Offensive Security Engineer

This role supports Cybersecurity practices, with direct alignment to client-facing penetration testing services across the Middle East and global markets. The engineer will contribute to traditional and AI-enabled penetration testing offerings, including application, API, network, cloud, and emerging LLM testing. The role is delivery-focused, highly client-facing, and supports company's differentiated approach combining automation with senior manual expertise.

Primary Responsibilities

• Deliver web application, API, and mobile application penetration tests aligned to OWASP Top 10 and PTES.
• Conduct internal and external network penetration testing and cloud security assessments (Azure, Microsoft 365, AWS, GCP).
• Support companys’ AI-enabled penetration testing model, validating automated findings and performing deep manual exploitation.
• Perform LLM and GenAI security assessments as part of companys’ advanced offensive offerings.
• Produce executive-ready reports and lead client readouts with clear remediation guidance.
• Collaborate with vCISO, IR, and advisory teams to support broader client security programs.

Success Metrics (First 90 Days)

• Independently deliver scoped penetration tests across at least two service lines (application, network, or cloud).
• Lead client debriefs and clearly articulate risk and remediation to technical and executive stakeholders.
• Demonstrate proficiency in company reporting standards and tooling.
• Contribute improvements to testing playbooks or automation workflows.

Requirements

Required Technical Skills

• Strong application security testing experience (web, API, authentication flows).
• Proficiency with Burp Suite and API testing tools (Postman/Insomnia).
• Solid Linux expertise and comfort operating in mixed OS environments.
• Scripting capability in Python, Bash, or PowerShell.
• Understanding of network protocols, exploitation paths, and cloud attack surfaces.

Nice-to-Have / Senior-Level Capabilities

• Experience with Red Team or Purple Team engagements.
• Familiarity with MITRE ATT&CK and modern detection tooling (EDR/XDR).
• Cloud penetration testing depth (Azure and Microsoft 365 strongly preferred).
• Prior consulting or client-facing security experience.

Working Style & Values

• High integrity and discretion when handling sensitive client environments.
• Strong written communication and attention to detail.
• Comfortable operating autonomously while collaborating with a global team.
• Continuous learner with a passion for offensive security.

Certifications (Optional)

OSCP, OSWA, CRTO, PNPT, or equivalent offensive security certifications are valued but not required.