Embedded Offensive Security Engineer📣 إعلان
| نوع العقد | دوام كامل | |
| طبيعة الوظيفة | بالموقع | |
| الموقع | الرياض |
وصف الوظيفة
About Qantra and the Role
Qantra is seeking an Embedded Offensive Security Engineer to join its team in Riyadh, Saudi Arabia. This full-time position focuses on managing and enhancing offensive security platforms within client environments, combining deep technical expertise with practical remediation capabilities.
Role Purpose and Scope
The Embedded Offensive Security Engineer will serve as the primary technical resource responsible for the day-to-day operation, tuning, and ongoing stabilization of attack simulation and External Attack Surface Management (EASM) platforms deployed within client environments. This role requires deep offensive security expertise combined with strong systems administration and hands-on remediation capabilities. The individual will act as a technical bridge between vendor platforms, the client's internal cybersecurity team, and cross-functional stakeholders including IT, infrastructure, DevOps, and application owners.
Key Responsibilities
- Operate, monitor, and triage alerts from EASM and automated penetration testing platforms daily.
- Schedule and execute approved internal attack simulations, including identity/Active Directory attack-path testing, lateral movement, and network segmentation validation.
- Maintain full audit logs of simulation activity, generated artifacts, and system access in line with client governance requirements.
- Conduct retesting and regression validation post-remediation, producing formal closure evidence for findings.
- Coordinate with IT, DevOps, infrastructure, and application owners to drive timely remediation of identified vulnerabilities and misconfigurations.
- Work directly with system and service owners to implement patches, configuration changes, and security hardening measures.
- Troubleshoot and resolve asset discovery, attribution, and coverage gaps impacting platform visibility or assessment accuracy.
- Manage and continuously refine the EASM platform, including onboarding approved asset inventories.
- Monitor and profile externally exposed assets, identifying unknown, orphaned, and shadow IT assets.
- Conduct manual threat modeling and attack-path analysis for critical and high-risk business systems.
- Map executed attack scenarios to recognized adversary frameworks like MITRE ATT&CK, with end-to-end attack-chain documentation.
- Translate technical findings into clear, business-focused risk narratives for senior leadership and executive management.
- Produce and present regular reports on platform status, risk posture, open findings, and remediation progress.
- Develop and maintain fully documented operational runbooks for all platform capabilities.
- Deliver structured knowledge transfer sessions to the client's internal Cyber Security team.
Essential Qualifications and Experience
- Minimum 4-6 years of hands-on offensive security experience, including penetration testing, red team operations, or attack simulation roles.
- Demonstrable experience deploying, operating, and troubleshooting enterprise-grade attack simulation or automated penetration testing platforms (*, Cymulate, Pentera, ********, AttackIQ, or equivalent).
- Strong background in systems administration: Windows Server, Active Directory, Linux, and enterprise networking.
- Hands-on experience with identity and AD attack-path techniques: credential access, privilege escalation, lateral movement, Kerberoasting, Pass-the-Hash, and equivalent.
- Practical knowledge of network segmentation testing, EDR evasion validation, and SIEM detection logic.
- Experience with External Attack Surface Management platforms and asset discovery methodologies.
- Ability to produce clear, executive-level risk reporting from complex technical findings.
- Current CREST certification (CRT, CCT, or equivalent) OR OSCP, GPEN, GXPN, or equivalent offensive security qualification.
- Willingness and ability to work on-site in Riyadh, KSA, five days per week.
Desirable Skills and Background
- Prior experience in a vendor-embedded or client-site secondment model.
- Familiarity with GCC or KSA enterprise environments, regulatory expectations (NCA ECC, SAMA CSF), and data sovereignty requirements.
- Experience with large-scale enterprise environments in sectors such as FMCG, food production, logistics, or critical national infrastructure.
- Knowledge of MITRE ATT&CK, TIBER-EU, or CBEST red team frameworks.
- Experience with integration of security platforms into CMDB, SIEM (*, Splunk, Microsoft Sentinel), EDR (*, CrowdStrike, Microsoft Defender), and ITSM (*, ServiceNow).
Work Location and Commitment
This is a full-time position based on-site in Riyadh, Saudi Arabia, requiring attendance five days per week. The role involves working directly within client environments, collaborating with various internal and external teams to enhance cybersecurity posture.
متطلبات الوظيفة
- تتطلب ٥-١٠ سنوات خبرة
وظائف مشابهة
قد يعجبك أيضاً
- وظائف ذات صلة بـ Embedded Offensive Security Engineer
- وظائف Sales Representative في الخبر
- وظائف مدير مشتريات في الخبر
- وظائف مصمم جرافيك في الخبر
- وظائف محضر قهوة (باريستا) في الخبر
- وظائف أخصائي تسويق في الخبر
- مجالات وظيفية أخرى في الرياض
- وظائف Sales Representative في الرياض
- وظائف مصمم جرافيك في الرياض
- وظائف مدير صالون تجميل في الرياض
- وظائف محاسب زبائن (كاشير) في الرياض
- وظائف ممثل خدمة عملاء (كول سنتر) في الرياض
- وظائف مسؤول عمليات في الرياض
- وظائف محضر قهوة (باريستا) في الرياض
- وظائف مهندس تدفئة وتهوية وتكييف في الرياض
- وظائف محضر طلبيات أكل ومشروبات في الرياض
- وظائف أخصائي تسويق في الرياض
- استكشف الوظائف في أنحاء المملكة
- وظائف مهندس شبكات في الخبر
- وظائف موظف استقبال مرضى في الرياض
- وظائف Sales Accountant في الرياض
- وظائف اخصائي تربية خاصة في الطائف
- وظائف أخصائي تسويق في الدمام
- وظائف بائع في الخبر
- وظائف مدير مختبر تصنيع في المدينة المنورة
- وظائف أخصائي تقنية إشعاعية في شرورة
- وظائف Industrial Designer في جدة
- وظائف Pharmacist في جدة
