third-party engagements. Ensure evidence, reproducibility, and clear remediation guidance.
• Standards & Methods: Apply NIST SP800-115, PTES, OWASP Testing Guide/ASVS (with AppSec), and map to MITRE ATT&CK for detection-engineering feedback.
• Enterprise Network & Firewall: AwareTesting: Evaluate controls across NGFW/WAF/IDS/IPS, VPNs, segmentation (VLAN/VRF), egress filtering, DNS/security filtering, NAT, and cloud security groups/NACLs. Validate rulebase hygiene (shadowed rules, any-any, unused/overly permissive objects), attack surface exposure, and bypass paths, provide concrete policy/hardening recommendations.

4) Cloud, Container & Modern Stack Coverage

• Assess cloud (PaaS and SaaS Applications) configurations against CIS Benchmarks and native CSPM findings, integrate container/IaC scanning for infra drift, coordinate with DevSecOps for pipeline gates.

5) SOC/Detection Integration

• Enrich SIEM/XDR with vulnerability context for risk-weighted alerting. Partner with SOC to validate exploitability and to prioritize hardening based on active threats.

• Experience: 5+ years in Vulnerability Management and Penetration Testing across enterprise environments (on-prem + cloud).
• Tooling: Admin-level hands-on with ManageEngine/Tenable/Qualys/SentinelOne (or similar), familiarity with EASM tools, practical use of EPSS, CISA KEV, SBOM/CVE workflows.
• Testing: Proficiency with common PT tooling (e.g., Burp Suite, Nmap, Responder, BloodHound, Impacket, Kali), safe exploitation, and evidence capture.
• Platforms: Strong Windows/Linux, AD, network fundamentals, cloud security (Azure/AWS/GCP), containers/k8s basics.
• Scripting/Automation: Python, PowerShell, or Bash for data wrangling and workflow automation.
• Frameworks: Working knowledge of NIST CSF/ISO27001/CIS Controls, OWASP Top 10, MITRE ATT&CK mapping.
• Soft Skills: Clear written reporting for exec and technical audiences, stakeholder management, ability to negotiate patch windows and drive closure.

As an employee of IFZA, you can expect:

• 24 working days as annual leave
• Annual flight home
• Life insurance plan
• Medical insurance plan (with the option to upgrade at your own cost)
• Access to exclusive Fazaa discounts (applicable in participating retail stores, food & beverage outlets, fitness clubs, cinemas, theme parks, clinics, and more)