Embedded Offensive Security Engineer

Client Company HQ, Riyadh, Kingdom of Saudi Arabia

Full-time, 5 days per week on-site at Client HQ, Riyadh

CREST, OSCP, or equivalent offensive security certification

Must pass Client background vetting; data residency: KSA or GCC

Microminder Cyber Security (MCS) is a CREST-certified, ISO/IEC 27001-accredited cybersecurity firm operating across the UAE, Saudi Arabia, and the UK.

MCS has been engaged by Client Company, one of the world's largest vertically integrated food and beverage businesses, to deliver an enterprise-grade Internal Attack Simulation and External Attack Surface Management (EASM) programme.

As part of this engagement, MCS is required to provide a dedicated, highly skilled offensive security professional who will be fully embedded within the Client Cyber Security function at the company's Riyadh headquarters.

This is not a remote or hybrid role: the successful candidate will work on-site, five days per week, directly supporting the Client Head of Cyber Security and the internal offensive security team.

2.

The Embedded Offensive Security Engineer will serve as the primary technical resource responsible for the day-to-day operation, tuning, and ongoing stabilisation of the attack simulation and EASM platforms deployed within the Client environment.

The role combines deep offensive security expertise with strong systems administration and hands-on remediation capability.

This individual will act as the technical bridge between the vendor platform, the Client internal cyber security team, and cross-functional stakeholders including IT, infrastructure, DevOps, and application owners.

3.

鈥⒙犅犅犅燨perate, monitor, and triage all alerts generated by the EASM and automated penetration testing platforms on a daily basis.

鈥⒙犅犅犅燬chedule and execute approved internal attack simulations, including identity/Active Directory attack-path testing, lateral movement scenarios, and network segmentation validation.

鈥⒙犅犅犅燤aintain full audit logs of all simulation activity, generated artefacts, and system access in line with Client governance requirements.

鈥⒙犅犅犅燙onduct retesting and regression validation following remediation, producing formal closure evidence for each finding.

鈥⒙犅犅犅燙oordinate with IT, DevOps, infrastructure, and application owners to drive timely remediation of identified vulnerabilities and misconfigurations.

鈥⒙犅犅犅燱ork directly with system and service owners to implement patches, configuration changes, and security hardening measures.

鈥⒙犅犅犅燭roubleshoot and resolve asset discovery, attribution, and coverage gaps impacting platform visibility or assessment accuracy.

鈥⒙犅犅犅燬upport platform configuration, integrations (EDR, SIEM, CMDB, ITSM), and tuning activities until stable operations are achieved.

鈥⒙犅犅犅燤anage and continuously refine the EASM platform, including onboarding of approved asset inventories (domains, IP ranges, subsidiary entities, brand identifiers).

鈥⒙犅犅犅燤onitor and profile externally exposed assets, including open ports, exposed services, expiring certificates, and DNS weaknesses.

鈥⒙犅犅犅營dentify unknown, orphaned, and shadow IT assets on the external attack surface and drive their inclusion in remediation workflows.

鈥⒙犅犅犅燙orrelate EASM findings with enterprise platforms for integrated remediation tracking.

鈥⒙犅犅犅燙onduct manual threat modelling and attack-path analysis for critical and high-risk business systems, supporting informed risk-based decision-making.

鈥⒙犅犅犅燤ap executed attack scenarios to recognised adversary frameworks, including MITRE ATT&CK, with end-to-end attack-chain documentation.

鈥⒙犅犅犅燰alidate defensive control effectiveness across WAF, EDR, SIEM, and identity controls with timestamped evidence outputs.

鈥⒙犅犅犅燭ranslate technical findings into clear, business-focused risk narratives suitable for senior leadership and executive management at Client.

鈥⒙犅犅犅燩roduce and present regular reports on platform status, risk posture, open findings, and remediation progress to the Head of Cyber Security.

鈥⒙犅犅犅燙ontribute to audit readiness documentation, evidence packs, and internal governance reporting.

鈥⒙犅犅犅燚evelop and maintain fully documented operational runbooks for all platform capabilities.

鈥⒙犅犅犅燚eliver structured knowledge transfer sessions to Client's internal Cyber Security team.

