Penetration Tester Jobs

The Penetration Tester is responsible for conducting authorized security assessments across enterprise, government, and critical infrastructure environments to identify, validate, and report security vulnerabilities. As part of ZainTECH's Cybersecurity practice, the role supports the delivery of penetration testing engagements across infrastructure, web, wireless and applications.

The Penetration Tester performs hands-on offensive security testing, validates exploitability of identified vulnerabilities, and delivers clear, actionable remediation guidance to customers. The role works closely with cybersecurity consultants, advisory teams, and customer stakeholders to help strengthen security posture and reduce organizational risk across the MENA region.

Responsibilities:

Penetration Testing & Security Assessments

• Conduct penetration testing engagements across: External and internal networks, Web applications, APIs and web services, Wireless environments, Infrastructure and supporting systems
• Execute testing activities in accordance with approved methodologies, industry standards, and customer-defined rules of engagement
• Identify, validate, and safely demonstrate security vulnerabilities and attack paths
• Assess exploitability, business impact, and risk exposure associated with identified findings
• Perform security validation and retesting activities following remediation efforts

Vulnerability Analysis & Reporting

• Analyze identified vulnerabilities and security weaknesses to determine potential business impact
• Develop detailed technical findings and remediation recommendations
• Produce high-quality penetration testing reports that clearly communicate: Vulnerability details, Risk ratings, Attack scenarios, Business impact, Remediation guidance
• Ensure findings are reproducible, technically accurate, and aligned with industry best practices

Testing Governance & Compliance

• Conduct all testing activities within approved scope and rules of engagement
• Ensure customer systems, data, and environments are protected throughout testing activities
• Maintain strict confidentiality of customer information and testing results
• Adhere to applicable regulatory, contractual, and legal requirements governing penetration testing engagements
• Support compliance with NCSC Jordan licensing requirements and operational standards

Technical Research & Continuous Improvement

• Stay current on: Emerging threats, Attack techniques, Vulnerability trends, Security research, Offensive security tools and methodologies
• Contribute to the enhancement of penetration testing methodologies, tools, and processes
• Participate in internal knowledge-sharing initiatives and technical training programs
• Support continuous improvement activities within the Cybersecurity Advisory Services practice

Cross-Functional Collaboration

• Collaborate with: Penetration Testing Team Leaders, Cybersecurity Consultants, Security Architects, Managed Security Services teams
• Support remediation discussions and knowledge transfer activities where required
• Contribute technical expertise during customer engagements and security assessments

Our Culture & Code of Conduct:

At ZainTECH, we take pride in a culture built on collaboration, innovation, and uncompromising integrity. We are looking for individuals who share these values and are committed to customer-centricity and ethical excellence. All employees are expected to uphold our Code of Conduct, which serves as a guiding framework for responsible behavior across everything we do — from how we work with each other to how we engage with clients and partners globally.

Requirements

• Bachelor's degree or Intermediate Diploma from a recognized university or academic institution
• Minimum 3 years of practical cybersecurity experience
• Demonstrated participation in at least two completed penetration testing projects
• Possession of at least one valid NCSC-approved penetration testing certification, including: Certified Ethical Hacker (CEH), CREST Registered Penetration Tester (CRT), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Professional (OSCP), CompTIA PenTest+, or another NCSC-approved equivalent certification
• Hands-on offensive skills across network, web, and application testing, with command of common tooling (Burp Suite, Nmap, Metasploit) and scripting