Senior Offensive Security Consultant

At IBM, we believe cybersecurity is at the core of our clients' digital transformation journeys. Our Penetration Testing team is committed to proactively identifying and mitigating security risks in both on-premises and cloud-based environments. We are looking for a highly skilled Senior Offensive Security Consultant to join our cybersecurity services team. If you are passionate about offensive security, thrive in red teaming scenarios, and have a proven track record in vulnerability research or bug bounties, we’d love to hear from you!

Your Role and Responsibilities:

• Lead and execute advanced security testing and red teaming engagements to simulate real-world adversary tactics.
• Develop, test, and deploy offensive tools and techniques.
• Collaborate with blue teams to identify and strengthen weaknesses across systems and applications.
• Conduct adversary emulation and threat modeling to improve detection and response capabilities.
• Research and stay ahead of emerging threats, vulnerabilities, and attack vectors.
• Deliver comprehensive reports and presentations in both English and Arabic to clients and internal stakeholders.

Required Technical and Professional Expertise:

• Technical Knowledge: Proficient in penetration testing methodologies (OWASP, NIST, PTES), network security protocols, with a deep understanding of web application security and network vulnerabilities.
• Tools Expertise: Familiarity with penetration testing tools such as Burp Suite, Metasploit, Nessus, Nmap, and Wireshark.
• Programming & Scripting Skills: Experience with scripting languages (e.g., Python, Bash, PowerShell, or Ruby) to automate tasks or develop custom exploits.
• Experience in Exploit Development: Ability to identify and exploit vulnerabilities across different platforms and services (Windows, Linux, macOS, Web Applications, Cloud, etc.).
• Risk Management: Ability to prioritize vulnerabilities based on risk to business operations and present findings to technical and non-technical stakeholders.
• Certifications: Industry-recognized certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.
• Communication Skills: Strong written and verbal communication skills to clearly articulate technical issues and findings to diverse audiences, including executives, IT teams, and developers.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field, or equivalent work experience.
• 3+ years of professional experience in penetration testing, ethical hacking, or cybersecurity assessments.
• Hands-on experience with different attack techniques, threat modeling, and vulnerability assessment tools.

Location: Dubai, Dubai, United Arab Emirates
Work Conditions: Hybrid, Full-time