5 Penetration Testing jobs in Saudi Arabia

The Penetration Tester is responsible for identifying, exploiting, and documenting security vulnerabilities across the organization’s digital infrastructure. This role plays a critical part in proactively assessing threats and strengthening the overall security posture.

Responsibilities:

• Perform penetration tests on applications, networks, and systems, simulating real-world attacks to identify vulnerabilities.
• Conduct vulnerability assessments using industry-standard tools and techniques.
• Develop detailed reports and remediation recommendations based on testing outcomes.
• Collaborate with development, infrastructure, and operations teams to remediate security issues.
• Keep up to date with the latest vulnerabilities, hacking techniques, and security trends.
• Assist in red team/blue team exercises and adversary emulation scenarios.
• Support internal and external audits and compliance testing where needed.
• Document test procedures and maintain testing scripts and methodologies.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Industry certifications such as OSCP, CEH, GPEN, or equivalent are preferred.
• 5-7 years of relevant experience in penetration testing, vulnerability assessments, and ethical hacking.
• Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, etc.
• Strong understanding of security frameworks and standards (e.g., OWASP, MITRE ATT&CK, NIST).
• Solid scripting skills (Python, Bash, PowerShell) are a plus.

Company Industry: IT - Software Services

Department / Functional Area: Corporate Planning, Consulting, M&A

Keywords: Penetration Testing Consultant

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bona fides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advise against sharing personal or bank-related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region's ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments.

As experts in business security and privacy.

We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Recommends security controls to mitigate risks identified through testing and review.
• Conducts required reviews, including reviews of defensive measures, according to the organization's policies.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and nontechnical risk and vulnerability assessments of organizational technology environments.
• Maintains a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits.
• Tests for vulnerabilities in web applications, client applications and standard applications.
• Conducts physical security assessments of servers, systems, and network devices.
• Reports penetration testing and vulnerability assessment findings including risk level, proposed mitigation, and details necessary to reproduce the test results.
• Explains business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Designs simulated attacks to reflect impact in the organization's business and its users.
• Supports in collaborating with cybersecurity vendors to drive innovation in Penetration Testing services development and manage overall Penetration Testing service lifecycle.
• Supports in leading the implementation of go-to-market and roadmap for Penetration Testing services solutions & tools.
• Supports in developing Penetration Testing Services' lifecycle end-to-end, including Ideation, feasibility analysis, planning, sourcing, business case, toolkits and operating models design, commercialization, launch, performance management, and retirement, in collaboration with other Advisory sections.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualification:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.

Professional Certificate:

• Offensive Security (OSCP, OSWP, OSWE, OSEP, etc)
• GIAC (GXPN, GCPN, GAWN, GPYC, etc)
• Pen tester Academy (Red Team Expert)

Years of Experience:

• 3 – 5 years in relevant experience

Skills:

• Advance proficiency in conducting vulnerability scans and determine vulnerabilities from the results.
• Intermediate proficiency in conducting penetration testing in line with the organization's policies and best practice.
• Advance proficiency in developing insights about an organization's threat environment.
• Advance proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues
• Advance proficiency in mimicking threat behaviors.
• Intermediate proficiency in implementing adversary Tactics, Techniques and Procedures.
• Basic proficiency in service development.
• Basic proficiency in user experience knowledge.
• Basic proficiency in recognizing industry trends & KPIs

We are seeking a highly motivated and skilled Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will be responsible for conducting comprehensive penetration tests on our systems, networks, and applications to identify and mitigate security vulnerabilities. You will play a crucial role in ensuring the security and integrity of our digital assets by simulating real-world cyberattacks and providing actionable recommendations for remediation.

