img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About Qantra and the Role

Qantra is seeking an Embedded Offensive Security Engineer to join its team in Riyadh, Saudi Arabia. This full-time position focuses on managing and enhancing offensive security platforms within client environments, combining deep technical expertise with practical remediation capabilities.

Role Purpose and Scope

The Embedded Offensive Security Engineer will serve as the primary technical resource responsible for the day-to-day operation, tuning, and ongoing stabilization of attack simulation and External Attack Surface Management (EASM) platforms deployed within client environments. This role requires deep offensive security expertise combined with strong systems administration and hands-on remediation capabilities. The individual will act as a technical bridge between vendor platforms, the client's internal cybersecurity team, and cross-functional stakeholders including IT, infrastructure, DevOps, and application owners.

Key Responsibilities

  • Operate, monitor, and triage alerts from EASM and automated penetration testing platforms daily.
  • Schedule and execute approved internal attack simulations, including identity/Active Directory attack-path testing, lateral movement, and network segmentation validation.
  • Maintain full audit logs of simulation activity, generated artifacts, and system access in line with client governance requirements.
  • Conduct retesting and regression validation post-remediation, producing formal closure evidence for findings.
  • Coordinate with IT, DevOps, infrastructure, and application owners to drive timely remediation of identified vulnerabilities and misconfigurations.
  • Work directly with system and service owners to implement patches, configuration changes, and security hardening measures.
  • Troubleshoot and resolve asset discovery, attribution, and coverage gaps impacting platform visibility or assessment accuracy.
  • Manage and continuously refine the EASM platform, including onboarding approved asset inventories.
  • Monitor and profile externally exposed assets, identifying unknown, orphaned, and shadow IT assets.
  • Conduct manual threat modeling and attack-path analysis for critical and high-risk business systems.
  • Map executed attack scenarios to recognized adversary frameworks like MITRE ATT&CK, with end-to-end attack-chain documentation.
  • Translate technical findings into clear, business-focused risk narratives for senior leadership and executive management.
  • Produce and present regular reports on platform status, risk posture, open findings, and remediation progress.
  • Develop and maintain fully documented operational runbooks for all platform capabilities.
  • Deliver structured knowledge transfer sessions to the client's internal Cyber Security team.

Essential Qualifications and Experience

  • Minimum 4-6 years of hands-on offensive security experience, including penetration testing, red team operations, or attack simulation roles.
  • Demonstrable experience deploying, operating, and troubleshooting enterprise-grade attack simulation or automated penetration testing platforms (*, Cymulate, Pentera, ********, AttackIQ, or equivalent).
  • Strong background in systems administration: Windows Server, Active Directory, Linux, and enterprise networking.
  • Hands-on experience with identity and AD attack-path techniques: credential access, privilege escalation, lateral movement, Kerberoasting, Pass-the-Hash, and equivalent.
  • Practical knowledge of network segmentation testing, EDR evasion validation, and SIEM detection logic.
  • Experience with External Attack Surface Management platforms and asset discovery methodologies.
  • Ability to produce clear, executive-level risk reporting from complex technical findings.
  • Current CREST certification (CRT, CCT, or equivalent) OR OSCP, GPEN, GXPN, or equivalent offensive security qualification.
  • Willingness and ability to work on-site in Riyadh, KSA, five days per week.

Desirable Skills and Background

  • Prior experience in a vendor-embedded or client-site secondment model.
  • Familiarity with GCC or KSA enterprise environments, regulatory expectations (NCA ECC, SAMA CSF), and data sovereignty requirements.
  • Experience with large-scale enterprise environments in sectors such as FMCG, food production, logistics, or critical national infrastructure.
  • Knowledge of MITRE ATT&CK, TIBER-EU, or CBEST red team frameworks.
  • Experience with integration of security platforms into CMDB, SIEM (*, Splunk, Microsoft Sentinel), EDR (*, CrowdStrike, Microsoft Defender), and ITSM (*, ServiceNow).

Work Location and Commitment

This is a full-time position based on-site in Riyadh, Saudi Arabia, requiring attendance five days per week. The role involves working directly within client environments, collaborating with various internal and external teams to enhance cybersecurity posture.


Requirements

  • Requires 5-10 Years experience

Similar Jobs