Role & seniority: Senior Security Assessment / Security Consultant (5+ years hands-on experience)

Stack/tools: Web/mobile/web APIs; cloud-native environments (AWS, GCP); API security; IAM; static/dynamic analysis; security testing tools; automation scripts (Python, Bash)

Top 3 responsibilities

Lead and conduct detailed security validation across COTS, custom apps, and cloud-hosted infrastructure
Execute risk assessments focusing on APIs and IAM to ensure robust controls; develop attack narratives with business impact
Document assessment outcomes with objective evidence, actionable recommendations, and strategies to raise security maturity

Must-have skills

5+ years in security assessment, evaluation, or risk analysis
Deep expertise in safeguarding web-facing apps and understanding common weaknesses and advanced attack vectors
Experience with static/dynamic analysis, data protection, secure communication, and obfuscation techniques
Working knowledge of securing AWS or GCP environments (access controls, configurations, storage security)
Proficiency with security testing tools and scripting for automation (Python, Bash)
Investigative mindset and ability to connect gaps into systemic risks

Nice-to-haves

Experience in client-side hardening, server integrity, or anti-fraud/anti-abuse domains
Relevant security certifications
Location & work type: Hybrid work model; location not specified; multinational team context indicates

Full Description

Our client is a software development and digital solutions company serving clients across the FinTech, iGaming, and Marketing sectors. The company has successfully delivered 20+ innovative products across 5 international markets, including Brazil, Armenia, Saudi Arabia, and the UAE.

⟢ Responsibilities

Lead and conduct detailed security validation activities across diverse technology stacks, encompassing commercial off-the-shelf software, custom-built applications, and infrastructure hosted in public cloud environments (e.g., AWS, GCP).
Execute specialized risk assessments focusing on application programming interfaces (APIs) and identity/access management (IAM) frameworks to ensure robust control mechanisms are in place.
Adopt a proactive, adversary-centric perspective to identify potential weaknesses, emphasizing the ability to link disparate findings into comprehensive attack narratives that demonstrate realistic business impact.
Document assessment outcomes clearly and professionally, providing objective evidence and strategic, implementable recommendations to enhance the organization's defensive capabilities and maturity.

⟢ Requirements

Minimum of 5 years of experience in hands-on security assessment, evaluation, or risk analysis roles.
Deep functional expertise in safeguarding web-facing applications, including familiarity with common security weaknesses and sophisticated attack vectors (e.g., data manipulation, business logic bypasses, complex injection flaws, and API security).
Proven capability in analyzing the security posture of consumer applications, employing both static and dynamic analysis techniques; strong grasp of data protection, secure communication, and obfuscation techniques.
Working knowledge of securing cloud-native environments (AWS or GCP), particularly concerning access controls, resource configuration, and storage security standards.
Proficiency with industry-standard security testing tools and ability to develop utility scripts for automation using standard programming/shell languages (e.g., Python, Bash).
A persistent, investigative mindset with a track record of connecting individual security gaps to assess the potential for systemic exploitation.

Nice to Have

Experience with unconventional security domains such as client-side hardening, server integrity, or anti-fraud/anti-abuse measures.
Relevant professional certifications that validate advanced, specialized security knowledge.

⟢ Benefits

Competitive & open salary range, based on your true capability not just your title
Hybrid working & flexible hours

Security Test Engineer I Turkey relocate to UAE