Responsibilities:

• Penetration Testing and Vulnerability Assessment:
• • Conduct internal and external penetration tests on web applications, mobile applications, networks, and infrastructure.
• Perform vulnerability assessments and security audits to identify weaknesses and potential attack vectors.
• Utilize various penetration testing tools and techniques, including manual and automated methods.
• Simulate real-world attack scenarios to assess the effectiveness of existing security controls.
• Perform social engineering assessments, if required.
• Perform wireless network assessments.
• Reporting and Remediation:
• • Document and report identified vulnerabilities with clear and concise descriptions, including severity levels and potential impact.
• Provide detailed recommendations for remediation and mitigation strategies.
• Present findings to technical and non-technical stakeholders.
• Track and verify the implementation of remediation efforts.
• Retest systems after patches are applied.

• Security Research and Development:

• Stay up-to-date with the latest security threats, vulnerabilities, and attack techniques.

• Research and evaluate new penetration testing tools and methodologies.
• Contribute to the development and improvement of internal security testing processes.

• Contribute to the creation of security best practices.

• Compliance and Standards:

• • Ensure all penetration testing activities comply with relevant legal, regulatory, and ethical standards.
• Adhere to industry best practices and security frameworks (e.g., OWASP, NIST).
• Maintain confidentiality of sensitive data.

Qualifications:

• Education: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Experience: 3 years of experience in penetration testing or a related security role.
• Technical Skills:
• • Proficiency in using penetration testing tools (e.g., Metasploit, Nmap, Burp Suite, Wireshark).
• Strong understanding of networking protocols, operating systems (Windows, Linux), and web application architectures.
• Knowledge of common web application vulnerabilities (e.g., OWASP Top 10).
• Experience with scripting languages (e.g., Python, Bash, PowerShell).
• Knowledge of cloud security (AWS, Azure, GCP).
• Knowledge of mobile application security.
• Certifications (Preferred):
• • Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Penetration Tester (GPEN)
• CISSP

• Soft Skills:

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong ethical principles and a commitment to confidentiality

Cipher | سايڤر is a cybersecurity solutions provider based in Riyadh, Saudi Arabia. The company's goal is to simplify the perception of complexity surrounding cybersecurity problems and solutions. Cipher's team of Saudi professionals and experts work tirelessly to develop, customize, and manage digital services and cybersecurity solutions to ensure their peace of mind. Our goal is to provide peace of mind to our clients by making digital security simple and efficient.

Key Responsibilities:

• Engage with clients to define the scope and objectives of penetration tests, including systems, applications, and environments to be assessed.
• Plan, design, and execute manual penetration tests across web applications, mobile applications, APIs, cloud services, and enterprise infrastructure.
• Perform advanced security assessments such as source code reviews, business logic testing, and red team/adversary simulations.
• Conduct onsite and remote testing to identify vulnerabilities, misconfigurations, and gaps in defensive controls.
• Simulate real-world attacks to evaluate the effectiveness of detection, prevention, and response mechanisms.
• Document and communicate findings in detailed technical reports with clear risk ratings, business impact analysis, and actionable remediation steps.
• Present results and recommendations to both technical and executive-level stakeholders.
• Provide strategic security advice to clients on hardening systems, reducing attack surface, and improving detection and response.
• Continuously update knowledge of emerging threats, vulnerabilities, tools, and penetration testing methodologies (e.g., OWASP, MITRE ATT&CK).

Educational Requirements:

Bachelor's degree of Computer Science, Cybersecurity, Information Technology, or a related field.

Certifications:

Preferred Certifications:

• OSCP (Offensive Security Certified Professional)
• eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme)
• CRTP (Certified Red Team Professional)
• Additional relevant certifications such as OSWE, OSEP, GXPN, CREST CRT, or equivalent.

Required Skills & Competencies:

• Strong hands-on experience in penetration testing of web, mobile, cloud, and infrastructure environments.
• Expertise in manual vulnerability discovery and exploitation (excluding exploit development).
• Experience conducting detailed source code reviews to identify security weaknesses.
• Familiarity with red team frameworks, adversary simulation techniques, and threat modeling.
• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash).
• Strong analytical and problem-solving skills, with the ability to evaluate complex systems.
• In-depth understanding of technical systems, application architectures, and common attack vectors.
• Excellent written and verbal communication skills for delivering clear reports and executive presentations.
• Ability to translate technical findings into meaningful business risk insights.