18 Penetration Tester jobs in the United Arab Emirates

Own end-to-end offensive security assessments—web/API/mobile, infra/cloud, and Active Directory—and ship findings that matter. Act as the anchor for most pen-test delivery while contributing to purple-team detection tuning

Responsibilities

1. Assessment Delivery

• Plan and execute scoped tests across web, API, mobile, external/internal networks, AD, and AWS/Azure/GCP
• Emulate APT-style adversaries when scope allows (priv-escalation, lateral movement, data-exfil).

2. Impact Validation & Remediation

• Prove practical business impact (auth bypass, sensitive-data exposure, lateral paths).
• Draft remediation steps that developers/administrators can realistically implement

3. Content & Automation

• Build and maintain reusable checks: Nuclei/Burp/ZAP templates, Semgrep rules, custom scripts (Python/PowerShell/Bash).
• Automate evidence collection and reporting where it eliminates grunt work.

4. Engagement Leadership (rotational)

• Own scoping calls, daily stand-ups, mid-engagement risk reviews, and final report sign-off
• Enforce ROE and quality gates (evidence completeness, exploit reproducibility)

5. Purple-Team Rotation

Map top attacker TTPs to detections with Blue Team; validate coverage, tune SIEM/EDR rules, and document gaps

6. Research & Tooling

Track emerging TTPs, EDR bypass techniques, and cloud IAM abuses; integrate the useful ones into playbooks.

Qualifications

Must-have skills:

Offensive fundamentals:

• Solid OWASP/API testing, AD abuse basics (Kerberoasting, ACL misconfigs).
• Cloud IAM misconfig patterns across AWS, Azure, GCP (e.g., privilege-escalation paths, cross-account pivot).
• Manual exploitation discipline—no blind scanner drop-offs.

Tooling proficiency:
 Metasploit, Burp Suite, Nmap, BloodHound, Covenant/Sliver (or equivalent), plus custom scripting in Python/PowerShell/Bash.

Evidence quality:
 Screenshots, packet captures, logs—well-annotated and reproducible.

Reporting & comms:
 Concise technical write-ups and executive summaries; comfortable leading risk calls.

Certifications (preferred, not mandatory):
 OSCP, OSEP, CRTO, GXPN, or equivalent proven experience.

Nice to have skills:

• Exploit development (e.g., custom payloads, fuzzing)
• Experience bypassing modern EDR/XDR stacks
• Conference presentations or published research

Soft skills:

• Strong proficiency in both written and spoken English.
• Adaptability to thrive in dynamic, fast-paced environments and remote work settings.
• Effective team player with excellent collaboration and interpersonal skills.
• Ability to perform under pressure with a positive attitude and a focus on team success.
• Demonstrates high levels of responsibility, reliability, and accountability.
• Willingness and ability to travel internationally when required.

Role : Penetration Tester

Location : Dubai, UAE

Payroll : Skill Quotient

Experience : 3+ years

Duration: 1 year extendable contract

Required Skills & Experience

• Conduct VAPT across applications, APIs, cloud, and infrastructure.
• Identify, exploit, and document vulnerabilities (aligned with OWASP, PTES, NIST Provide remediation guidance and support revalidation.
• Develop scripts for custom testing and automation.
• Contribute to DevSecOps practices, integrating testing into CI/CD pipelines
• Coverage: Web, mobile, network, API, and cloud.
• Includes authenticated/unauthenticated testing.
• Adheres to OWASP Top 10, SANS 25, PTES, MITRE ATT&CK.
• Deliverables: Scope definition, testing, reporting, remediation validation

Job Type: Full-time

Pay: AED5, AED12,000.00 per month

Application Question(s):

• Curren Salary?
• Notice Period?

Experience:

• Penetration Testing: 2 years (Preferred)

VULNERABILITY ANALYST / PENETRATION TESTER

Purpose

Own the end-to-end vulnerability management lifecycle across infrastructure, endpoints, and cloud. Coordinate remediation with IT/GRC, govern penetration testing (internal and third-party), and continuously reduce exploitable attack surface without disrupting delivery.

