_{17th April, 2025}

Nationality: Omani
Location: Muscat, Oman
Reports to: IM&T Cyber Threat & Vulnerability
 
Job Purpose:
 

• Assess and evaluate the organization's security posture by simulating real-world cyberattacks.
• Identify vulnerabilities in systems, networks, applications, and infrastructure to uncover weaknesses.
• Simulate adversary tactics and techniques to mimic sophisticated cyberattacks and test defenses.
• Provide actionable insights and recommendations to improve security measures and reduce risks.
• Support security hardening efforts by discovering potential gaps in security controls before malicious actors can exploit them.
• Enhance incident response capabilities through realistic attack simulations.
• Ensure compliance with industry standards and regulations by identifying potential areas of concern.
• Improve organizational defense by offering continuous feedback to strengthen security protocols and practices.

• Conduct Penetration Testing on web applications, networks, systems, and infrastructure.
• Simulate Real-World Cyberattacks through red team exercises.
• Identify and Exploit Vulnerabilities in the organization’s IT systems.
• Create Detailed Reports documenting findings and remediation recommendations.
• Collaborate with Internal Security Teams to address vulnerabilities.
• Assess Risks and Prioritize Vulnerabilities based on their potential impact.
• Test the Effectiveness of Security Controls and defenses.
• Perform Post-Test Validation to ensure vulnerabilities are remediated.
• Conduct Phishing Attacks to simulate real-world social engineering attempts and assess employee awareness.
• Manage and Operate Attack Simulation Technology to execute automated or manual phishing campaigns, vulnerability assessments, and red team exercises.
• Stay Up-to-Date with the Latest Security Threats and attack techniques.
• Ensure Ethical Standards and Legal Compliance in all testing activities.
• Support Compliance Assessments and security certification efforts.
• Develop Custom Attack Scenarios and Security Testing Tools for tailored assessments.
• Provide Feedback for Continuous Improvement of security processes and defenses.

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (preferred).
• Proven experience in penetration testing, red teaming, or ethical hacking, typically 2-5 years.
• Hands-on experience with penetration testing tools and methodologies (e.g., Burp Suite, Metasploit, Nessus, Nmap, Wireshark, etc.).
• Deep understanding of common attack vectors, exploits, and how to simulate real-world attacks.
• Knowledge of network protocols (TCP/IP, HTTP, DNS, etc.), web application security, and system vulnerabilities.
• Experience in scripting or programming languages (e.g., Python, Bash, PowerShell, or similar) for automation and exploit development.
• Familiarity with common operating systems (Linux, Windows, macOS) and their security mechanisms.
• Hands-on experience with cloud platforms (AWS, Azure, Google Cloud) and container security (Docker, Kubernetes) is a plus.
• Experience in vulnerability assessment and risk analysis tools to identify weaknesses and propose mitigation strategies.
• Knowledge of security frameworks (e.g., OWASP, NIST, MITRE ATT&CK) and industry best practices.
• Experience with social engineering techniques (phishing, pretexting) for real-world red team exercises.
• Familiarity with incident response and forensics practices in the context of simulated attacks.
• Strong report writing skills to document findings, create detailed penetration test reports, and communicate risks effectively to both technical and non-technical stakeholders.