- Experience
- 3–5 yrs
- Salary
- —
- Openings
- 1
- Posted
- 1 hour ago
- Work mode
- Work from home
- Eligibility
- Candidates with 3 to 5 years of experience in offensive cybersecurity and at least one recognized certification such as OSCP, CRTO, eCPPT, or equivalent may apply. Advanced red team and adversary-simulation certifications are preferred.
- Resume
- Required to apply
Job description
About HALA
HALA is a major fintech company operating across the MENAP region, focused on reshaping financial services and creating the next-generation banking experience for small and medium-sized businesses. The company helps SMEs launch, operate, and expand by providing modern financial and technology solutions.
Established in 2017, HALA now has entities in the UAE, Saudi Arabia, and Egypt, including HALA Payments and HALA Logistics. Its products help merchants digitize payments and manage sales and operational workflows. HALA is licensed by the Saudi Arabian Central Bank.
Role Overview
The Cybersecurity Offensive Specialist is responsible for carrying out offensive security work across the organization. This includes advanced penetration testing, red team-style exercises, and adversary simulations designed to reproduce real attack techniques, uncover vulnerabilities, and test the security of systems, networks, applications, cloud environments, APIs, and merchant/payment platforms.
The role also requires strong documentation and communication skills. Findings, attack paths, and remediation guidance must be presented clearly to both technical teams and senior stakeholders, while partnering with defensive security teams to validate detection coverage and strengthen incident response capabilities.
Key Responsibilities
- Perform offensive security assessments such as red teaming, adversary simulation, and penetration testing in line with SAMA CSF and NCA ECC standards.
- Run controlled attack scenarios against applications, cloud environments, APIs, and merchant/payment systems to verify whether vulnerabilities can be exploited in real conditions.
- Carry out advanced penetration testing and source code review work to uncover complex security weaknesses, and work with SOC and defense teams to improve detections for those attack patterns.
- Manage offensive tools and lab setups, following the agreed rules of engagement to keep testing safe and avoid disruption to business operations.
- Provide practical and detailed remediation advice to product and engineering teams, and help drive closure of high-risk findings.
- Keep all testing records, evidence, and reports aligned with SAMA CSF and NCA ECC control requirements and audit expectations.
Experience and Qualifications
Applicants should have 3 to 5 years of relevant experience.
A recognized offensive security certification is required, such as OSCP, CRTO, eCPPT, or an equivalent qualification.
Advanced certifications are preferred, including OSEP, OSWE, GXPN, GWAPT, GPEN, or CRTP/CRTE, especially for deeper red team and adversary-simulation expertise.
What HALA Offers
- An inclusive, diverse workplace that supports innovation and flexibility across remote, on-site, and hybrid arrangements.
- A competitive compensation package with possible share-based upside.
- Ongoing learning support, including regular training and an annual learning stipend.
- Exposure to a fast-growing environment, a team representing more than 30 nationalities, and operations across 7 countries.
- Autonomy, mentoring, meaningful challenges, and a high level of ownership and trust.
Additional Information
This role is based in Riyadh, Saudi Arabia, and is offered as a full-time remote position.
HALA emphasizes giving ownership and freedom to the person responsible for the function, with the belief that strong results come from trust and independence.