Senior Penetration Tester(Arabic Speaker)

• Perform penetration testing and vulnerability research on complex proprietary software, hardware, and client service environments.
• Identify and assess vulnerabilities in systems and applications using manual and automated testing methods, including the discovery and exploitation of code flaws,

misconfigurations, and insecure components.

• Build, maintain, and support Red Team testing infrastructure and simulation capabilities.
• Build, maintain, and operate Red Team infrastructure to support advanced testing and simulation activities.
• Support the enhancement of vulnerability assessment practices, penetration testing procedures, secure development practices, and automation initiatives.
• Contribute to uplifting the security posture of government digital services through advanced testing techniques, knowledge transfer, and continuous improvement

initiatives.

• Monitor and keep cybersecurity knowledge current by tracking the latest security threats, vulnerabilities, and attack trends.
• Prepare and deliver clear, comprehensive penetration testing and vulnerability assessment reports, including findings, risk impact, technical evidence, and remediation

recommendations.

• Provide technical advisory support to teams to assist in remediation and risk-mitigation activities.
• Develop and deliver internal training materials and knowledge-transfer sessions to upskill cybersecurity staff.

The Consultant shall provide, at minimum, the following deliverables:

• Penetration testing and vulnerability assessment reports
• Red Team testing outputs and technical artefacts (where applicable)
• Remediation and risk-mitigation recommendation reports
• Internal training and knowledge-transfer materials
• Periodic progress and activity status reports, as required
  

Technical Specification

Use internationally recognized cybersecurity and testing frameworks such as:

ISO 27001, ISO 22301, NIST SP-800-53, NIST SP-800-115, MITRE ATT&CK, OWASP Testing Framework, PTES, OSSTMM.

• Apply structured and repeatable methodologies for:

o Penetration testing

o Vulnerability assessment and validation

o Security hardening and configuration review

• Use evidence-based assessment and reporting approaches supported by logs, screenshots, samples, or technical proof-of-concepts.