وظيفة مستشار أول VAPT (أمن الويب والجوال) لدى Jobstronaut بالرياض

The client is looking to hire a Senior VAPT Consultant (Web & Mobile Security) – Banking for their team at Riyadh.

Location: Riyadh, Saudi Arabia (On-site – Banking Client Environment

Experience Required:

8 Years in VAPT with strong exposure to Banking / Financial Services

Job Summary:

We are hiring an experienced Senior VAPT Consultant to support a leading bank in Saudi Arabia. The role focuses on conducting advanced vulnerability assessments and penetration testing across web applications, mobile applications, and APIs, ensuring compliance with Saudi Central Bank (SAMA) cybersecurity frameworks and international standards.

The consultant will work closely with security teams, developers, and auditors to strengthen the bank’s security posture and ensure regulatory compliance.

Key Responsibilities:

* Perform comprehensive VAPT engagements for:

* Web Applications (internet banking, internal portals)

* Mobile Applications (Android & iOS banking apps)

* APIs (Open Banking, payment integrations)

* Conduct manual penetration testing along with automated scans.

* Identify vulnerabilities aligned with:

* OWASP Top 10 (Web & Mobile)

* SANS Top 25

* Business logic and zero-day scenarios

* Execute API security testing (OAuth2, JWT, Open Banking frameworks).

* Perform threat simulation and adversary-based testing where required.

* Assess:

* Authentication & Authorization controls

* Session management

* Data encryption & secure storage

* Prepare detailed VAPT reports including:

* Risk severity (CVSS-based)

* Proof of Concept (PoC)

* Remediation recommendations

* Conduct retesting/validation after fixes.

* Collaborate with stakeholders to ensure secure SDLC practices.

* Support internal and external audits related to cybersecurity.

Technical Skills Required:

Core Expertise:

* Advanced Web Application Security Testing

* Strong Mobile Application Security (Android & iOS)

* Deep understanding of API Security & Microservices architecture

Tools & Technologies:

* Burp Suite Professional, OWASP ZAP

* MobSF, Frida, Objection, Drozer, APKTool, JADX

* Metasploit, Nmap, SQLMap, Nikto

* Wireshark, Postman

* SAST/DAST tools (Checkmarx, Fortify, Veracode)

Technical Knowledge:

* Strong knowledge of HTTP/HTTPS, REST/SOAP APIs

* Authentication protocols (OAuth2, SAML, JWT, OpenID Connect)

* Encryption standards (TLS 1.2+, AES, RSA)

* Secure coding practices and vulnerability remediation

Regulatory & Domain Requirements:

* Mandatory experience in Banking / Financial Services

* Strong understanding of:

* SAMA Cybersecurity Framework (CSF)

* PCI-DSS compliance

* Open Banking security standards

* Familiarity with Saudi regulatory and audit environments

Certifications (Preferred):

* OSCP (Highly preferred)

* CEH, GPEN, GWAPT

* eWPT / eCPPT

* Mobile security certifications (e.g., eMAPT)

Soft Skills:

* Strong communication and stakeholder management

* High-quality technical report writing

* Ability to present findings to both technical and non-technical teams

* Strong analytical and problem-solving mindset