Search by job, company or skills

boubyan digital factory

Senior Security Engineer

5-10 Years
Save
  • Posted 21 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Role Purpose:

The Bank is seeking a senior security engineer to strengthen its offensive security capability while contributing to the security of the software delivery pipeline and cloud/AI tooling adoption. The role is anchored in red teaming and penetration testing, with working-level responsibility for DevSecOps and cloud security, and exposure to AI/LLM security as an emerging area.

Note: this role is not evenly split across four disciplines. Candidates should have demonstrable depth in offensive security, with practical (not theoretical) exposure to the others.

Key Responsibilities

Offensive Security — Primary (40%)

  • Plan and execute red team engagements: adversary simulation, C2 infrastructure (Cobalt Strike, Sliver, or similar), campaigns mapped to MITRE ATT&CK
  • Conduct penetration testing across web applications, APIs, mobile apps, internal/external network, and wireless
  • Design and run social engineering / phishing simulation exercises
  • Run purple team exercises in coordination with the SOC/blue team to validate detection coverage
  • Produce CBK CORF-aligned findings reports and remediation guidance suitable for regulatory review
  • Conduct security assessments, vulnerability assessment and penetration testing on different environments but not restricted to
  • Network assessment and penetration testing
  • Cloud assessment and penetration testing
  • Endpoint assessment and penetration testing
  • Application assessment and penetration testing, focusing on Web, API (SOAP and RESTful)
  • Mobile assessment and penetration testing
  • Align with third party vendors on annual VAPT programs and coordinate with other stakeholders
  • Plan and preform adversary simulation campaigns internally and coordinating with third party vendors

DevSecOps — Secondary (25%)

  • Integrate SAST, DAST, and SCA tooling into CI/CD pipelines
  • Perform Infrastructure-as-Code security review (Terraform, CloudFormation, ARM templates)
  • Conduct secure code review and threat modeling for new applications
  • Support container and Kubernetes security hardening

AI Security — Emerging (35%)

  • Conduct adversarial testing of internally deployed AI/LLM tools (prompt injection, data leakage, model behavior under abuse)
  • Assess security posture of AI development tooling adopted by engineering teams (e.g., AI coding assistants, MCP integrations)
  • Evaluate AI-assisted vulnerability triage/SAST tooling for reliability and false-positive risk

Required Qualifications

  • 5–10 years in information security, with demonstrable depth in at least two of the four areas above — not surface-level familiarity with allfour
  • At least one recognized offensive security certification: OSCP, OSCE/OSCE3, CRTO, or GPEN.
  • Proficiency in scripting/automation: Python, Bash, PowerShell
  • Working knowledge of CI/CD tooling: Tekton CI, Jenkins, or Azure DevOps
  • Familiarity with regulatory/compliance frameworks relevant to banking (CBK CORF, PCI-DSS, or NIST CSF)

Preferred Qualifications

  • Cloud security certification: AWS Security Specialty, Azure Security Engineer Associate, or CKS
  • Prior experience in financial services or another regulated industry
  • Bug bounty track record or competitive CTF experience
  • Exposure to adversarial ML / AI red teaming research

Soft Skills

  • Ability to translate technical risk into business/regulatory language for non-technical stakeholders and examiners
  • Strong written reporting discipline — findings must be audit-ready without heavy rework

More Info

Job Type:
Industry:
Employment Type:

Job ID: 150970119

Similar Jobs

Egypt, Cairo

Skills:

solution architectureFortinetEndpoint Securitycloud securitynetwork securityCehCisco SecurityPalo Altosystem integrationIamRfpCismSOC technologiesCisaMicrosoft SecurityTechnical ProposalsCheck PointCrowdStrikeenterprise security environmentsTechnical PresentationsCisspRfq

Egypt, Cairo

Skills:

GrcIso 27001cloud securityCloud ComputingSOC 2CMMCnist

Remote

Skills:

pythonawsCI/CD