VAPT Technical Lead

Performing regular vulnerability scans for all EGA IT Assets and prioritizing vulnerabilities based on risk.

Coordinating and supporting with IT Infrastructure teams for patch management and Web Application Development Teams for the code level remediations. Tracking and reporting on vulnerability posture.

Managing remediation activities from (EGA VAPT Program, Digital Forensics Operations, Security Performance Management Platforms, Trust.ae)

Collect, process, and analyze diverse threat intelligence to understand adversary tactics, techniques, and procedures (TTPs).

Formulate data-driven theories about potential hidden threats within the organization's environment.

Actively search through vast volumes of security logs and network data to uncover subtle malicious activities.

Develop specialized scripts and advanced queries to facilitate complex threat detection and analysis.

Generate clear vulnerability, intelligence reports and elevate confirmed threats to incident response teams with supporting forensic insights.

Provide critical feedback to improve existing security tools, detection rules, and overall defensive strategies.

Work closely with other security teams and leadership to communicate threat landscapes and enhance collective awareness.

Conduct Onsite Penetration Testing for EGA and its departments on site, on web applications, on Mobile Applications and APSs every Quarter in a year.

Manage VAPT engagements across networks, applications, cloud, and endpoints using industry-standard tools (e.g., Qualys, Burp Suite, Nessus, Metasploit, Nmap) and perform manual and automate Source Code Review of internally developed web applications. Manage end to end activity with the Web application Development team for the SSDLC (Secure Software Development Life Cycle)

Simulate real-world attack scenarios, developing threat models, and evaluating system resilience against advanced persistent threats (APTs).

Competent in producing clear, executive-level reports and technical documentation, articulating vulnerabilities, risks, and remediation strategies to both technical and non-technical stakeholders.

Stakeholder management and Team work: Managing the departmental collaboration within EGA IT and the Government Department IT Departments and the Government Departments themselves to promote security best practices and ensure vulnerabilities are understood and remediated effectively.

Incident Response: Collaborating with incident response teas suring security events and forensic investigations to, again, and ensure vulnerabilities are understood and remediated effectively.

Automation and AI : Using Vulnerability Scanning automation and AI tools AI to spot patterns and vulneraibilities that saves the information security team from unnecessary efforts.

Bachelor’s degree in cyber security or information security engineering, Electronic and Telecommunication Engineering, IT Engineering, Computer Engineering, or any relevant discipline

Bachelor’s degree in cyber security or information security engineering, Electronic and Telecommunication Engineering, IT Engineering, Computer Engineering

Minimum 7 years of Experience on the VAPT Domain

Preferred : Preferred 10 years of Experience on the VAPT Domain

OSCP, CEH and MS-AZ are prior to be acceptable but other certifications are acceptable as well.

Minimum 3 VAPT subject matter certification is required.

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH)
• GIAC Penetration Tester (GPEN)
• CompTIA PenTest+
• Microsoft Certified Azure Security Engineer Associate

English Language (spoken and written) – Essential, Arabic Language (spoken and written)