Avrioc Technologies is seeking a Penetration Tester to perform full-scope red team assessments targeting application frontends, APIs, and mobile backends using advanced offensive techniques. Responsibilities include conducting deep-dive Android and iOS mobile app pentesting, including dynamic analysis, reverse engineering, and mobile API abuse. You will simulate sophisticated attacker behavior to test and bypass authentication, authorization, encryption, and session management controls. The role involves executing manual and chained exploitations across mobile apps (Android/iOS), APIs (REST/GraphQL), and web apps using OWASP Top 10, API Security Top 10, and MASVS guidelines.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Key tasks include developing custom scripts, payloads, and exploits to bypass WAFs, EDRs, and behavioral analytics tools, as well as exploiting application logic flaws and insecure data storage. You will perform system penetration testing on various platforms including Windows, Linux, and network devices, and collaborate with threat intel and detection teams to emulate threat actor TTPs mapped to MITRE ATT&CK (Enterprise & Mobile). After each red team engagement, you will provide detailed reporting with kill chains, PoCs, and mitigation strategies, simulating advanced persistent threats (APTs) and other sophisticated attack scenarios, while maintaining offensive tooling and environments for mobile app and API security assessments.
Experience Requirements: Familiarity with OWASP Testing Guide v3 / 4 and OWASP TOP 10, knowledge of securing APIs, and experience in Web & Mobile applications, micro-services, and common vulnerabilities are essential. You should have an understanding of compliance standards such as PCI-DSS, GDPR, ISO27001 concerning mobile, web app, infra, and API security, along with strong programming or scripting skills for analyzing and exploiting vulnerabilities. Proficient written and verbal communication skills are necessary for collaboration with multiple teams and stakeholders, and familiarity with Jira and Confluence or similar tools is preferred. Candidates must hold at least one recognized security certification such as CEH, eMAPT, OSCP, or eWPT.
Common Responsibilities: Comply with Avrioc’s Information Security and Information Service Management policies, procedures, and standards. You are expected to maintain confidentiality and integrity of information, attend mandatory Information Security training, and report information security incidents through Avrioc’s established incident reporting channel.
Location: Abu Dhabi Emirate, United Arab Emirates
Job Type: On-site, Full-time
Language Requirements: Not specified.
