Job Description

We are seeking a skilled

VAPT Engineer

responsible for identifying, analyzing, and mitigating security vulnerabilities across systems, networks, applications, and cloud environments. The ideal candidate will perform security assessments, penetration testing, prepare detailed reports, and support remediation to strengthen the organization's security posture.

Key Responsibilities

Conduct Vulnerability Assessments on networks, servers, endpoints, cloud platforms, and applications. Perform Penetration Testing (web, mobile, APIs, network, cloud, social engineering where required). Identify, exploit, and validate security weaknesses using industry-standard tools and manual testing techniques. Prepare detailed VAPT reports with risks, findings, and recommended remediation steps. Work with IT, DevOps, and development teams to support patching and mitigation. Monitor and analyze security alerts, threats, and emerging vulnerabilities. Perform configuration reviews, including firewalls, servers, cloud resources, and network devices. Ensure compliance with frameworks such as ISO 27001, NIST, CIS Benchmarks, and internal security policies. Conduct red team/blue team exercises when required. Review and test incident response and disaster recovery controls. Maintain documentation of assessments, findings, and mitigations. Stay updated on latest exploits, threat trends, and penetration testing methodologies.

Required Skills & Qualifications

2-4 years of hands-on experience in Vulnerability Assessment & Penetration Testing. Strong understanding of OWASP Top 10, CVE, CVSS, MITRE ATT&CK, and common security vulnerabilities. Experience with tools such as:
Burp Suite, Nessus, Nmap, Metasploit, Wireshark, Kali Linux, OpenVAS, Qualys, etc.

Knowledge of network security, firewalls, cloud security (AWS/Azure), and Linux/Windows environments. Ability to prepare clear and actionable VAPT reports. Certifications preferred but not mandatory:
CEH, OSCP, eJPT, eCPPT, LPT, Security+.

Strong communication and documentation skills.
Job Type: Full-time

Application Question(s):

Can you join Immediately? if not, what will be your notice time period then? What is your expected monthly package in SAR? What is your current monthly package SAR? What is your Iqama status? What is the difference between a vulnerability assessment and penetration testing? Have you done vulnerability assessment and penetration testing? if yes then how many years?
Language:

Arabic (Preferred) English (Required)
Location:

Jeddah (Required)
Willingness to travel:

* 100% (Required)