Job Description
The role is responsible for simulating real-world cyberattacks to identify vulnerabilities in the bank's applications, systems, networks, and infrastructure. This role ensures proactive detection of security weaknesses before they can be exploited by adversaries, supports compliance with regulatory and industry requirements, and contributes to strengthening the bank's overall cybersecurity posture.
Responsibilities
- Plan, scope, and conduct penetration tests on applications, networks, APIs, and infrastructure.
- Perform vulnerability assessments and exploit identified weaknesses to demonstrate risk exposure.
- Develop and execute threat scenarios including web, mobile, cloud, and social engineering attacks.
- Conduct red-team and adversary simulation exercises, including advanced persistent threat (APT) tactics.
- Identify, document, and prioritize findings, providing detailed remediation guidance to relevant teams.
- Work closely with developers, system administrators, and security engineers to remediate findings.
- Conduct security testing on new applications, products, and systems prior to go-live.
- Stay current with emerging threats, vulnerabilities, and attack techniques.
- Develop proof-of-concept exploits to demonstrate practical risks of identified vulnerabilities.
- Ensure penetration testing activities comply with applicable regulations (e.g., SAMA CSF, NCA ECC/DCC/CCC, PCI DSS, ISO 27001, NIST).
- Support awareness by sharing threat insights and lessons learned with internal stakeholders.
- Contribute to improving security standards, policies, and secure development practices.
- Perform any other duties assigned to by line manager related to the nature of the work
- Enforce, incorporate, and comply with all necessary controls and related information security policies, procedures, practices, training, reporting, personal due diligence and vigilance, within departmental/unit activities and operations.
Qualifications
Preferred Qualifications
- A tertiary level qualification from a recognized institution
- Industry-recognized certifications in Offensive Security or SANS or other relevant certifications preferred
Years & Nature of Experience
- Recommended to 3 to 5 years of professional experience in penetration testing, ethical hacking, or red teaming.
- Hands-on experience with penetration testing tools and frameworks (e.g., Burp Suite, Metasploit, Cobalt Strike, Nmap, Kali Linux, Wireshark, BloodHound).
- Proven track record in identifying, exploiting, and reporting vulnerabilities across different environments (web, mobile, infrastructure, cloud, APIs).
- Experience conducting penetration tests in regulated financial environments is highly desirable.
- Strong knowledge of network protocols, operating systems (Windows, Linux), web technologies, and cloud platforms
- Understanding of threat modelling, kill chain analysis, and MITRE ATT&CK framework.
- Ability to write and customize scripts/exploits in languages such as Python, PowerShell, Bash, or JavaScript
- Familiarity with secure coding practices and common vulnerabilities (e.g., OWASP Top 10, SANS CWE Top 25).
Technical Competencies
- Code Writing
- Regulatory and compliance requirements (SAMA, NCA, PCI DSS, ISO 27001, NIST).
- Cloud Security
Behavioral Competencies
- Communication
- Problem Solving
- Attention to detail
- Analytical Thinking
About The Team
Embarking on a thrilling journey with the D360 Bank Technology team places you on the frontline of a revolutionary transformation in the financial and banking sector. Embrace the opportunity to immerse yourself in the world of DevOps philosophies, spearheading essential advancements in our applications and services. We wholeheartedly embrace the power of codification, employing cutting-edge Infrastructure and Configuration as code techniques, as well as automation, immutability, CI/CD, and scalability. All these endeavors are driven by our unwavering commitment to the ultimate satisfaction and security of our esteemed customers and users. Within our continuously compliant environment, you will play a vital role in shaping the future of banking technology, paving the way for unprecedented innovation and success.
