This role supports Cybersecurity practices, with direct alignment to client-facing penetration testing services across the Middle East and global markets.
The engineer will contribute to traditional and AI-enabled penetration testing offerings, including application, API, network, cloud, and emerging LLM testing.
The role is delivery-focused, highly client-facing, and supports company's differentiated approach combining automation with senior manual expertise.
Primary Responsibilities • Deliver web application, API, and mobile application penetration tests aligned to OWASP Top 10 and PTES.
• Conduct internal and external network penetration testing and cloud security assessments (Azure, Microsoft 365, AWS, GCP).
• Support companys’ AI-enabled penetration testing model, validating automated findings and performing deep manual exploitation.
• Perform LLM and GenAI security assessments as part of companys’ advanced offensive offerings.
• Produce executive-ready reports and lead client readouts with clear remediation guidance.
• Collaborate with vCISO, IR, and advisory teams to support broader client security programs.
Success Metrics (First 90 Days) • Independently deliver scoped penetration tests across at least two service lines (application, network, or cloud).
• Lead client debriefs and clearly articulate risk and remediation to technical and executive stakeholders.
• Demonstrate proficiency in company reporting standards and tooling.
• Contribute improvements to testing playbooks or automation workflows.
Required Technical Skills • Strong application security testing experience (web, API, authentication flows).
• Proficiency with Burp Suite and API testing tools (Postman/Insomnia).
• Solid Linux expertise and comfort operating in mixed OS environments.
• Scripting capability in Python, Bash, or PowerShell.
• Understanding of network protocols, exploitation paths, and cloud attack surfaces.
Nice-to-Have / Senior-Level Capabilities • Experience with Red Team or Purple Team engagements.
• Familiarity with MITRE ATT&CK and modern detection tooling (EDR/XDR).
• Cloud penetration testing depth (Azure and Microsoft 365 strongly preferred).
• Prior consulting or client-facing security experience.
Working Style & Values • High integrity and discretion when handling sensitive client environments.
• Strong written communication and attention to detail.
• Comfortable operating autonomously while collaborating with a global team.
• Continuous learner with a passion for offensive security.
Certifications (Optional) OSCP, OSWA, CRTO, PNPT, or equivalent offensive security certifications are valued but not required.