About Us
Q-Pros (Quality Professionals) is a specialized software quality assurance and testing company, headquartered in the United Arab Emirates. We operate across Saudi Arabia, the GCC, the United States, Asia, and Europe, supporting clients in both the public and private sectors. Our services span functional and non-functional testing, test automation, performance and security testing, and quality consulting.
Role Overview
We are seeking a skilled and motivated Security Test Engineer wit hands-on experience in application security and penetration testing. The ideal candidate will have experience identifying and validating security vulnerabilities across mobile, web, and API environments, while working closely with development teams to improve the overall security posture of applications
Key Responsibilities
- Perform end-to-end offensive security assessments of iOS and Android mobile applications, including static analysis, dynamic analysis, reverse engineering, and runtime manipulation.
- Conduct penetration testing and security assessments of web applications, Single-Page Applications (SPAs), and REST/GraphQL APIs.
- Identify, exploit, and document security vulnerabilities, including:
Authentication and authorization flaws.
Injection vulnerability.
Insecure data storage.
Session management issues.
API security weakness.
Business logic vulnerability.
- Develop and maintain custom tools, scripts, and proof-of-concept exploits to automate reconnaissance, vulnerability discovery, and attack workflows.
- Work closely with mobile, backend, and development teams to reproduce security findings, provide remediation recommendations, and validate implemented fixes.
- Prepare clear, detailed, and actionable security assessment reports.
Required Qualifications
- 2+ years of experience in penetration testing, application security, or offensive security.
- Hands-on experience testing mobile applications (iOS and Android), web applications, and APIs.
- Strong understanding of common application security vulnerabilities, including the OWASP Top 10 and mobile security best practice.
- Experience using industry-standard security testing tools such as Burp Suite, MobSF, Frida, Objection, Ghidra, JADX, or similar.
- Familiarity with scripting or programming languages such as Python, Bash, or JavaScript for automation is a pl
- Strong analytical, problem-solving, and communication skills.
- Relevant security certifications (e.g., OSCP, PNPT, eJPT, or similar) are a plus.