Job Description
- Conduct advanced threat simulation and penetration test (Web, Network, APIs, Mobile, Cloud) across Arab Bank attack surface, software changes, and digital products.
- Conduct internal and external red team activities and assess security controls effectiveness
- Perform security code reviews, fuzzing, reverse engineering and penetration test from whitebox perspective.
- Develop security tools and proof of concept of vulnerabilities.
- Provide recommendations and guidance on security best practices to fix vulnerabilities and enhance security posture.
- Work closely with cross-functional teams (Engineering, DevOps, DevSecOps, Risk) to discover and address security vulnerabilities.
Job Requirements
- Degree from a recognized university in Computer Engineering, Computer Science or equivalent.
- Holding any of the following industry certifications: OSWE, OSCE3, OSCP, GXPN, CRTO.
- + 5 years of experience conducting Offensive Security Testing (Red teaming, purple teaming, threat intel, penetration testing)
- Good experience in work related communication in a fast-paced dynamic environment.
Technical Competencies
- Senior penetration tester and preferably with software development background.
- Recognitions in public bug bounty programs and hall of fame, have registered public vulnerabilities CVEs, contribution to the public security community in research or blog, or open source development.
- Experience conducting advanced penetration testing exercises (Web applications, Mobile Applications, APIs, and Cloud)
- Experience in developing cybersecurity testing tools, and exploits development
- Experience in cloud security testing (GCP, AWS, Azure)
- Proficiency with one or more programming languages and MVC, preferably: JAVA, Spring Boot, javascript, PHP, C/C++, Python, GO, etc.
- Ability to conduct manual source code review and whitebox security testing. Familiarity with related tools such as CodeQL.
- Experience emulating advanced adversarial tactics, techniques and procedures TTP.
- Familiarity with security public standards and testing methodologies: OWASP top 10 for Mobile, Web and API. OWASP Application Security Verification Standard (ASVS), MITRE ATT&CK, etc.
- Proficiency in performing advanced mobile applications assessment (iOS/Android) and assessing mobile security controls and backend APIs.
Apply Via The Following Link