Cybersecurity Vulnerability & Testing Officer

Job Summary

Support the execution of vulnerability assessments and penetration testing activities across Emirates Group enterprise web, mobile, and thick-client applications. Assist in identifying, validating, and documenting security weaknesses, such as authentication flaws, business logic errors, and emerging threats under the guidance of senior analysts. Contribute to the development of internal automation frameworks, collaborate with technical teams to communicate findings, and help drive remediation efforts to improve the organization’ s overall security posture.

In this role, you will:

• Support the preparation and execution of vulnerability assessments and penetration tests on internal and external web, mobile, and thick-client applications, using both automated tools and manual testing techniques to identify and validate security weaknesses.
• Analyse and document security findings, including critical vulnerabilities such as authentication bypasses, race conditions, payment logic flaws, and AI-related risks, ensuring clear communication of technical details and remediation guidance to relevant stakeholders.
• Support the development and maintenance of internal automation frameworks and custom scripts to enhance the efficiency and coverage of vulnerability discovery and reporting processes
• Collaborate with IT, development, and assurance teams to track the remediation of identified vulnerabilities, provide clarifications when needed, and promote best practices in application and infrastructure security
• Stay current with industry trends and emerging threats by participating in continuous learning, researching new attack techniques, and contributing to team knowledge sharing and process improvement initiatives.

Qualification

To be considered for the role, you must meet the below requirements:

Qualifications & Experience:

• Degree in a relevant IT subject, preferably a Bachelor’s degree in Computer Science, Engineering, or an equivalent IT related discipline or equivalent experience. Experience in cybersecurity assurance or related field (Information Technology experience 3+ years).

Knowledge/skills:

• Strong understanding of penetration testing principles, methodologies, and tools for web, mobile, and thick-client applications.
• Proficiency in identifying and validating application vulnerabilities such as authentication bypasses, race conditions, payment logic flaws, SQL injection, and AI-related security risks.
• Familiarity with industry security frameworks and standards (e.g., ISO/IEC 27001, NIST, OWASP Top 10).
• Hands-on experience with vulnerability assessment tools and manual testing techniques, as well as basic scripting (Python, Bash, or PowerShell) to support automation and analysis.
• Ability to analyse, document, and communicate technical findings clearly to both technical and non-technical stakeholders, including preparing detailed reports and remediation guidance.
• Knowledge of network security concepts, protocols, and architecture, including how traffic flows and potential attack vectors.
• Awareness of current and emerging cyber threats, attack techniques, and trends in offensive security.
• Strong analytical thinking, attention to detail, problem-solving skills, and a commitment to continuous learning and professional development.