The VAPT (Vulnerability Assessment and Penetration Testing) Technical lead manages vulnerability assessment and penetration testing operations to identify security risks in EGA. The VAPT Manager ensure timely remediation of discovered vulnerabilities by coordinating with technical and business teams. This role strengthens the organization’s security posture and ensures compliance with industry standards.
KEY ACCOUNTABILITIES & RESPONSIBILITIES
Performing regular vulnerability scans for all EGA IT Assets and prioritizing vulnerabilities based on risk.
Coordinating and supporting with IT Infrastructure teams for patch management and Web Application Development Teams for the code level remediations. Tracking and reporting on vulnerability posture.
Managing remediation activities from (EGA VAPT Program, Digital Forensics Operations, Security Performance Management Platforms, Trust.ae)
Collect, process, and analyze diverse threat intelligence to understand adversary tactics, techniques, and procedures (TTPs).
Formulate data-driven theories about potential hidden threats within the organization's environment.
Actively search through vast volumes of security logs and network data to uncover subtle malicious activities.
Develop specialized scripts and advanced queries to facilitate complex threat detection and analysis.
Generate clear vulnerability, intelligence reports and escalate confirmed threats to incident response teams with supporting forensic insights.
Provide critical feedback to improve existing security tools, detection rules, and overall defensive strategies.
Work closely with other security teams and leadership to communicate threat landscapes and enhance collective awareness.
Conduct Onsite Penetration Testing for EGA and its departments on site, on web applications, on Mobile Applications and APSs every Quarter in a year.
Manage VAPT engagements across networks, applications, cloud, and endpoints using industry-standard tools (e.g., Qualys, Burp Suite, Nessus, Metasploit, Nmap) and perform manual and automate Source Code Review of internally developed web applications. Manage end to end activity with the Web application Development team for the SSDLC (Secure Software Development Life Cycle)
Simulate real-world attack scenarios, developing threat models, and evaluating system resilience against advanced persistent threats (APTs).
Competent in producing clear, executive-level reports and technical documentation, articulating vulnerabilities, risks, and remediation strategies to both technical and non-technical stakeholders.
Stakeholder management and Team work: Managing the departmental collaboration within EGA IT and the Government Department IT Departments and the Government Departments themselves to promote security best practices and ensure vulnerabilities are understood and remediated effectively.
Incident Response: Collaborating with incident response teas suring security events and forensic investigations to, again, and ensure vulnerabilities are understood and remediated effectively.
Automation and AI : Using Vulnerability Scanning automation and AI tools AI to spot patterns and vulneraibilities that saves the information security team from unnecessary efforts.
QUALIFICATIONS & EXPERIENCE
Bachelor’s degree in cyber security or information security engineering, Electronic and Telecommunication Engineering, IT Engineering, Computer Engineering, or any relevant discipline
Preferred
Bachelor’s degree in cyber security or information security engineering, Electronic and Telecommunication Engineering, IT Engineering, Computer Engineering
Minimum 7 years of Experience on the VAPT Domain
Preferred : Preferred 10 years of Experience on the VAPT Domain
Certifications
OSCP, CEH and MS-AZ are prior to be acceptable but other certifications are acceptable as well.
Minimum 3 VAPT subject matter certification is required.
Preferred:
1.Offensive Security Certified Professional (OSCP),
2.Certified Ethical Hacker (CEH),
3.GIAC Penetration Tester (GPEN),
4.CompTIA PenTest+,
5.Microsoft Certified Azure Security Engineer Associate
English Language (spoken and written) – Essential, Arabic Language (spoken and written)
