Sr. Penetration Tester

We are seeking a highly skilled Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will perform complex security assessments, across infrastructure, applications, and cloud environments for internal as well as external clients. The ideal candidate will simulate real-world cyber-attacks to identify exploits/vulnerabilities and generate a report with those findings to share with internal team as well external clients. This role requires deep technical expertise, strong communication skills, and the ability to mentor junior team members.

KEY ACCOUNTABILITIES:

1: Capability Development

• Support the organization’s cybersecurity strategy by identifying emerging threats, attack trends, and vulnerabilities across web, mobile, network, and cloud environments.
• Contribute to the development and enhancement of penetration testing methodologies, frameworks, and security standards.
• Provide strategic insights to leadership on improving the organization’s overall security posture.
• Align penetration testing activities with risk-management priorities and business objectives.
• Participate in security architecture discussions to ensure new systems and applications are designed securely.
• Establish testing standards, methodologies, and quality frameworks mapped to NIST, OWASP, PTES, and ISO 27001.
• Build and mature red teaming, adversary simulation, and purple teaming program..
• Lead adoption of continuous and autonomous penetration testing capabilities to improve coverage and efficiency.
• Define KPIs, SLAs, and ROI metrics for penetration testing within managed security services.
• Contribute to SOC detection engineering improvement by validating controls through offensive simulations. 2: Functional

• Perform penetration testing across multiple domains:
• Web applications
• Mobile applications (Android/iOS)
• Internal and external networks
• Wireless networks
• APIs and cloud services
• Source Code Review
• Red Teaming / Purple Teaming
• Table Top exercise
• Conduct vulnerability assessments and exploit validation using industry-standard tools and manual techniques.
• Identify security weaknesses, misconfigurations, insecure coding practices, and potential attack paths.
• Prepare detailed technical reports with findings, risk ratings, and actionable remediation recommendations.
• Validate fixes and perform re-testing to ensure vulnerabilities are properly addressed.
• Support incident response teams with exploitation insights and threat-actor simulation knowledge. 3: Operations

• Plan, execute, and document penetration testing engagements in accordance with approved scopes and timelines.
• Ensure all testing activities follow internal policies, legal guidelines, and ethical standards.
• Coordinate with application owners, infrastructure teams, and project managers to schedule testing windows.
• Maintain accurate logs, evidence, and documentation for audit and compliance purposes.
• Assist in continuous improvement of security tools, processes, and automation for testing workflows.
• Track remediation progress and collaborate with stakeholders to ensure timely closure of vulnerabilities. 4: People

• Collaborate effectively with cross-functional teams including development, infrastructure, SOC, and compliance teams.
• Provide guidance and mentorship to junior penetration testers or security analysts.
• Conduct knowledge-sharing sessions, workshops, or awareness programs on secure coding and common vulnerabilities.
• Communicate complex technical issues in a clear, understandable manner to both technical and non-technical audiences.
• Foster a culture of security awareness and proactive risk management across the organization. 5: Confidentiality

• Confidentiality: Ensure non-disclosure of confidential information to anyone within or outside the Authority, during or after employment at Moro.
• Safety: Follow and adhere to the QH&S Management System Manual as per the Data Hub's safety standards6: Business Strategy

• Ensure penetration testing activities support business continuity, regulatory compliance, and customer trust.
• Provide insights that help reduce business risk and strengthen resilience against cyber threats.
• Contribute to cost-effective security improvements by prioritizing vulnerabilities based on business impact.
• Support audit, compliance, and certification efforts (ISO 27001, PCI DSS, etc.) by providing testing evidence and reports.
• Help the organization maintain a strong security posture that aligns with its long-term business goals. Requirements

QUALIFICATIONS, EXPERIENCE & SKILLS:

Qualifications:

• Bachelor’s degree in computer science, Cybersecurity, Information Security, or a related field.
• Advanced certifications preferred:
• OffSec - OSEP (Experienced Penetration tester)
• OffSec - OSWE (Web Expert)
• OffSec - OSCP (Offensive Security Certified Professional)
• CREST- CCT INF (Infrastructure)
• CREST- CCT APP (Applications)
• CRT (CREST Registered Tester).
• CEH (Practical) – Certified Ethical Hacker
• EC-Council: LPT (Master) or
• EC-Council: ECSA (Certified Security Analyst)
• Additional cloud or security certifications are a plus (e.g., AWS Security, Azure Security, CISSP). Experience:

8 -10 years of hands-on penetration testing experience in enterprise environments.

Language Fluency:

• Fluent in English (spoken and written) — essential for client communication and reporting.
• Arabic proficiency is an advantage, especially for UAE government and semi-government clients.
Job-Specific Skills:

• Strong expertise in web, mobile, network, API, and cloud penetration testing
• Advanced manual exploitation skills beyond automated tools
• Deep understanding of OWASP, PTES, MITRE ATT&CK, and secure coding principles
• Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF
• Ability to write custom scripts (Python, Bash, PowerShell) for automation and exploitation
• Strong vulnerability assessment, exploitation, and reporting capabilities
• Experience conducting red team or adversary simulation exercises
• Ability to review and assess security architecture and identify attack paths
• Strong documentation and client-facing communication skills
• Ability to lead engagements and mentor junior testersBehavioral:

• Strong analytical and problem-solving ability
• Clear and confident communication
• High attention to detail
• Client-focused mindset
• Team collaboration and leadership
• Professionalism and integrity
• Ability to work under pressure
• Effective time management
Technical:

• Advanced penetration testing expertise (web, internal, external, mobile, network, cloud, API etc.)
• Strong manual exploitation skills
• Deep understanding of OWASP, PTES, MITRE ATT&CK
• Proficiency with tools (Burp Suite, Metasploit, Nmap, Wireshark, Nessus, MobSF)
• Scripting skills (Python, Bash, PowerShell)
• Strong vulnerability assessment and reporting skills
• Knowledge of secure coding and common attack vectors
• Ability to lead and review complex PT engagements