qcs2026

Application Security & Penetration Tester

Application Security & Penetration Tester

Apply

Closing Date: December 26, 2025

Location: Qatar-Doha (Work from Office OR Client Location, Sunday to Thursday) 

Experience Level: Mid-Senior (Minimum 10 Years) 

Job Type: Full-Time 

Department: Cyber Security / Information Security / MSSP 

About the Role

The ideal candidate  

We’re seeking a highly skilled and certified Application Security and Penetration Tester to join our cybersecurity team. Will be responsible for ensuring the security of applications across the development lifecycle, identifying vulnerabilities, and working closely with development and operations teams to implement secure coding practices and remediation strategies. This role demands a deep understanding of security assessment methodologies, enterprise IT environments, and the ability to communicate effectively with technical and non-technical stakeholders. 

Key Responsibilities

Application security Responsibilities: 

Perform security assessments and code reviews for web, mobile, and standalone applications. 

Integrate security into the Software Development Life Cycle (SDLC) and DevSecOps pipelines. 

Perform SAST, DAST, SCA, IaC Security. 

Collaborate with development teams to implement secure coding practices and threat modeling. 

Conduct vulnerability assessments using automated tools and manual techniques. 

Develop and maintain application security standards, policies, and best practices. 

Stay current with emerging threats, vulnerabilities, and security technologies. 

Provide guidance and training to developers and stakeholders on application security topics. 

Participate in incident response and root cause analysis for application related security events. 

Penetration Testing Responsibilities: 

Conduct comprehensive penetration tests on: 

  • Enterprise infrastructure (internal/external) 
  • Web applications (black-box, grey-box, white-box) 
  • Standalone and thick client applications 
  • Mobile applications (iOS and Android) 
  • Wireless infrastructure/devices testing 
  • Perform threat modeling, vulnerability assessments, and exploit development. 
  • Utilize both commercial (e.g., Veracode, Checkmarx, Synopsys) and open-source tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux, etc.). 
  • Develop detailed reports with risk ratings, technical findings, and actionable remediation guidance. 
  • Collaborate with IT, network, and application teams to validate findings and support remediation efforts. 
  • Stay current with emerging threats, vulnerabilities, and industry trends. 
  • Participate in red team/blue team exercises and security architecture reviews. 
  • Must-have professional documentation and executive reporting skills. 
  • Must submit report on methodology of attack, detailed report of attack execution, detailed action plan for fix, recommendations on mitigations, controls. 

Required Qualifications

Minimum 10 years of experience in penetration testing and application security. Proven expertise in: 

  • Enterprise infrastructure penetration testing 
  • Web and mobile application security testing 
  • Standalone/thick-client application testing 
  • Strong understanding of OWASP Top 10, MITRE ATT&CK, and secure SDLC. 
  • Proficiency with scripting and automation (Python, Bash, PowerShell, etc.). 
  • Strong understanding of: 
  • OWASP Top 10 and CWE/SANS Top 25 
  • Secure coding practices in languages such as Java, .NET, Python, JavaScript, etc. 
  • Application architecture and common vulnerabilities 
  • Experience with tools such as: 
  • Static and Dynamic Application Security Testing (SAST/DAST) 
  • Software Composition Analysis (SCA) 
  • Burp Suite, ZAP, Fortify, Checkmarx, Veracode, etc. 
  • Familiarity with CI/CD tools and integrating security into DevOps workflows. 
  • Excellent communication skills with the ability to explain technical issues to non-technical stakeholders. 
  • Solid understanding of enterprise IT, networking, and application architectures. 

Certifications (Required)

Candidates must hold at least two or more of the following industry-recognized certifications: 

  • OSCP (Offensive Security Certified Professional) (Active) 
  • CISSP, CSSLP, or other relevant credentials 
  • SANS GIAC Certifications such as: 
  • GPEN (Penetration Tester) 
  • GWAPT (Web App Pen Tester) 
  • GCPN (Cloud Pen Tester) 
  • GMOB (Mobile Device Security Analyst) 
  • GDAT (Defending Advanced Threats) 
  • GXPN (Exploit Researcher and Advanced Pen Tester) 
  • GAWN (Wireless Networks Pen Tester) 
  • GRTP (Red Team Professional) 
  • GMOB (Mobile Device Security Analyst) 
  • GSSP (Secure Software Programmer) 

Preferred Skills

  • Experience with cloud native application security (AWS, Azure, GCP). 
  • Knowledge of container security (Docker, Kubernetes). 
  • Familiarity with threat modeling frameworks (e.g., STRIDE, DREAD). 
  • Experience in Agile and DevSecOps environments. 
  • Experience with CI/CD pipeline security. 
  • Familiarity with cloud platforms (AWS, Azure, GCP) and their security models. 
  • Knowledge of regulatory frameworks (e.g., PCI-DSS, HIPAA, GDPR). 
  • Experience in red teaming or adversary emulation. 

Why Join Us? 

  • Work with a team of elite cybersecurity professionals. 
  • Access to cutting edge tools and technologies. 
  • Opportunities for continuous learning and certification support. 
  • Competitive compensation and benefits. 

Apply Now to be part of a mission-driven team securing critical systems and applications.