Cyber Security Engineer

Job Title: Cyber Security Engineer (Mobile & Web Trading Apps)

Location: Dubai, UAE

Employment Type: Full-time / On-site

Experience: 3–6 years

We are looking for a Cyber Security Engineer to help secure our mobile and web trading applications.

The ideal candidate will have deep knowledge of ethical hacking, fintech app security, and experience testing real-world trading and payment flows.

Key Responsibilities

Perform security testing (VAPT) for mobile and web trading applications

Identify and fix vulnerabilities such as data leaks, weak authentication, and insecure APIs

Conduct manual and automated penetration testing including business logic and workflow attacks

Test trading-specific flows for issues like order manipulation, replay attacks, race conditions, and incorrect settlements

Test API endpoints for unauthorized access, missing rate limits, and parameter tampering

Test mobile apps for jailbreak/root bypass, insecure data storage, and certificate pinning bypass

Review code and configurations for encryption, authentication, and transaction logic risks

Validate transaction integrity and secure wallet operations

Prepare clear, detailed security reports with risk levels and actionable recommendations

Collaborate with developers, QA, and backend teams to ensure secure fixes

Ensure compliance with secure coding practices, OWASP, ISO 27001, and fintech data protection standards

Test for fraud and abuse scenarios including bot automation, fake orders, and session hijacking

Validate key management, encryption (in transit & at rest), and use of HSM or cloud key vaults

Verify logging and alerting for suspicious transactions and security incidents

Stay updated on latest hacking tools, mobile/web attack trends, and financial app threats

Required Skills

Strong understanding of mobile (Android/iOS) and web app security

Hands-on with Burp Suite, ZAP, Postman, Nmap, MobSF, Frida, or similar tools

Good understanding of OWASP Top 10, API security, SAST/DAST, and vulnerability analysis

Experience testing trading, wallet, and payment flows

Knowledge of attacks like replay, race condition, spoofing, and injection

Familiar with cryptography and key management (HSM/KMS)

Experience with anti-bot, rate-limiting, and session management controls

Strong report writing and communication skills

Team player who collaborates well with developers and testers

Experience in fintech or banking is highly preferred

Qualifications

Bachelor’s or Master’s in Computer Science, IT, or Cybersecurity

Certifications: CEH, OSCP, ISO 27001, or equivalent preferred

3+ years of experience in penetration testing and application security

Based in UAE

Job Type: Full-time

Pay: AED5,000.00 - AED7,000.00 per month