The Embedded Offensive Security Engineer will serve as the primary technical resource responsible for the day-to-day operation, tuning, and ongoing stabilisation of the attack simulation and EASM platforms deployed within the Client environment. The role combines deep offensive security expertise with strong systems administration and hands-on remediation capability.
This individual will act as the technical bridge between the vendor platform, the Client internal cyber security team, and cross-functional stakeholders including IT, infrastructure, DevOps, and application owners.
3. Key Responsibilities
3.1 Platform Operations and Alert Management
-
Operate, monitor, and triage all alerts generated by the EASM and automated penetration testing platforms on a daily basis.
-
Schedule and execute approved internal attack simulations, including identity/Active Directory attack-path testing, lateral movement scenarios, and network segmentation validation.
-
Maintain full audit logs of all simulation activity, generated artefacts, and system access in line with Client governance requirements.
-
Conduct retesting and regression validation following remediation, producing formal closure evidence for each finding.
3.2 Remediation Leadership and Hands-On Hardening
-
Coordinate with IT, DevOps, infrastructure, and application owners to drive timely remediation of identified vulnerabilities and misconfigurations.
-
Work directly with system and service owners to implement patches, configuration changes, and security hardening measures.
-
Troubleshoot and resolve asset discovery, attribution, and coverage gaps impacting platform visibility or assessment accuracy.
-
Support platform configuration, integrations (EDR, SIEM, CMDB, ITSM), and tuning activities until stable operations are achieved.
3.3 External Attack Surface Management
-
Manage and continuously refine the EASM platform, including onboarding of approved asset inventories (domains, IP ranges, subsidiary entities, brand identifiers).
-
Monitor and profile externally exposed assets, including open ports, exposed services, expiring certificates, and DNS weaknesses.
-
Identify unknown, orphaned, and shadow IT assets on the external attack surface and drive their inclusion in remediation workflows.
-
Correlate EASM findings with enterprise platforms for integrated remediation tracking.
3.4 Threat Modelling and Attack-Path Analysis
-
Conduct manual threat modelling and attack-path analysis for critical and high-risk business systems, supporting informed risk-based decision-making.
-
Map executed attack scenarios to recognised adversary frameworks, including MITRE ATT&CK, with end-to-end attack-chain documentation.
-
Validate defensive control effectiveness across WAF, EDR, SIEM, and identity controls with timestamped evidence outputs.
3.5 Executive and Management Reporting
-
Translate technical findings into clear, business-focused risk narratives suitable for senior leadership and executive management at Client.
-
Produce and present regular reports on platform status, risk posture, open findings, and remediation progress to the Head of Cyber Security.
-
Contribute to audit readiness documentation, evidence packs, and internal governance reporting.
3.6 Knowledge Transfer and Runbook Development
-
Develop and maintain fully documented operational runbooks for all platform capabilities.
-
Deliver structured knowledge transfer sessions to Client's internal Cyber Security team.
-
Support the formal handover process to enable the Client team to achieve independent, steady-state operations.
4. Required Qualifications and Experience
4.1 Essential
-
Minimum 4-6 years of hands-on offensive security experience, including penetration testing, red team operations, or attack simulation roles.
-
Demonstrable experience deploying, operating, and troubleshooting enterprise-grade attack simulation or automated
penetration testing platforms (e.g., Cymulate, Pentera, Horizon3.ai, AttackIQ, or equivalent).
-
Strong background in systems administration: Windows Server, Active Directory, Linux, and enterprise networking.
-
Hands-on experience with identity and AD attack-path techniques:
credential access, privilege escalation, lateral movement, Kerberoasting, Pass-the-Hash
, and equivalent.
-
Practical knowledge of n
etwork segmentation testing, EDR evasion validation, and SIEM detection logic
.
-
Experience with
External Attack Surface Management
platforms and asset discovery methodologies.
-
Ability to produce clear, executive-level risk reporting from complex technical findings.
-
Current CREST certification (CRT, CCT, or equivalent) OR OSCP, GPEN, GXPN, or equivalent offensive security qualification.
-
Willingness and ability to work on-site in Riyadh, KSA, five days per week.
4.2 Highly Desirable
-
Prior experience in a vendor-embedded or client-site secondment model.
-
Familiarity with GCC or KSA enterprise environments, regulatory expectations (NCA ECC, SAMA CSF), and data sovereignty requirements.
-
Experience with large-scale enterprise environments in sectors such as FMCG, food production, logistics, or critical national infrastructure.
-
Knowledge of MITRE ATT&CK, TIBER-EU, or CBEST red team frameworks.
-
Arabic language skills (professional working proficiency or above).
-
Experience with integration of security platforms into CMDB, SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and ITSM (e.g., ServiceNow).