Key Responsibilities

1) Vulnerability Management Lifecycle

• Discovery & Coverage:
  Maintain a complete, tagged asset inventory (servers, endpoints, network devices, cloud workloads, containers/k8s, SaaS). Ensure
  authenticated
  scans wherever feasible.
• Scanning & Tuning:
  Operate and tune vuln tooling (ManageEngine/Tenable/Qualys or similar). Integrate credential vaults, schedule scans by asset criticality, minimize scan impact on production.
• Risk-Based Prioritization:
  Triage with
  CVSS v3.1 + EPSS + KEV
• exploit availability, internet exposure, and asset criticality. Escalate rapidly for external-facing criticals.
• Remediation & Change:
  Raise/track tickets in ITSM, align with patch/change windows, provide compensating controls when patching is not immediately possible.
• Validation & Retest:
  Re-scan and perform targeted verification (safe exploit/POC where appropriate). Close findings only on evidence-backed remediation.
• Exceptions & GRC:
  Document time-bound risk acceptances with business owners, map controls to NIST/CIS/ISO 27001 and relevant local regs, keep the exception register current.
• Reporting & Dashboards:
  Weekly ops reports, monthly exec dashboards (exposure by BU/technology, SLA compliance, trends, risk burndown, top KEV exposure).

2) Attack Surface Management (ASM)

• Own external perimeter monitoring (DNS, certificates, open ports, cloud object exposure, shadow IT). Drive takedown/closure of risky services and stale assets. Track "time-to-close" for external critical.

3) Penetration Testing (Governance & Execution)

• Plan & Scope:
  Build the annual PT calendar (external, internal, cloud, wireless, AD, selected apps) with clear Rules of Engagement, success criteria, data handling, and rollback plans. Choose testing modality by risk and objective: Black-box, Gray-box, and White-box.
• Execute/Coordinate:
  Perform targeted tests in-house and manage third-party engagements. Ensure evidence, reproducibility, and clear remediation guidance.
• Standards & Methods:
  Apply NIST SP , PTES, OWASP Testing Guide/ASVS (with AppSec), and map to MITRE ATT&CK for detection-engineering feedback.
• Enterprise Network & Firewall
• Aware Testing: Evaluate controls across NGFW/WAF/IDS/IPS, VPNs, segmentation (VLAN/VRF), egress filtering, DNS/security filtering, NAT, and cloud security groups/NACLs. Validate rulebase hygiene (shadowed rules, any-any, unused/overly permissive objects), attack surface exposure, and bypass paths, provide concrete policy/hardening recommendations.

4) Cloud, Container & Modern Stack Coverage

• Assess cloud (PaaS and SaaS Applications) configurations against CIS Benchmarks and native CSPM findings, integrate container/IaC scanning for infra drift, coordinate with DevSecOps for pipeline gates.

5) SOC/Detection Integration

• Enrich SIEM/XDR with vulnerability context for risk-weighted alerting. Partner with SOC to validate exploitability and to prioritize hardening based on active threats.

Required Qualifications & Skills

• Experience:
  5+ years in
  Vulnerability Management
  and
  Penetration Testing
  across enterprise environments (on-prem + cloud).
• Tooling:
  Admin-level hands-on with ManageEngine/Tenable/Qualys/SentinelOne (or similar), familiarity with EASM tools, practical use of EPSS, CISA KEV, SBOM/CVE workflows.
• Testing:
  Proficiency with common PT tooling (e.g., Burp Suite, Nmap, Responder, BloodHound, Impacket, Kali), safe exploitation, and evidence capture.
• Platforms:
  Strong Windows/Linux, AD, network fundamentals, cloud security (Azure/AWS/GCP), containers/k8s basics.
• Scripting/Automation:
  Python, PowerShell, or Bash for data wrangling and workflow automation.
• Frameworks:
  Working knowledge of NIST CSF/ISO 27001/CIS Controls, OWASP Top 10, MITRE ATT&CK mapping.
• Soft Skills:
  Clear written reporting for exec and technical audiences, stakeholder management, ability to negotiate patch windows and drive closure.

