Penetration Tester and Forensic analyst

Penetration Tester & Digital Forensics Specialist

📍 Qatar | 🏢 Command Post | 💼 Full-Time

Command Post is scaling its advanced cyber capabilities.

We are seeking a highly experienced Penetration Tester and Digital Forensics Specialist to lead end-to-end offensive security programmes and conduct deep forensic investigations across enterprise and government environments.

This is a hands-on technical leadership role — not just executing tests, but owning full lifecycle engagements and leading real-world cyber investigations.

The Role

You will operate across two critical domains:

1. Offensive Security (Pentesting)
2. Digital Forensics & Incident Response (DFIR)

You will lead engagements from scoping through execution to executive reporting , simulating real-world adversaries and investigating incidents with forensic precision.

Key Responsibilities

Penetration Testing & Red Teaming Support

• Plan and execute end-to-end pentest programmes (web, API, infrastructure, cloud)
• Conduct advanced exploitation and post-exploitation activities
• Perform red team simulations aligned to real-world threat actors
• Lead client engagements including scoping, methodology, and reporting
• Deliver clear, executive-level reports with remediation guidance

Digital Forensics & Incident Response

• Perform in-depth forensic investigations across endpoints, servers, and networks
• Lead incident response activities (containment, eradication, recovery)
• Conduct malware analysis and threat attribution (where possible)
• Preserve and analyse evidence in line with forensic best practices
• Produce detailed forensic reports suitable for legal and regulatory use

• Mandatory Requirements (Non-Negotiable)
• Proven experience delivering full lifecycle penetration testing programmes
• Strong expertise in digital forensics and incident response (DFIR)
• Hands-on experience with advanced exploitation techniques
• Ability to conduct deep forensic analysis (disk, memory, logs, network traffic)
• Strong reporting skills — both technical and executive level
• Experience operating in enterprise or regulated environments

• Technical Expertise
• Offensive tools: Burp Suite, Metasploit, Nmap, OWASP ZAP, Kali Linux toolset
• Forensics tools: EnCase, FTK, Autopsy, Volatility, Wireshark
• Strong knowledge of:
• Web & API security (OWASP Top 10)
• Active Directory attacks
• Cloud security (Azure / AWS)
• Network and endpoint compromise techniques

• Highly Desirable
• Certifications such as: OSCP, OSEP, CREST, GCFA, GCFE, GNFA
• Experience in red teaming / adversary simulation
• Exposure to SOC environments or threat hunting
• Experience in Qatar / GCC or regulated sectors (banking, government, aviation)