Cyber Security Engineer (Mobile App • Admin Panel • Backend & API – Trading Apps)

Job Title: Cyber Security Engineer (Mobile & Web Trading Apps)

Location: Dubai, UAE

Employment Type: Full-time / On-site

Experience: 3–6 years

We are looking for a Cyber Security Engineer to help secure our mobile trading apps, admin panel, backend services, and APIs.

The ideal candidate will have deep knowledge of ethical hacking, fintech app security, and experience testing real-world trading and payment flows.

Key Responsibilities

• Mobile App Security (Android/iOS)
• Perform VAPT for mobile trading applications.
• Test for jailbreak/root bypass, insecure storage, SSL pinning bypass.
• Identify insecure API usage, data leaks, weak authentication, and session flaws.

Admin Panel / Web Application Security

• Perform penetration testing on admin panel and web dashboards.
• Identify vulnerabilities such as privilege escalation, weak access controls, and session hijacking.
• Test business logic flows for fraud, unauthorized actions, and workflow manipulation.

Backend & API Security

• Test backend services and APIs for unauthorized access, broken authentication, and parameter tampering.
• Check for missing rate limits, replay attacks, injection flaws, and insecure configurations.
• Validate transaction integrity, trade execution logic, and wallet operations.

Trading Platform Security

• Test trading-specific flows for:
• Order manipulation
• Replay attacks
• Race conditions
• Incorrect settlement issues
• Evaluate fraud and abuse scenarios including bots, fake orders, and automation attacks.

General Security Responsibilities

• Conduct manual and automated penetration testing.
• Review code/configuration for encryption, authentication, and secure communication.
• Validate encryption at rest/in transit and key management (HSM/KMS).
• Prepare detailed vulnerability reports with severity and recommendations.
• Work closely with development, QA, and backend teams for secure fixes.
• Ensure compliance with OWASP, ISO 27001, secure coding, and fintech security standards.
• Verify security logging, monitoring, and alerting for suspicious activities.
• Stay updated on latest hacking tools and threat trends for mobile, web, and backend systems.

Required Skills

• Strong understanding of mobile app security, admin panel/web security, and backend/API security.
• Hands-on experience with Burp Suite, ZAP, Postman, Nmap, MobSF, Frida, or similar tools.
• Good understanding of OWASP Top 10, Mobile Top 10, API Security Top 10, SAST/DAST.
• Experience with trading, wallet, and payment flows.
• Knowledge of replay attacks, race conditions, spoofing, injection, and logic flaws.
• Familiar with cryptography and HSM/KMS key management.
• Experience with anti-bot, rate limits, and session management.
• Strong communication and reporting skills.
• Fintech or banking experience is highly preferred.

Qualifications

• Location: Dubai, UAE
• Employment Type: Full-time / On-site
• Experience: 3–6 years

Job Type: Full-time

Pay: AED4,000.00 - AED6,000.00 per month