Nice-to-Have Certifications

• PT/Vuln:
  OSCP, eCPPT, GPEN, GXPN, PNPT, eJPT
• Cloud/Sec:
  AZ-500, AWS Security Specialty, GCSA
• VM/Blue:
  GMON, GCDA, or vendor quals (Tenable/Qualys)

Job Summary:

We're seeking an experienced VAPT Engineer with 5+ years of experience in identifying security vulnerabilities and conducting penetration testing on systems, networks, and applications. The ideal candidate will have a strong technical background, excellent analytical skills, and the ability to communicate complex security issues to stakeholders.

Key Responsibilities
:

• Conduct comprehensive vulnerability assessments and penetration testing on systems, networks, and applications

• Identify and analyze security vulnerabilities, and recommend remediation strategies

• Develop and implement customized testing methodologies and tools

• Collaborate with security teams to implement solutions and enhance security systems

• Create detailed reports on findings, methodologies, and recommendations

Required Skills and Qualifications:

-
5+ years
of experience in vulnerability assessment, penetration testing, and cybersecurity

• Strong technical skills in operating systems, networking, and programming languages (e.g., Python, C++)

• Experience with penetration testing tools (e.g., Metasploit, Burp Suite) and frameworks (e.g., OWASP, NIST)

• Excellent analytical and problem-solving skills

• Strong communication and presentation skills

• Relevant certifications (e.g., OSCP, CEH, CISSP)

Nice to Have:

• Experience with cloud security (AWS, Azure, GCP)

• Knowledge of DevOps practices and tools (e.g., Jenkins, Docker)

• Familiarity with security frameworks and regulations (e.g., PCI DSS, HIPAA)

Role - Sr. Penetration Tester

Location: Abu Dhabi, UAE

Mode of work: On-site (Daily)

Qualification:

• Bachelor's degree in Computer Science/Information Technology, or a related field.
• 6+ years in Pen testing
• One of the certifications is mandatory from OSCP, CREST, CRTO, CRTP, and CRT

Required Skills

• Strong communication, presentation and collaboration skills.
• Direct Customer handling experience (Onsite)
• Hands-on experience on conducting thorough assessments of Infrastructure, cloud,
• web/API, and mobile
• Hands-on experience with DevSecOps toolchains:
• SAST (SonarQube, Checkmarx, Fortify)
• DAST (OWASP ZAP, Burp Suite Pro, Netsparker, Tenable)
• SCA (Black Duck, Snyk, WhiteSource)
• Container Security (Aqua, Prisma, Anchore, Trivy)
• Strong knowledge of CI/CD tools: Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions.

Roles & Responsibilities

• We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security
• assessments, identify vulnerabilities, and provide expert recommendations to strengthen one of our customers' security postures. The candidate will be responsible for performing Infra, API/Web,
• Cloud & mobile Penetration Testing.
• The candidate will be deployed onsite at the customer location & will be part of the overall security operations of the customer.

Job Description

• Conducted in-depth web application, mobile (Android & iOS), Cloud and infrastructure assessments to identify vulnerabilities, debugged complex security issues, and guided clients through remediation for improved security posture.
• Specialised in vulnerability assessments using security tools such as Nessus, Burp Suite,
• MobSF, and Metasploit; engineered custom scripts to automate repetitive tasks and streamline testing processes.
• Administered security configurations and assessments on Windows/Linux environments, applying a deep understanding of its security model, Active Directory, and hardening techniques to mitigate potential attack vectors.
• Fortified Linux environments with advanced Bash scripting and automation, enhancing system resilience and reducing manual intervention by optimising security workflows.
• Integrate security-testing tools into CI/CD pipelines (SAST, DAST, SCA, Container Security).
• Automate security checks using DevSecOps practices to ensure early detection of vulnerabilities.
• Collaborate with development and DevOps teams to fix vulnerabilities and implement security best practices.
• Designed and implemented strategies to align security practices with compliance standards,
• standardising processes to ensure continuous improvement and risk management.
• Coordinate with the Application owners in fixing the vulnerabilities

