Vulnerability Assessment and Penetration Testing (VAPT) Specialist

We are seeking a hands-on and detail-oriented Vulnerability Assessment and Penetration Testing (VAPT) Specialist to lead our offensive security efforts through penetration testing and vulnerability assessments across web applications, networks, and mobile apps.

The primary responsibility of this role is to identify and validate security weaknesses through structured offensive testing, manage and interpret vulnerability scan data (e.g., Qualys), and coordinate remediation with internal teams. The role will also support our broader threat management function by staying aware of emerging threats and vulnerabilities that may impact our systems.

This is a great opportunity to join a fast-paced, security-focused FinTech organization operating under regulatory frameworks such as SAMA CSF and PDPL.

Requirements

Penetration Testing

• Plan, execute, and document penetration tests on web applications, APIs, mobile apps, and networks.

• Perform manual and automated testing to uncover real-world security weaknesses (OWASP Top 10, Mobile Top 10, etc.).

• Deliver detailed reports with impact analysis, reproduction steps, and mitigation recommendations.

Vulnerability Management

• Conduct vulnerability scans using Qualys (or similar tools) on a scheduled and ad-hoc basis.

• Analyze and prioritize findings based on risk, business impact, and exploitability.

• Collaborate with IT, DevOps, and Engineering teams to ensure timely and effective remediation.

• Maintain metrics and dashboards to track remediation progress and vulnerability trends.

Threat Monitoring & Risk Awareness

• Stay up to date with zero-day vulnerabilities, CVEs, and emerging threats.

• Assess organizational exposure to global threat intelligence and advise relevant teams when needed.

• Work alongside the SOC team or MSSP to support incident investigation or escalation when testing reveals high-risk scenarios.

Collaboration & Governance

• Coordinate with internal teams to ensure timely patching and resolution of vulnerabilities.

• Provide advisory support during new infrastructure deployments or application launches.

• Contribute to compliance initiatives aligned with SAMA CSF, PDPL, and NCA frameworks.

Qualifications and Skills:

Required Education & Experience:

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field.

• Minimum 7 years of hands-on experience in penetration testing and vulnerability management.

• Demonstrated experience with tools such as (but not limited to): Burp Suite, Qualys, Nessus, Nmap, MobSF, Frida, Metasploit, Wireshark, etc.

Skills & Knowledge:

• Deep understanding of OWASP Top 10, and secure coding flaws.

• Strong grasp of network architecture, web protocols, mobile platforms, and cloud environments.

• Familiarity with SAMA CSF, PDPL, or similar regulatory/compliance frameworks is a must.

• Understanding of threat modeling and attacker TTPs (MITRE ATT&CK) is a plus.

Education and Certifications:

• Practical certifications such as (OSCP / OSWE / CRTO / OSCE … etc.)

• Bonus: Any cloud security or mobile testing certifications

Personal Attributes:

• Excellent verbal and written communication skills in English and Arabic.

• Ability to convey technical findings to non-technical stakeholders.

• Strong analytical mindset and attention to detail.

• Proactive, collaborative, and passionate about continuous learning and security excellence.