Senior Penetration Tester

About us:

Soar is a global fintech startup that specializes in financing and investment. Currently headquartered in Saudi Arabia, Soar is growing throughout the region with a mission to help people achieve their financial goals with innovative financial and property investment solutions and tools through its multi-purpose platform, designed to offer a simple and seamless user experience.

Role Summary:

We are seeking a highly skilled and motivated Senior Penetration Tester to join our growing security team. In this critical role, you will be responsible for proactively identifying and mitigating security vulnerabilities across our innovative fintech platform. You will conduct advanced penetration tests on our web applications, mobile apps, and cloud infrastructure, working closely with our development and operations teams to embed security into the core of our products and protect our customers' sensitive financial data. 🛡️

Key responsibilities:

• Lead and execute comprehensive penetration tests and security assessments across Soar's web applications, mobile platforms (iOS/Android), APIs, and cloud infrastructure (AWS/Azure).
• Analyze findings, document vulnerabilities with clear, actionable recommendations, and prepare detailed technical reports for both technical and executive stakeholders.
• Collaborate with development teams to validate and remediate identified vulnerabilities, providing expert guidance to ensure secure coding practices are implemented throughout the software development lifecycle (SDLC).
• Develop and enhance the penetration testing program by creating custom scripts, tools, and methodologies to simulate advanced persistent threats (APTs) and sophisticated attack scenarios.
  

Qualifications & Skills:

• 5+ years of hands-on experience in penetration testing, with a strong focus on web application and mobile security.
• Proficiency with common security assessment tools (e.g., Burp Suite Pro, Metasploit, Nmap, Wireshark) and a deep understanding of the OWASP Top 10 vulnerabilities.
• Relevant industry certifications such as OSCP, OSCE, GWAPT, or GPEN.
• Experience assessing security in cloud environments (AWS, Azure, or GCP).
• Excellent communication skills with the ability to articulate complex technical security issues to a diverse audience.
  

Desirable skills:

• Familiarity with the SAMA Cyber Security Framework and other regulatory requirements relevant to the financial sector in Saudi Arabia.
• Experience with secure code review or proficiency in a scripting language like Python, PowerShell, or Bash.