Penetration Tester (Offensive Security Specialist)

We usually respond within a day

Company Description:

Naseej is a leading technology company committed to harnessing the power of digital transformation in learning & knowledge management by enabling our customers to provide rich experiences for their users and adapt to a dynamic technology landscape while reducing their technical burden enabling them to focus on achieving their strategic objectives. And for almost 36 years, Naseej with its branches all over the MENA region had made many contributions to be one of the market leaders in the fields of E-Learning, Edu-Tech & Digital transformation. Naseej website: https://www.naseej.com/

Job Summary:

The Penetration Tester (Offensive Security Specialist) is responsible for planning and executing authorized simulated attacks against networks, applications, and infrastructure to identify security weaknesses before malicious actors can exploit them. This role requires strong hands-on offensive security expertise and the ability to translate technical findings into clear, actionable remediation guidance.

Key Responsibilities:

• Plan, scope, and conduct penetration tests across web applications, networks, APIs, mobile applications, and cloud and on-premise infrastructure.

• Perform vulnerability assessments and validate findings to eliminate false positives.

• Conduct manual exploitation beyond automated scanning to assess real-world risk.

• Execute social engineering and phishing simulations where authorized.

• Document findings in clear, detailed reports including risk ratings, business impact, and prioritized remediation recommendations.

• Present results and debrief both technical teams and non-technical stakeholders.

• Retest remediated vulnerabilities to confirm effective closure.

• Stay current with emerging threats, attack techniques, exploits, and security tools.

• Support red team exercises and collaborate with blue team / SOC where required.

• Ensure all testing is conducted within agreed scope, rules of engagement, and applicable regulations.

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.

• 3–4 years of dedicated, hands-on penetration testing / offensive security experience (experience must be directly and fully related to the role).

• Strong knowledge of common vulnerabilities and frameworks (e.g., OWASP Top 10, MITRE ATT&CK).

• Proficiency with industry tools such as Burp Suite, Metasploit, Nmap, Nessus, Kali Linux, and similar.

• Solid understanding of networking protocols, operating systems (Windows/Linux), and web technologies.

• Scripting ability (e.g., Python, Bash, or PowerShell) for custom tooling and automation.

• Strong report-writing and communication skills in English and Arabic.

• Relevant certifications such as OSCP or CEH, GPEN, eJPT/eCPPT, or equivalent.

Key Competencies:

• Strong analytical and problem-solving mindset.

• Attention to detail and a methodical approach to testing.

• Ability to work independently and manage testing engagements end to end.

• Awareness of Saudi regulatory and compliance frameworks (e.g., NCA controls) is an advantage.

Department Cyber Security Locations Riyadh Employment type Full-time

Contact Atheer Alnasser Regional Talent Acquisition Specialist – Human Resources & Admin Support

About Naseej

Bringing together the latest technological advancement and know-how to support organizations in their digital transformation journey, Naseej offers a comprehensive suite of platforms and services, to empower organizations and enable them to focus on achieving their strategic objectives, fostering innovation, and maximizing productivity in the digital era.

Founded in 1989 Co-workers 500