We are seeking an experienced Penetration Tester to join our dynamic IT operations team in Ajman, UAE. In this critical role, you will be responsible for proactively identifying security vulnerabilities in our systems, networks, and applications before they can be exploited. Your expertise will help safeguard Dicetek's digital infrastructure and ensure the highest standards of cybersecurity across all platforms. This is an exciting opportunity to work with a forward-thinking team dedicated to building secure and resilient IT environments.

Perform regular penetration testing on web applications, networks, and systems.
Identify, exploit, and document vulnerabilities with precision and clarity.
Conduct risk assessments and security audits to evaluate existing security controls.
Simulate real-world attacks to test the robustness of current defense mechanisms.
Collaborate with the IT and development teams to remediate vulnerabilities and improve security posture.
Stay updated on the latest security threats, tools, and trends.
Prepare detailed reports and presentations on findings for both technical and non-technical stakeholders.
Ensure compliance with security frameworks and industry regulations.

Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Minimum 6+ years of hands-on experience in penetration testing and vulnerability assessments.
In-depth knowledge of penetration testing methodologies, tools (e.g., Metasploit, Burp Suite, Nessus), and frameworks (e.g., OWASP, PTES).
Experience in ethical hacking, red teaming, and social engineering techniques.
Strong understanding of operating systems, networking protocols, and security architectures.
Relevant certifications such as OSCP, CEH, GPEN, or CISSP are highly desirable.
Excellent analytical, problem-solving, and communication skills.

At Dicetek LLC, we are a global IT solutions and services company committed to delivering technology-driven business innovations that empower enterprises across diverse industries. Headquartered in the UAE with a strong presence across the Middle East and Asia, Dicetek prides itself on its client-centric approach, deep domain expertise, and scalable delivery model. Our mission is to transform businesses by aligning cutting-edge technology with core organizational goals, while upholding values of integrity, innovation, and excellence.

Position: OT Penetration Tester

Location:
Abu Dhabi, United Arab Emirates

Company:
Anxinsec (AB) Technology Co., Limited

About Us

Anxinsec is a globally expanding cybersecurity company driven by AI innovation. Headquartered in Abu Dhabi, we deliver cutting-edge security technologies and professional services to government bodies and enterprises across MENA, APAC, and North America. Our mission is to build secure, resilient digital systems for the modern world.

Role Summary

We are seeking an OT Penetration Tester with hands-on experience in industrial control systems (ICS) security. This role involves performing safe and targeted assessments across OT environments, including SCADA, DCS, PLCs, and legacy infrastructure. Candidates must demonstrate a strong understanding of OT architecture, threat modeling, protocol exploitation, and stakeholder communication.

Key Responsibilities

• Perform vulnerability assessments and penetration testing on OT/ICS environments, including PLCs, RTUs, DCS, and HMIs
• Utilize OT-safe tools and adhere to strict safety standards (e.g., LOTO) to avoid operational disruption
• Analyze OT network architectures (e.g., Purdue Model) and test segmentation between IT/OT zones
• Identify and exploit vulnerabilities in OT protocols (Modbus, DNP3, S7comm, OPC UA) and embedded firmware
• Collaborate with control system engineers to define secure test scopes and operational constraints
• Translate technical findings into business and operational risks; provide mitigation recommendations
• Align assessments with standards such as IEC 62443, NIST SP800-82, and ISO 27001 for OT
• Document results with clear and actionable technical reports for both engineering and executive audiences

