Pen TesterSecurity Tester

About Xebia

Xebia is a trusted advisor in the modern era of digital transformation serving hundreds of leading brands worldwide with end-to-end IT solutions. The company has experts specializing in technology consulting software engineering AI digital products and platforms data cloud intelligent automation agile transformation and industry digitization. In addition to providing high-quality digital consulting and state-of-the-art software development Xebia has a host of standardized solutions that substantially reduce the time-to-market for businesses.

Xebia also offers a diverse portfolio of training courses to help support forward-thinking organizations as they look to upskill and educate their workforce to capitalize on the latest digital capabilities. The company has a strong presence across 16 countries with development centres across the US Latin America Western Europe Poland the Nordics the Middle East and Asia Pacific.

Key Responsibilities

Penetration Testing (Primary Focus):

• Perform manual and automated penetration testing on web applications APIs infrastructure and cloud-hosted environments.
• Conduct red team/purple team exercises to simulate advanced threat actor behavior using frameworks like MITRE ATT&CK.
• Identify security flaws misconfigurations and business logic vulnerabilities across hybrid and cloud environments.
• Use tools such as Burp Suite Nmap Metasploit Cobalt Strike and custom scripts to simulate attacks.
• Provide detailed reports with risk ratings technical impact and remediation recommendations.
• Collaborate with DevOps and application teams to validate reproduce and remediate identified issues.
• Continuously research and adopt emerging offensive techniques vulnerabilities and toolsets.

Cloud Security (Secondary but Required):

• Assess cloud environments (Azure AWS GCP) for security weaknesses including exposed services misconfigured IAM and insecure storage.
• Assist in secure design reviews and threat modeling for cloud-native workloads.
• Use tools like Microsoft Defender for Cloud Prisma Cloud Wiz or ScoutSuite to identify misconfigurations.
• Automate detection of insecure infrastructure via Infrastructure-as-Code (Terraform Bicep etc.).
• Support incident response activities related to cloud-based threats and unauthorized access.

Compliance and Governance Support:

• Understand and apply security testing methods aligned with:
  • HIPAA (for healthcare application testing)
  • PCI-DSS (for applications storing/processing cardholder data) and
  • NESA (UAE-specific cybersecurity baseline).
• Participate in security audits and assessments by providing technical evidence and findings.
• Maintain documentation for vulnerability management security testing scope and remediation tracking.

Required Skills and Experience

• 2 years of hands-on experience in penetration testing and offensive security engagements.
• Deep understanding of application security testing OWASP Top 10 and real-world exploit techniques.
• Experience testing cloud workloads (Azure AWS or GCP) from an attackers perspective.
• Familiarity with red/purple teaming lateral movement privilege escalation and post-exploitation techniques.
• Strong proficiency with tools like Burp Suite Pro Nmap Metasploit Cobalt Strike etc.
• Scripting experience with Python PowerShell or Bash to develop custom tools and automate testing.
• Exposure to SIEM CSPM and EDR platforms for identifying and responding to test detections.

Preferred Certifications (Offensive & Cloud Focused)

• Penetration Testing / Offensive Security:
  • OSCP (Offensive Security Certified Professional)
  • OSEP / OSCE / GPEN / GWAPT / CRTO
  • CEH (Certified Ethical Hacker practical)
• Cloud Security (Supplementary):
  • Microsoft Certified: Azure Security Engineer Associate
  • AWS Certified Security Specialty
  • Google Cloud Professional Security Engineer
• Compliance (Optional but Useful):
  • CISSP CCSP or CISM
  • Certified HIPAA Professional (CHP) PCI ISA
  • Familiarity with UAEs NESA compliance standards

Some useful links:

Xebia Creating Digital Leaders.