This role supports Cybersecurity practices, with direct alignment to client-facing penetration testing services across the Middle East and global markets. The engineer will contribute to traditional and AI-enabled penetration testing offerings, including application, API, network, cloud, and emerging LLM testing. The role is delivery-focused, highly client-facing, and supports company's differentiated approach combining automation with senior manual expertise.
Primary Responsibilities
- Deliver web application, API, and mobile application penetration tests aligned to OWASP Top 10 and PTES
- Conduct internal and external network penetration testing and cloud security assessments (Azure, Microsoft 365, AWS, GCP)
- Support companys' AI-enabled penetration testing model, validating automated findings and performing deep manual exploitation
- Perform LLM and GenAI security assessments as part of companys' advanced offensive offerings
- Produce executive-ready reports and lead client readouts with clear remediation guidance
- Collaborate with vCISO, IR, and advisory teams to support broader client security programs
Success Metrics (First 90 Days)
- Independently deliver scoped penetration tests across at least two service lines (application, network, or cloud)
- Lead client debriefs and clearly articulate risk and remediation to technical and executive stakeholders
- Demonstrate proficiency in company reporting standards and tooling
- Contribute improvements to testing playbooks or automation workflows
Requirements
Required Technical Skills
- Strong application security testing experience (web, API, authentication flows)
- Proficiency with Burp Suite and API testing tools (Postman/Insomnia)
- Solid Linux expertise and comfort operating in mixed OS environments
- Scripting capability in Python, Bash, or PowerShell
- Understanding of network protocols, exploitation paths, and cloud attack surfaces
Nice-to-Have / Senior-Level Capabilities
- Experience with Red Team or Purple Team engagements
- Familiarity with MITRE ATT&CK and modern detection tooling (EDR/XDR)
- Cloud penetration testing depth (Azure and Microsoft 365 strongly preferred)
- Prior consulting or client-facing security experience
Working Style & Values
- High integrity and discretion when handling sensitive client environments
- Strong written communication and attention to detail
- Comfortable operating autonomously while collaborating with a global team
- Continuous learner with a passion for offensive security
Certifications (Optional)
OSCP, OSWA, CRTO, PNPT, or equivalent offensive security certifications are valued but not required.
