Senior Specialist - Penetration Testing (Core42)

We are seeking an experienced and highly motivated Specialist Penetration Tester / Red Teamer to join our dynamic RedTeam. The ideal candidate will be responsible for conducting comprehensive penetration testing and red teaming activities to ensure the security and resilience of our infrastructure, applications, and networks. This role involves not only identifying vulnerabilities but also working collaboratively with the internal security team to implement effective remediation strategies.

Location: Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates
Work Conditions: On-site, Full-time

Responsibilities:

• Red Team Operations & Penetration Testing: Perform proactive red teaming and penetration testing exercises on both internal and external assets to assess and improve security posture.
• OSINT & Threat Intelligence: Gather information about our environment and threat landscape using open source/commercial tools and intelligence feeds.
• Application Security: Conduct in-depth penetration tests on web and mobile applications, including manual exploitation and automated scans. Provide detailed insights into vulnerabilities found, along with prioritized recommendations.
• Source Code Reviews: Perform manual and automated source code reviews to identify security weaknesses, working closely with developers to remediate.
• Wireless & IoT Security Assessments: Evaluate and secure wireless networks and IoT devices through comprehensive testing and configuration review.
• Vulnerability Management: Support the existing vulnerability management program by identifying, prioritizing, and coordinating remediation of vulnerabilities across all organizational assets.
• Infrastructure & Server Hardening: Implement hardening measures in line with industry standards, ensuring all infrastructure components (e.g., servers, firewalls, databases) meet the organization's security baseline.
• Network & Ruleset Configuration Reviews: Conduct regular reviews of network and security device configurations (e.g., firewalls, VPNs) and rulesets to ensure best practices are followed.
• Active Directory Assessments: Perform detailed assessments of Azure cloud/On-Prem Active Directory configurations, identifying potential weaknesses or attack paths, and recommending effective countermeasures.
• Documentation & Reporting: Develop comprehensive documentation for each assessment, including test plans, methodologies, findings, and detailed remediation steps.
• Collaboration & Security Awareness: Collaborate with cross-functional teams to understand risk, share knowledge, and enhance security awareness within the organization.

Qualifications:

• Educational Background: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Certifications: Preferred certifications such as OSCP, OSCE, CRTP, CREST, CISSP, GWAPT, or equivalent.
• Technical Expertise: Demonstrated experience with manual penetration testing methodologies and red teaming tactics. Strong command of industry-standard tools like Burp Suite, Metasploit, Nmap, Kali Linux, Bloodhound, etc.
• Experience in Diverse Assessments: Proven track record of conducting various assessments including network, infrastructure, web, mobile, wireless, IoT, containers, and K8s.
• Programming Skills: Proficiency in scripting languages (Python, PowerShell, Bash, etc.) for tool development, automation, and customization.
• Communication Skills: Exceptional communication skills with the ability to convey technical findings clearly to both technical and non-technical stakeholders.
• Team Player: A proactive mindset with a collaborative approach to working across the organization to improve security.