鈥⒙犅犅犅燬upport the formal handover process to enable the Client team to achieve independent, steady-state operations.

4.

and Experience4.1 Essential

鈥⒙犅犅犅燤inimum 4-6 years of hands-on offensive security experience, including penetration testing, red team operations, or attack simulation roles.

鈥⒙犅犅犅燚emonstrable experience deploying, operating, and troubleshooting enterprise-grade attack simulation or automated penetration testing platforms (e.g., Cymulate, Pentera, Horizon3.ai, AttackIQ, or equivalent).

鈥⒙犅犅犅燬trong background in systems administration: Windows Server, Active Directory, Linux, and enterprise networking.

鈥⒙犅犅犅燞ands-on experience with identity and AD attack-path techniques: credential access, privilege escalation, lateral movement, Kerberoasting, Pass-the-Hash, and equivalent.

鈥⒙犅犅犅燩ractical knowledge of network segmentation testing, EDR evasion validation, and SIEM detection logic.

鈥⒙犅犅犅燛xperience with External Attack Surface Management platforms and asset discovery methodologies.

鈥⒙犅犅犅燗bility to produce clear, executive-level risk reporting from complex technical findings.

鈥⒙犅犅犅燙urrent CREST certification (CRT, CCT, or equivalent) OR OSCP, GPEN, GXPN, or equivalent offensive security qualification.

鈥⒙犅犅犅燱illingness and ability to work on-site in Riyadh, KSA, five days per week.

鈥⒙犅犅犅燩rior experience in a vendor-embedded or client-site secondment model.

鈥⒙犅犅犅燜amiliarity with GCC or KSA enterprise environments, regulatory expectations (NCA ECC, SAMA CSF), and data sovereignty requirements.

鈥⒙犅犅犅燛xperience with large-scale enterprise environments in sectors such as FMCG, food production, logistics, or critical national infrastructure.

鈥⒙犅犅犅燢nowledge of MITRE ATT&CK, TIBER-EU, or CBEST red team frameworks.

鈥⒙犅犅犅燗rabic language skills (professional working proficiency or above).

鈥⒙犅犅犅燛xperience with integration of security platforms into CMDB, SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and ITSM (e.g., ServiceNow).

The successful candidate will combine deep technical capability with the professional maturity to operate within a complex enterprise client environment.

The following competencies are essential:

鈥⒙犅犅犅燨perates with high integrity, full discretion, and a commitment to non-destructive, governed testing at all times.

鈥⒙犅犅犅燙ommunicates effectively at all levels: from technical engineers to C-suite executives and board risk owners.

鈥⒙犅犅犅燱orks independently and takes ownership of outcomes without requiring day-to-day management oversight.

鈥⒙犅犅犅燚emonstrates commercial awareness: understands the business impact of risk findings and frames remediation in terms of business risk, not just technical severity.

鈥⒙犅犅犅燙ollaborative and credible with client-side teams: able to influence without authority across IT, infrastructure, and security functions.

鈥⒙犅犅犅燞ighly organised: manages multiple concurrent workstreams, maintains documentation standards, and meets reporting deadlines.

This role is offered as a fixed-term, project-based engagement through Microminder Cyber Security.

The successful candidate will be employed by MCS and seconded to the Client site in Riyadh for the duration of the programme.

鈥⒙犅犅犅燙ompensation: Competitive, commensurate with experience and GCC market benchmarks.

Full details provided at offer stage.

鈥⒙犅犅犅燘enefits: As per MCS standard employment terms for KSA-based roles.

鈥⒙犅犅犅燣ocation: Client Company HQ, Riyadh, KSA.

Candidates must be willing to relocate or currently be based in KSA.

鈥⒙犅犅犅燰isa and Sponsorship: MCS will facilitate KSA work authorisation where applicable.

Candidates with existing KSA iqama or NOC are welcome.

7.

This is a confidential recruitment process managed by Microminder Cyber Security.

Interested candidates should submit the following:

鈥⒙犅犅犅燗n up-to-date CV detailing relevant technical experience, platform exposure, and certifications held.

鈥⒙犅犅犅燗 brief covering note (no more than one page) outlining their suitability for the embedded role, including any experience operating within enterprise client environments.