Cybersecurity Engineer / Analyst (VAPT | DFIR | Red Team | Posture Assessment)

Overview
The Cybersecurity Engineer will be responsible for identifying, analyzing, and mitigating security vulnerabilities across systems, applications, and networks. This role includes conducting Vulnerability Assessments, Penetration Testing (VAPT), Digital Forensics & Incident Response (DFIR), Red Team exercises, and Security Posture Assessments. The ideal candidate will have a deep understanding of frameworks such as MITRE ATT&CK and OWASP, and will work to strengthen the organization’s security defenses against evolving threats.

Key Responsibilities

Vulnerability Assessment & Penetration Testing (VAPT)

• Conduct web, network, mobile, and API penetration tests using tools and manual testing methods.
• Identify and exploit vulnerabilities, simulate attacks, and provide detailed remediation reports.
• Perform security configuration reviews for systems, firewalls, and cloud infrastructure.
• Develop automated scanning scripts and processes for continuous assessment.

Red Teaming & Threat Simulation

• Execute Red Team / Adversary Simulation exercises to evaluate real-world attack scenarios.
• Map attack chains and techniques using the MITRE ATT&CK framework.
• Collaborate with Blue Teams to test detection, response, and containment capabilities.
• Document findings and improve overall organizational cyber resilience.

Digital Forensics & Incident Response (DFIR)

• Investigate and respond to security incidents, breaches, and malware attacks.
• Collect, preserve, and analyze digital evidence in line with forensic best practices.
• Prepare detailed incident reports with timelines, root cause analysis, and corrective actions.
• Support SOC and threat-hunting teams in real-time investigations.

Security Posture & Risk Assessment

• Conduct security posture reviews for IT assets, networks, and cloud environments.
• Evaluate security controls and recommend strategies to reduce attack surface.
• Perform gap analysis against industry standards (ISO 27001, NIST, CIS).
• Support compliance and audit readiness initiatives.

Security Research & Development

• Stay current with emerging threats, exploits, and vulnerability disclosures.
• Develop custom tools or scripts for exploit testing or automation.
• Participate in bug bounty programs, CTFs, or security community contributions.

Technical Skills & Tools

VAPT Tools: Burp Suite, Metasploit, Nessus, Nmap, OWASP ZAP, Nikto, SQLMap
Forensics Tools: Autopsy, FTK, EnCase, Volatility, Wireshark
Red Team Tools: Cobalt Strike, Empire, BloodHound, Mimikatz, Metasploit
Frameworks & Methodologies: MITRE ATT&CK, OWASP Top 10, NIST 800-53, CIS Controls
Scripting: Python, Bash, PowerShell
Cloud Security: Azure, AWS, GCP (optional but preferred)
Other: SIEM (Splunk, ELK, QRadar), EDR tools, Threat Intel platforms

Qualifications & Experience

• Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related field.
• 3–6 years of hands-on experience in penetration testing, incident response, or red teaming.
• Strong knowledge of network protocols, system internals, and web technologies.
• Familiarity with MITRE ATT&CK, OWASP, and Kill Chain models.

Job Type: Full-time

Ability to commute/relocate:

• Muscat: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• what is your monthly current salary?
• what is your monthly expected salary?
• what is your notice period?

Education:

• Bachelor's (Preferred)

Experience:

• Cybersecurity Engineer / Analyst (VAPT | DFIR | Red Team: 4 years (Required)