Penetration Testing Consultant

Cipher | سايڤر is a cybersecurity solutions provider based in Riyadh, Saudi Arabia. The company's goal is to simplify the perception of complexity surrounding cybersecurity problems and solutions. Cipher's team of Saudi professionals and experts work tirelessly to develop, customize, and manage digital services and cybersecurity solutions to ensure their peace of mind. Our goal is to provide peace of mind to our clients by making digital security simple and efficient.Key Responsibilities:Engage with clients to define the scope and objectives of penetration tests, including systems, applications, and environments to be assessed.Plan, design, and execute manual penetration tests across web applications, mobile applications, APIs, cloud services, and enterprise infrastructure.Perform advanced security assessments such as source code reviews, business logic testing, and red team/adversary simulations.Conduct onsite and remote testing to identify vulnerabilities, misconfigurations, and gaps in defensive controls.Simulate real-world attacks to evaluate the effectiveness of detection, prevention, and response mechanisms.Document and communicate findings in detailed technical reports with clear risk ratings, business impact analysis, and actionable remediation steps.Present results and recommendations to both technical and executive-level stakeholders.Provide strategic security advice to clients on hardening systems, reducing attack surface, and improving detection and response.Continuously update knowledge of emerging threats, vulnerabilities, tools, and penetration testing methodologies (e.g., OWASP, MITRE ATT&CK).Educational Requirements:Bachelor’s degree of Computer Science, Cybersecurity, Information Technology, or a related field.Certifications:Preferred Certifications:OSCP (Offensive Security Certified Professional)eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme)CRTP (Certified Red Team Professional)Additional relevant certifications such as OSWE, OSEP, GXPN, CREST CRT, or equivalent.Required Skills & Competencies:Strong hands-on experience in penetration testing of web, mobile, cloud, and infrastructure environments.Expertise in manual vulnerability discovery and exploitation (excluding exploit development).Experience conducting detailed source code reviews to identify security weaknesses.Familiarity with red team frameworks, adversary simulation techniques, and threat modeling.Proficiency in scripting and automation (e.g., Python, PowerShell, Bash).Strong analytical and problem-solving skills, with the ability to evaluate complex systems.In-depth understanding of technical systems, application architectures, and common attack vectors.Excellent written and verbal communication skills for delivering clear reports and executive presentations.Ability to translate technical findings into meaningful business risk insights.