- Conduct advanced threat simulation and penetration test (Web, Network, APIs, Mobile, Cloud) across Arab Bank attack surface, software changes, and digital products.
- Conduct internal and external red team activities and assess security controls effectiveness.
- Develop security tools and proof of concept of vulnerabilities.
- Provide recommendations and guidance on security best practices to fix vulnerabilities and enhance security posture.
- Work closely with cross-functional teams (Engineering, DevOps, DevSecOps, Risk) to discover and address security vulnerabilities.
- Manage external and internal VA scans.
- Validate security fixes and perform retest for security findings.
- Participate in security technical controls hardening and implementation across various technologies.
- Degree from a recognized university in Computer Engineering, Computer Science or equivalent.
- Holding any of the following industry certifications: OSCP, eMAPT, eWPTX, or any related certification.
- 1-3 years of experience conducting Offensive Security Testing (Red teaming, purple teaming, threat intel, penetration testing).
- Good experience in work related communication in a fast-paced dynamic environment.
- Experience in emulating advanced adversarial tactics, techniques and procedures TTP.
- Familiarity with security public standards and testing methodologies: OWASP top 10 for Mobile, Web and API. OWASP Application Security Verification Standard (ASVS), MITRE ATT&CK, etc.
- Experience in performing mobile applications assessment (iOS/Android) & assessing mobile security controls and backend APIs.
- Experience in playing CTF or HackThebox/Tryhackme.
- Experience in cloud security testing (GCP, AWS, Azure) is plus.
- Recognitions in public bug bounty programs and hall of fame, have registered public vulnerabilities CVEs is plus.
Apply Via The Following Link