Embedded Offensive Security Engineer

Embedded Offensive Security Engineer

Attack Simulation & External Attack Surface Management

Client Site

Client Company HQ, Riyadh, Kingdom of Saudi Arabia

Engagement Model

Vendor-Employed, Client-Embedded (Microminder CS)

Reporting Line

Head of Cyber Security, Client

Working Pattern

Full-time, 5 days per week on-site at Client HQ, Riyadh

Contract Type

Fixed-term / Project-based (renewable)

Accreditation Required

CREST, OSCP, or equivalent offensive security certification

Clearance / Compliance

Must pass Client background vetting; data residency: KSA or GCC

Languages

English (required); Arabic (desirable)

Microminder Cyber Security (MCS) is a CREST-certified, ISO/IEC 27001-accredited cybersecurity firm operating across the UAE, Saudi Arabia, and the UK. MCS has been engaged by Client Company, one of the world's largest vertically integrated food and beverage businesses, to deliver an enterprise-grade Internal Attack Simulation and External Attack Surface Management (EASM) programme.

As part of this engagement, MCS is required to provide a dedicated, highly skilled offensive security professional who will be fully embedded within the Client Cyber Security function at the company's Riyadh headquarters. This is not a remote or hybrid role: the successful candidate will work on-site, five days per week, directly supporting the Client Head of Cyber Security and the internal offensive security team.

The Embedded Offensive Security Engineer will serve as the primary technical resource responsible for the day-to-day operation, tuning, and ongoing stabilisation of the attack simulation and EASM platforms deployed within the Client environment. The role combines deep offensive security expertise with strong systems administration and hands-on remediation capability.

This individual will act as the technical bridge between the vendor platform, the Client internal cyber security team, and cross-functional stakeholders including IT, infrastructure, DevOps, and application owners.

•    Operate, monitor, and triage all alerts generated by the EASM and automated penetration testing platforms on a daily basis.

•    Schedule and execute approved internal attack simulations, including identity/Active Directory attack-path testing, lateral movement scenarios, and network segmentation validation.

•    Maintain full audit logs of all simulation activity, generated artefacts, and system access in line with Client governance requirements.

•    Conduct retesting and regression validation following remediation, producing formal closure evidence for each finding.

•    Coordinate with IT, DevOps, infrastructure, and application owners to drive timely remediation of identified vulnerabilities and misconfigurations.

•    Work directly with system and service owners to implement patches, configuration changes, and security hardening measures.

•    Troubleshoot and resolve asset discovery, attribution, and coverage gaps impacting platform visibility or assessment accuracy.

•    Support platform configuration, integrations (EDR, SIEM, CMDB, ITSM), and tuning activities until stable operations are achieved.

•    Manage and continuously refine the EASM platform, including onboarding of approved asset inventories (domains, IP ranges, subsidiary entities, brand identifiers).

•    Monitor and profile externally exposed assets, including open ports, exposed services, expiring certificates, and DNS weaknesses.

•    Identify unknown, orphaned, and shadow IT assets on the external attack surface and drive their inclusion in remediation workflows.

•    Correlate EASM findings with enterprise platforms for integrated remediation tracking.

•    Conduct manual threat modelling and attack-path analysis for critical and high-risk business systems, supporting informed risk-based decision-making.

•    Map executed attack scenarios to recognised adversary frameworks, including MITRE ATT&CK, with end-to-end attack-chain documentation.

•    Validate defensive control effectiveness across WAF, EDR, SIEM, and identity controls with timestamped evidence outputs.

•    Translate technical findings into clear, business-focused risk narratives suitable for senior leadership and executive management at Client.

•    Produce and present regular reports on platform status, risk posture, open findings, and remediation progress to the Head of Cyber Security.

•    Contribute to audit readiness documentation, evidence packs, and internal governance reporting.

•    Develop and maintain fully documented operational runbooks for all platform capabilities.

•    Deliver structured knowledge transfer sessions to Client's internal Cyber Security team.

•    Support the formal handover process to enable the Client team to achieve independent, steady-state operations.

•    Minimum 4-6 years of hands-on offensive security experience, including penetration testing, red team operations, or attack simulation roles.

•    Demonstrable experience deploying, operating, and troubleshooting enterprise-grade attack simulation or automated penetration testing platforms (e.g., Cymulate, Pentera, Horizon3.ai, AttackIQ, or equivalent).

•    Strong background in systems administration: Windows Server, Active Directory, Linux, and enterprise networking.

•    Hands-on experience with identity and AD attack-path techniques: credential access, privilege escalation, lateral movement, Kerberoasting, Pass-the-Hash, and equivalent.

•    Practical knowledge of network segmentation testing, EDR evasion validation, and SIEM detection logic.

•    Experience with External Attack Surface Management platforms and asset discovery methodologies.

•    Ability to produce clear, executive-level risk reporting from complex technical findings.

•    Current CREST certification (CRT, CCT, or equivalent) OR OSCP, GPEN, GXPN, or equivalent offensive security qualification.

•    Willingness and ability to work on-site in Riyadh, KSA, five days per week.

•    Prior experience in a vendor-embedded or client-site secondment model.

•    Familiarity with GCC or KSA enterprise environments, regulatory expectations (NCA ECC, SAMA CSF), and data sovereignty requirements.

•    Experience with large-scale enterprise environments in sectors such as FMCG, food production, logistics, or critical national infrastructure.

•    Knowledge of MITRE ATT&CK, TIBER-EU, or CBEST red team frameworks.

•    Arabic language skills (professional working proficiency or above).

•    Experience with integration of security platforms into CMDB, SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, Microsoft Defender), and ITSM (e.g., ServiceNow).

The successful candidate will combine deep technical capability with the professional maturity to operate within a complex enterprise client environment. The following competencies are essential:

•    Operates with high integrity, full discretion, and a commitment to non-destructive, governed testing at all times.

•    Communicates effectively at all levels: from technical engineers to C-suite executives and board risk owners.

•    Works independently and takes ownership of outcomes without requiring day-to-day management oversight.

•    Demonstrates commercial awareness: understands the business impact of risk findings and frames remediation in terms of business risk, not just technical severity.

•    Collaborative and credible with client-side teams: able to influence without authority across IT, infrastructure, and security functions.

•    Highly organised: manages multiple concurrent workstreams, maintains documentation standards, and meets reporting deadlines.

This role is offered as a fixed-term, project-based engagement through Microminder Cyber Security. The successful candidate will be employed by MCS and seconded to the Client site in Riyadh for the duration of the programme.

•    Compensation: Competitive, commensurate with experience and GCC market benchmarks. Full details provided at offer stage.

•    Benefits: As per MCS standard employment terms for KSA-based roles.

•    Location: Client Company HQ, Riyadh, KSA. Candidates must be willing to relocate or currently be based in KSA.

•    Visa and Sponsorship: MCS will facilitate KSA work authorisation where applicable. Candidates with existing KSA iqama or NOC are welcome.

This is a confidential recruitment process managed by Microminder Cyber Security. Interested candidates should submit the following:

•    An up-to-date CV detailing relevant technical experience, platform exposure, and certifications held.

•    A brief covering note (no more than one page) outlining their suitability for the embedded role, including any experience operating within enterprise client environments.