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Electrical Engineering, or related field
• 3+ years of experience in OT security assessment, ICS penetration testing, or critical infrastructure defense
• Deep knowledge of ICS components (PLCs, RTUs, HMIs), architectures (Purdue Model), and network protocols
• Proficiency with tools like Wireshark (OT dissectors), , Metasploit (with caution), GRFICS
• Familiarity with LOTO, MOC, and safety processes for industrial environments
• Excellent communication skills and ability to work with plant operators and cybersecurity teams
• High sense of responsibility when handling production environments

Preferred Certifications

• OT-Specific: GICSP, GRID, ICS410, ISA/IEC 62443
• General: OSCP, CEH, Pentest+, CCNA (Industrial optional)

Bonus Points

• Hands-on experience with WirelessHART, ISA100, LoRaWAN
• Scripting experience in Python/PowerShell tailored for ICS
• Incident response or physical security experience in OT environments
• Research or publications in OT threat analysis or protocol fuzzing

What We Offer

• Standard insurance & benefits plan
• Performance-linked year-end bonus
• Work visa support for UAE area
• Opportunity to work on critical national infrastructure projects
• Diverse and highly technical global team culture
• Career development through participation in top-tier security projects

The organization is currently seeking a Senior Penetration Tester to join their team and strengthen its offensive security capabilities.

Halian Group:
With over 28 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.

Our resourcing and smart services help you to realize tomorrow's potential. Discover the amazing things possible when you bring the right people and the right technologies together.

At Halian, we recognize that diversity, equity, and inclusion (DEI) are essential to building high-performing teams for our clients. We are committed to connecting organizations with top talent from all backgrounds, ensuring that every individual feels valued, respected, and empowered to contribute their unique perspectives. We encourage applications from all qualified candidates, regardless of race, gender, disability, or any other characteristic that makes them unique. By fostering diverse and inclusive workplaces, we help our clients drive innovation, enhance collaboration, and better reflect the communities they serve.

Senior Penetration Tester in Dubai, United Arab Emirates

Job Title::

===

Penetration Tester / Ethical Hacker x3

Job Location: - - Multiple Locations

===

Dubai - UAE

Riyadh - Saudi Arabia

Muscat - Oman

Doha - Qatar

positions : 03

Salary per month:

===

10K AED - 15K AED --- Depending on Experience

Project duration:

2 Years, Extendable

Gulf - Work permit/visa/travel will be sponsored by the company

Experience needed:

5 - 8 Years or above

Job Description:

We are looking for highly skilled and experienced Penetration Testers to join our cybersecurity team. You will be responsible for planning, designing, and executing penetration tests to uncover vulnerabilities across web, mobile, and infrastructure environments.

Key Responsibilities

• Plan, design, and execute penetration tests to identify vulnerabilities in systems, networks, and applications using authorized, ethical hacking methods
• Use a variety of tools and techniques, including vulnerability scanning and social engineering, to find weaknesses in security
• Advise clients on security best practices and help implement solutions to enhance the overall security posture of the experience with various penetration testing and vulnerability assessment tools.
• Identify and exploit weaknesses before real attackers can, making the organization more resilient to breaches
• Responsible for scoping and conducting penetration tests on various technologies, including online, mobile, and infrastructure3.

Required Skills

• Testers with scripting and coding skills save time on evaluations
• Strong Operating System Understanding: Penetration testers must have extensive knowledge of the operating systems they analyze
• Penetration testers must understand networking protocols such as TCP/IP, UDP, ARP, DNS, and DHCP to investigate hackers and cybercriminals effectively
• Familiarity with OWASP Top 10, MITRE ATT&CK framework, and CVE exploitation
• Certifications like OSCP, CEH, GPEN, or similar are a plus

Business Verticals:

===

Oil and Gas

Petro Chemicals Industries

Banking and Financial services

Capital Markets

Telecom

Automotive

Healthcare

Logistics / Supply Chain

Job Ref Code:

PT_1025

Email:

===

If you are interested, please email your CV as ATTACHMENT with

job ref. code ( PT_1025 ) as subject.