7 Penetration Testing jobs in Saudi Arabia

Perform penetration tests and vulnerability assessments to identify, exploit, and help remediate security weaknesses in the organization’s IT environment. Deliver clear, actionable results for technical and non-technical audiences.

• Conduct regular penetration tests (internal/external, web, network, applications) and vulnerability assessments.
• Identify attack paths and prioritize exploitable weaknesses while ensuring service continuity.
• Produce clear, actionable reports for technical teams and leadership.
• Develop and test incident response playbooks and remediation guidance.
• Use SIEM and log analysis to support testing and post‑exploitation investigations.
• Support SOC operations and continuous monitoring activities.
• Run periodic IDS/IPS and detection‑control tests and update response procedures.
• Collaborate with IT teams to validate fixes and improve defenses.
• Maintain thorough documentation of tests, findings, and remediation steps.
• Stay current with global threat developments and adjust testing methodologies accordingly.

• Bachelor’s degree in Computer Science, Information Technology, or related field.
• 3–4 years’ experience in penetration testing, red teaming, or offensive security.

• eJPT
• OSCP
• CEH
• or equivalent

• Mid‑Senior level

• Full‑time

• Quality Assurance
• IT Services and IT Consulting

Perform penetration tests and vulnerability assessments to identify, exploit, and help remediate security weaknesses in the organization's IT environment. Deliver clear, actionable results for technical and non-technical audiences.

Key Responsibilities:

• Conduct regular penetration tests (internal/external, web, network, applications) and vulnerability assessments.

• Identify attack paths and prioritize exploitable weaknesses while ensuring service continuity.

• Produce clear, actionable reports for technical teams and leadership.

• Develop and test incident response playbooks and remediation guidance.

• Use SIEM and log analysis to support testing and post-exploit investigations.

• Support SOC operations and continuous monitoring activities.

• Run periodic IDS/IPS and detection-control tests and update response procedures.

• Collaborate with IT teams to validate fixes and improve defenses.

• Maintain thorough documentation of tests, findings, and remediation steps.

• Stay current with global threat developments and adjust testing methodologies accordingly.

Minimum Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or related field.

• 3–4 years' experience in penetration testing, red teaming, or offensive security.

Preferred Certifications:

• eJPT

• OSCP

• CEH

or equivalent.

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region's ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments.

As experts in business security and privacy.

We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Recommends security controls to mitigate risks identified through testing and review.
• Conducts required reviews, including reviews of defensive measures, according to the organization's policies.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and nontechnical risk and vulnerability assessments of organizational technology environments.
• Maintains a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits.
• Tests for vulnerabilities in web applications, client applications and standard applications.
• Conducts physical security assessments of servers, systems, and network devices.
• Reports penetration testing and vulnerability assessment findings including risk level, proposed mitigation, and details necessary to reproduce the test results.
• Explains business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Designs simulated attacks to reflect impact in the organization's business and its users.
• Supports in collaborating with cybersecurity vendors to drive innovation in Penetration Testing services development and manage overall Penetration Testing service lifecycle.
• Supports in leading the implementation of go-to-market and roadmap for Penetration Testing services solutions & tools.
• Supports in developing Penetration Testing Services' lifecycle end-to-end, including Ideation, feasibility analysis, planning, sourcing, business case, toolkits and operating models design, commercialization, launch, performance management, and retirement, in collaboration with other Advisory sections.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualification:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.

Professional Certificate:

• Offensive Security (OSCP, OSWP, OSWE, OSEP, etc)
• GIAC (GXPN, GCPN, GAWN, GPYC, etc)
• Pen tester Academy (Red Team Expert)

Years of Experience:

• 3 – 5 years in relevant experience

Skills:

• Advance proficiency in conducting vulnerability scans and determine vulnerabilities from the results.
• Intermediate proficiency in conducting penetration testing in line with the organization's policies and best practice.
• Advance proficiency in developing insights about an organization's threat environment.
• Advance proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues
• Advance proficiency in mimicking threat behaviors.
• Intermediate proficiency in implementing adversary Tactics, Techniques and Procedures.
• Basic proficiency in service development.
• Basic proficiency in user experience knowledge.
• Basic proficiency in recognizing industry trends & KPIs

We are seeking a highly motivated and skilled Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will be responsible for conducting comprehensive penetration tests on our systems, networks, and applications to identify and mitigate security vulnerabilities. You will play a crucial role in ensuring the security and integrity of our digital assets by simulating real-world cyberattacks and providing actionable recommendations for remediation.

Responsibilities:

• Penetration Testing and Vulnerability Assessment:
• • Conduct internal and external penetration tests on web applications, mobile applications, networks, and infrastructure.
• Perform vulnerability assessments and security audits to identify weaknesses and potential attack vectors.
• Utilize various penetration testing tools and techniques, including manual and automated methods.
• Simulate real-world attack scenarios to assess the effectiveness of existing security controls.
• Perform social engineering assessments, if required.
• Perform wireless network assessments.
• Reporting and Remediation:
• • Document and report identified vulnerabilities with clear and concise descriptions, including severity levels and potential impact.
• Provide detailed recommendations for remediation and mitigation strategies.
• Present findings to technical and non-technical stakeholders.
• Track and verify the implementation of remediation efforts.
• Retest systems after patches are applied.

