Cybersecurity Offense Lead

The Cybersecurity Offense Lead is primarily responsible for developing and directing the organization's offensive security strategy by leading a penetration tester to simulate realistic cyberattacks and proactively identify and exploit security vulnerabilities across systems, networks, and applications. This role involves documenting and communicating these findings and attack pathways to both technical and executive audiences with clear recommendations, and collaborating with defensive security teams to test, validate, and enhance the organization's overall detection and response capabilities against sophisticated, real-world threats.

Location
Riyadh, Riyadh, Saudi Arabia

Key Responsibilities

• Lead the company's offensive security program (red teaming, adversary simulation, penetration testing) aligned with SAMA FEER requirements.
• Plan and execute controlled attack exercises on apps, cloud, APIs, and payment/merchant platforms; validate real-world exploitability.
• Develop TTP-based scenarios (MITRE ATT&CK) and collaborate with Defense/SOC in purple-team engagements to improve detections.
• Own offensive tooling, lab environments, and rules of engagement; ensure safe testing with zero business disruption.
• Deliver clear remediation guidance and track closure of critical findings with Product/Engineering.

Qualifications

• Bachelor’s in Cybersecurity/CS or related field.
• 7–10+ years in red teaming / offensive security, with leadership experience in fintech/financial services preferred.
• Deep skills in web/mobile/API/cloud pentest, adversary emulation, and ATT&CK mapping.
• Familiarity with SAMA FEER and KSA financial-sector testing governance.
• Relevant certs preferred: OSCP/OSCE, CRTO, GPEN, GXPN, or equivalent.