Job Overview

We are seeking a highly skilled Vulnerability Assessment & Penetration Testing (VAPT) Specialist to join our cybersecurity team in Riyadh, Saudi Arabia. The ideal candidate will have 3+ years of hands-on experience in performing penetration testing, security assessments, and exploit development across web applications, networks, cloud environments, and enterprise systems.

As part of the offensive security team, you will play a critical role in identifying, analyzing, and mitigating security vulnerabilities in our IT infrastructure. You will also be responsible for ensuring compliance with SAMA, NCA, ISO 27001, and other regulatory standards.

If you are passionate about ethical hacking, security research, and helping organizations improve their cyber resilience, this role is for you!

Key Responsibilities

·        Conduct Vulnerability Assessments & Penetration Testing (VAPT) on:

·        Web applications, APIs, and mobile applications

·        Network infrastructure (internal/external)

·        Cloud environments (AWS, Azure, GCP)

·        Active Directory & Privileged Access Systems

·        Simulate real-world cyber threats using red teaming techniques and adversary emulation (MITRE ATT&CK-based).

·        Analyze and exploit vulnerabilities to demonstrate business impact and security risks.

·        Develop proof-of-concept (PoC) exploits for identified vulnerabilities.

·        Generate detailed security assessment reports with actionable recommendations for remediation.

·        Ensure compliance with SAMA, NCA, ISO 27001, and PCI DSS cybersecurity frameworks.

·        Collaborate with blue teams and security engineers to improve detection and response strategies.

·        Stay updated on the latest cybersecurity threats, zero-day vulnerabilities, and hacking techniques.

Requirements

Qualifications & Skills Required

·        3+ years of hands-on experience in penetration testing & vulnerability assessments.

·        Strong knowledge of penetration testing tools (Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, etc.).

·        Familiarity with scripting and exploit development (Python, Bash, PowerShell).

·        Experience with Active Directory security, privilege escalation, and lateral movement techniques.

·        Knowledge of cloud security assessments (AWS, Azure, GCP).

·        Ability to generate clear, professional security reports and communicate findings effectively.

·        Understanding of compliance frameworks (SAMA, NCA, ISO 27001, PCI DSS).

·        OSCP certification is highly preferable; other relevant certifications (CEH, GPEN, CISSP) are a plus.

·        Fluent in Arabic and English (written & spoken).

Preferred Certification: OSCP (Offensive Security Certified Professional)