Information Security Analyst

Job Description

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications, mobile platforms, and AI/ML environments to identify vulnerabilities and potential entry points for attackers.
• Perform AI system and model penetration testing, focusing on adversarial attacks, prompt injection, data poisoning, and model inversion vulnerabilities.
• Assess AI pipelines, APIs, and LLM-based integrations for misuse, data leakage, and unauthorized access risks.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.
  
  

Vulnerability Assessment:

• Perform thorough vulnerability assessments to identify and prioritize security weaknesses.
• Utilize industry-standard tools such as Qualys, Nessus or Nexpose and methodologies to uncover vulnerabilities in various environments.
• Provide actionable recommendations for remediation and mitigation strategies.
  
  

Patch management

• Support AI-specific vulnerability scanning and review of data pipelines or model endpoints.
  
  

Threat Modeling and Risk Assessment:

• Develop and maintain a comprehensive understanding of systems, networks, applications, and AI models to identify potential exploitation paths.
• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies
  
  

Incident Response and Crisis Management:

• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts
  
  

Security Research and Development:

• Research and develop adversarial testing techniques for AI models, including LLM prompt manipulation and training data leakage.
• Stay up to date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies
  
  

Collaboration and Communication:

• Collaborate with development teams to implement security patches and fixes
• Provide technical guidance and support to development teams on security-related issues
• Communicate complex technical information to non-technical stakeholders in a clear and concise manner
  
  

Responsibilities

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications, mobile platforms, and AI/ML environments to identify vulnerabilities and potential entry points for attackers.
• Perform AI system and model penetration testing, focusing on adversarial attacks, prompt injection, data poisoning, and model inversion vulnerabilities.
• Assess AI pipelines, APIs, and LLM-based integrations for misuse, data leakage, and unauthorized access risks.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.
  
  

Vulnerability Assessment:

• Perform thorough vulnerability assessments to identify and prioritize security weaknesses.
• Utilize industry-standard tools such as Qualys, Nessus or Nexpose and methodologies to uncover vulnerabilities in various environments.
• Provide actionable recommendations for remediation and mitigation strategies.
  
  

Patch management

• Support AI-specific vulnerability scanning and review of data pipelines or model endpoints.
  
  

Threat Modeling and Risk Assessment:

• Develop and maintain a comprehensive understanding of systems, networks, applications, and AI models to identify potential exploitation paths.
• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies
  
  

Incident Response and Crisis Management:

• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts
  
  

Security Research and Development:

• Research and develop adversarial testing techniques for AI models, including LLM prompt manipulation and training data leakage.
• Stay up to date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies
  
  

Collaboration and Communication:

• Collaborate with development teams to implement security patches and fixes
• Provide technical guidance and support to development teams on security-related issues
• Communicate complex technical information to non-technical stakeholders in a clear and concise manner
  
  

Qualifications

• A bachelor’s degree in computer Science, or a related field is required.
• OSCP, CEH, CRTP or other relevant certifications
• Minimum of 5+ years of experience in penetration testing, vulnerability assessment, or a related field
• Strong understanding of networking protocols, operating systems, and applications
• Proficiency in programming languages such as Python, C++, or Java
• Experience with penetration testing frameworks and tools such as Nmap, Nessus, Burp Suite, or Metasploit
• Strong analytical and problem-solving skills
• Excellent communication and reporting skills
• Ability to work independently and as part of a team
• Strong attention to detail and ability to maintain accurate records
• Ability to work in a fast-paced environment with tight deadlines
  
  

Additional Requirements:

• Experience with AI Penetration Testing and LLM Red Teaming.
• Knowledge of adversarial ML, AI governance, and AI model assurance frameworks (e.g., NIST AI RMF, ISO/IEC 23894).
• Experience with cloud-based technologies and cloud security
• Familiarity with Agile development methodologies
• Strong understanding of compliance and regulatory requirements (e.g., GDPR, PCI-DSS)
• Experience with security orchestration, automation, and response (SOAR) tools
• Familiarity with threat intelligence and threat hunting
  
  

About The Team

We offer exciting opportunities to people from different backgrounds and nationalities through internal career advancement programmes. Once a member of our staff, you have the chance to grow horizontally and vertically throughout your career journey with us.

“We are proud to be the first organization from the Middle East region to receive the prestigious Investors in People (IIP) Platinum accreditation.”

Find more about us here .

---