• Security Research and Development:

• Stay up-to-date with the latest security threats, vulnerabilities, and attack techniques.

• Research and evaluate new penetration testing tools and methodologies.
• Contribute to the development and improvement of internal security testing processes.

• Contribute to the creation of security best practices.

• Compliance and Standards:

• • Ensure all penetration testing activities comply with relevant legal, regulatory, and ethical standards.
• Adhere to industry best practices and security frameworks (e.g., OWASP, NIST).
• Maintain confidentiality of sensitive data.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Experience: 3 years of experience in penetration testing or a related security role.
• Technical Skills:
• • Proficiency in using penetration testing tools (e.g., Metasploit, Nmap, Burp Suite, Wireshark).
• Strong understanding of networking protocols, operating systems (Windows, Linux), and web application architectures.
• Knowledge of common web application vulnerabilities (e.g., OWASP Top 10).
• Experience with scripting languages (e.g., Python, Bash, PowerShell).
• Knowledge of cloud security (AWS, Azure, GCP).
• Knowledge of mobile application security.
• Certifications (Preferred):
• • Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• CISSP

• Soft Skills:

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong ethical principles and a commitment to confidentiality

Cipher | سايڤر is a cybersecurity solutions provider based in Riyadh, Saudi Arabia. The company's goal is to simplify the perception of complexity surrounding cybersecurity problems and solutions. Cipher's team of Saudi professionals and experts work tirelessly to develop, customize, and manage digital services and cybersecurity solutions to ensure their peace of mind. Our goal is to provide peace of mind to our clients by making digital security simple and efficient.

Key Responsibilities:

• Engage with clients to define the scope and objectives of penetration tests, including systems, applications, and environments to be assessed.
• Plan, design, and execute manual penetration tests across web applications, mobile applications, APIs, cloud services, and enterprise infrastructure.
• Perform advanced security assessments such as source code reviews, business logic testing, and red team/adversary simulations.
• Conduct onsite and remote testing to identify vulnerabilities, misconfigurations, and gaps in defensive controls.
• Simulate real-world attacks to evaluate the effectiveness of detection, prevention, and response mechanisms.
• Document and communicate findings in detailed technical reports with clear risk ratings, business impact analysis, and actionable remediation steps.
• Present results and recommendations to both technical and executive-level stakeholders.
• Provide strategic security advice to clients on hardening systems, reducing attack surface, and improving detection and response.
• Continuously update knowledge of emerging threats, vulnerabilities, tools, and penetration testing methodologies (e.g., OWASP, MITRE ATT&CK).

Educational Requirements:

Bachelor's degree of Computer Science, Cybersecurity, Information Technology, or a related field.

Certifications:

Preferred Certifications:

• OSCP (Offensive Security Certified Professional)
• eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme)
• CRTP (Certified Red Team Professional)
• Additional relevant certifications such as OSWE, OSEP, GXPN, CREST CRT, or equivalent.

Required Skills & Competencies:

• Strong hands-on experience in penetration testing of web, mobile, cloud, and infrastructure environments.
• Expertise in manual vulnerability discovery and exploitation (excluding exploit development).
• Experience conducting detailed source code reviews to identify security weaknesses.
• Familiarity with red team frameworks, adversary simulation techniques, and threat modeling.
• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash).
• Strong analytical and problem-solving skills, with the ability to evaluate complex systems.
• In-depth understanding of technical systems, application architectures, and common attack vectors.
• Excellent written and verbal communication skills for delivering clear reports and executive presentations.
• Ability to translate technical findings into meaningful business risk insights.

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region's ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments. As experts in business security and privacy. We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Participates in reporting penetration testing and vulnerability assessment findings including risk level, proposed mitigation and details necessary to reproduce the test results.
• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and non-technical risk and vulnerability assessments of organizational technology environments.
• Tests for vulnerabilities in web applications, client applications, and standard applications.
• Conducts physical security assessments of servers, systems and network devices.
• Participates in explaining business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Participates in designing complex simulated attacks to reflect impact in the organization's business and its users.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
• Master's degree in Cybersecurity, Computer Science/Information Technology or related discipline is preferred.

Professional Certifications Preferred:

• Relevant certification in technology Security (CISSP, CAP, SSCP, (ISC)2, CCFP, CISM etc.) is preferred. ISO 27001 Lead Implementor, Lead Auditor.

Years of Experience:

• 3-5 years in relevant experience.

Skills:

• Intermediate proficiency in data collection and analysis.
• Intermediate proficiency in reporting skills and recommending actions to be taken.
• Intermediate proficiency in reviewing and editing cybersecurity related plans.
• Intermediate proficiency in identifying gaps and limitations in cyber threat intelligence provision.
• Intermediate proficiency in developing, deploying, and integrating policies that meet organizational system cybersecurity objectives.