Offensive Security Engineer at Arab Bank

Arab Bank Jobs
Arab Bank Jobs

Job Description

  • Conduct advanced threat simulation and penetration test (Web, Network, APIs, Mobile, Cloud) across Arab Bank attack surface, software changes, and digital products.
  • Conduct internal and external red team activities and assess security controls effectiveness.
  • Develop security tools and proof of concept of vulnerabilities.
  • Provide recommendations and guidance on security best practices to fix vulnerabilities and enhance security posture.
  • Work closely with cross-functional teams (Engineering, DevOps, DevSecOps, Risk) to discover and address security vulnerabilities.
  • Manage external and internal VA scans.
  • Validate security fixes and perform retest for security findings.
  • Participate in security technical controls hardening and implementation across various technologies.
  • Degree from a recognized university in Computer Engineering, Computer Science or equivalent.
  • Holding any of the following industry certifications: OSCP, eMAPT, eWPTX, or any related certification.

Job Requirements

  • 1-3 years of experience conducting Offensive Security Testing (Red teaming, purple teaming, threat intel, penetration testing).
  • Good experience in work related communication in a fast-paced dynamic environment.
  • Proficiency with one or more programming languages and MVC, preferably: JAVA, Spring Boot, javascript, PHP, C/C++, Python, GO, etc.
  • Experience in emulating advanced adversarial tactics, techniques and procedures TTP.
  • Familiarity with security public standards and testing methodologies: OWASP top 10 for Mobile, Web and API. OWASP Application Security Verification Standard (ASVS), MITRE ATT&CK, etc.
  • Experience in performing mobile applications assessment (iOS/Android) & assessing mobile security controls and backend APIs.
  • Experience in playing CTF or HackThebox/Tryhackme.
  • Experience in cloud security testing (GCP, AWS, Azure) is plus.
  • Recognitions in public bug bounty programs and hall of fame, have registered public vulnerabilities CVEs is plus.

Apply Via The following Link