Pen Tester/Security Tester

About Xebia

Xebia is a trusted advisor in the modern era of digital transformation, serving hundreds of leading brands worldwide with end-to-end IT solutions. The company has experts specializing in technology consulting, software engineering, AI, digital products and platforms, data, cloud, intelligent automation, agile transformation, and industry digitization. In addition to providing high-quality digital consulting and state-of-the-art software development, Xebia has a host of standardized solutions that substantially reduce the time-to-market for businesses.

Xebia also offers a diverse portfolio of training courses to help support forward-thinking organizations as they look to upskill and educate their workforce to capitalize on the latest digital capabilities. The company has a strong presence across 16 countries with development centres across the US, Latin America, Western Europe, Poland, the Nordics, the Middle East, and Asia Pacific.

Key Responsibilities
Penetration Testing (Primary Focus):

• Perform manual and automated penetration testing on web applications, APIs, infrastructure, and cloud-hosted environments.
• Conduct red team/purple team exercises to simulate advanced threat actor behavior using frameworks like MITRE ATT&CK.
• Identify security flaws, misconfigurations, and business logic vulnerabilities across hybrid and cloud environments.
• Use tools such as Burp Suite, Nmap, Metasploit, Cobalt Strike, and custom scripts to simulate attacks.
• Provide detailed reports with risk ratings, technical impact, and remediation recommendations.
• Collaborate with DevOps and application teams to validate, reproduce, and remediate identified issues.
• Continuously research and adopt emerging offensive techniques, vulnerabilities, and toolsets.

Cloud Security (Secondary but Required):

• Assess cloud environments (Azure, AWS, GCP) for security weaknesses, including exposed services, misconfigured IAM, and insecure storage.
• Assist in secure design reviews and threat modeling for cloud-native workloads.
• Use tools like Microsoft Defender for Cloud, Prisma Cloud, Wiz, or ScoutSuite to identify misconfigurations.
• Automate detection of insecure infrastructure via Infrastructure-as-Code (Terraform, Bicep, etc.).
• Support incident response activities related to cloud-based threats and unauthorized access.

Compliance and Governance Support:

• Understand and apply security testing methods aligned with:
  • HIPAA (for healthcare application testing),
  • PCI-DSS (for applications storing/processing cardholder data), and
  • NESA (UAE-specific cybersecurity baseline).
• Participate in security audits and assessments by providing technical evidence and findings.
• Maintain documentation for vulnerability management, security testing scope, and remediation tracking.

Required Skills and Experience

• 2+ years of hands-on experience in penetration testing and offensive security engagements.
• Deep understanding of application security testing, OWASP Top 10, and real-world exploit techniques.
• Experience testing cloud workloads (Azure, AWS, or GCP) from an attacker's perspective.
• Familiarity with red/purple teaming, lateral movement, privilege escalation, and post-exploitation techniques.
• Strong proficiency with tools like Burp Suite Pro, Nmap, Metasploit, Cobalt Strike, etc.
• Scripting experience with Python, PowerShell, or Bash to develop custom tools and automate testing.
• Exposure to SIEM, CSPM, and EDR platforms for identifying and responding to test detections.

Preferred Certifications (Offensive & Cloud Focused)

• Penetration Testing / Offensive Security:
  • OSCP (Offensive Security Certified Professional)
  • OSEP / OSCE / GPEN / GWAPT / CRTO
  • CEH (Certified Ethical Hacker – practical)
• Cloud Security (Supplementary):
  • Microsoft Certified: Azure Security Engineer Associate
  • AWS Certified Security – Specialty
  • Google Cloud Professional Security Engineer
• Compliance (Optional but Useful):
  • CISSP, CCSP, or CISM
  • Certified HIPAA Professional (CHP), PCI ISA
  • Familiarity with UAE's NESA compliance standards

Some useful links:

Xebia | Creating Digital Leaders.

---