Penetration Tester (Offensive Security Specialist)

Company Description

Job Summary

Key Responsibilities

• Plan, scope, and conduct penetration tests across web applications, networks, APIs, mobile applications, and cloud and on-premise infrastructure.
• Perform vulnerability assessments and validate findings to eliminate false positives.
• Conduct manual exploitation beyond automated scanning to assess real-world risk.
• Execute social engineering and phishing simulations where authorized.
• Document findings in clear, detailed reports including risk ratings, business impact, and prioritized remediation recommendations.
• Present results and debrief both technical teams and non-technical stakeholders.
• Retest remediated vulnerabilities to confirm effective closure.
• Stay current with emerging threats, attack techniques, exploits, and security tools.
• Support red team exercises and collaborate with blue team / SOC where required.
• Ensure all testing is conducted within agreed scope, rules of engagement, and applicable regulations.

Requirements****

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 3–4 years of dedicated, hands-on penetration testing / offensive security experience (experience must be directly and fully related to the role).
• Strong knowledge of common vulnerabilities and frameworks (e.g., OWASP Top 10, MITRE ATT&CK).
• Proficiency with industry tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, and similar.
• Solid understanding of networking protocols, operating systems (Windows/Linux), and web technologies.
• Scripting ability (e.g., Python, Bash, or PowerShell) for custom tooling and automation.
• Strong report-writing and communication skills in English and Arabic.
• Relevant certifications such as OSCP or CEH, GPEN, eJPT/eCPPT, or equivalent.

Key Competencies

• Strong analytical and problem-solving mindset.
• Attention to detail and a methodical approach to testing.
• Ability to work independently and manage testing engagements end to end.
• Awareness of Saudi regulatory and compliance frameworks (e.g., NCA controls) is an advantage.