Scroll to filters below after hitting search
New Join the JobGlobe WhatsApp Insider Circle for instant incoming job drops, shortlist tips, and priority alerts the moment we publish new roles. Join WhatsApp
New Anyone can earn now by posting verified jobs on JobGlobe. Every approved listing can pay you while helping more people get hired. Start earning

Offensive Security Expert

Pakistan Islamabad Information Security Banking Jobs Mobilink Microfinance Bank Mobilink Bank Jobs MMBL Careers Microfinance Jobs Offensive Security Expert

Apply with assistance

We submit your application, review your CV, and handle the paperwork. From PKR 1,000.

Job Summary:

  • The Offensive Security Expert is responsible for proactively identifying, validating, and reporting security vulnerabilities across the organization's web applications, mobile applications, APIs, cloud environments, and enterprise systems. The role involves conducting comprehensive penetration testing, vulnerability assessments, adversary simulations, and security configuration reviews to assess the effectiveness of security controls and identify potential attack vectors.
  • The ideal candidate should possess strong hands-on experience in offensive security, a deep understanding of modern attack techniques and defensive controls, and experience working within a banking or other highly regulated environment. They should be capable of independently executing end-to-end security assessments while effectively communicating technical risks and remediation recommendations to both technical and business stakeholders.

Responsibilities:

  • Offensive Security Assessments
  • Conduct comprehensive penetration testing of mobile applications (Android/iOS), web applications, APIs, internal and external infrastructure, wireless networks, cloud environments, and enterprise applications.
  • Perform authenticated and unauthenticated security assessments using both automated and manual testing techniques.
  • Execute black-box, grey-box, and white-box security assessments.
  • Validate vulnerabilities identified through automated vulnerability scanners and eliminate false positives.
  • Red Team & Adversary Simulation
  • Execute controlled attack simulations to assess the organization's detection and response capabilities.
  • Simulate adversary tactics, techniques, and procedures (TTPs) based on industry frameworks such as MITRE ATT&CK.
  • Conduct credential attacks, privilege escalation, lateral movement, and post-exploitation activities within approved scopes.
  • Assist in purple team exercises by collaborating with SOC and Blue Team personnel.
  • Web & Mobile Security
  • Assess applications against the OWASP Top 10, OWASP API Security Top 10, and OWASP Mobile Top 10.
  • Perform source-assisted security testing where applicable.
  • Identify authentication, authorization, session management, business logic, and API security weaknesses.
  • Assess mobile application security, including reverse engineering, static and dynamic analysis, SSL pinning bypass, and runtime protection validation.
  • Infrastructure & Network Security
  • Perform internal and external infrastructure penetration testing.
  • Assess Active Directory environments for common attack paths and privilege escalation opportunities.
  • Conduct wireless security assessments.
  • Evaluate network segmentation, firewall configurations, VPN security, and remote access controls.
  • Perform cloud security assessments for Azure, AWS, and GCP environments where applicable.
  • Vulnerability Validation & Security Assurance
  • Verify remediation of security findings through re-testing.
  • Conduct secure architecture reviews and provide remediation recommendations.
  • Validate the effectiveness of implemented security controls.
  • Reporting & Documentation
  • Prepare detailed technical penetration testing reports with clear proof-of-concepts, risk ratings, and remediation guidance.
  • Present findings to technical teams and management.
  • Maintain testing methodologies, playbooks, and reusable testing scripts.
  • Security Research
  • Stay updated on emerging threats, attack techniques, CVEs, and exploitation methodologies.
  • Develop proof-of-concepts for newly disclosed vulnerabilities where applicable.
  • Contribute to offensive security automation and custom tooling.
  • Collaboration
  • Work closely with application development, DevOps, infrastructure, network, and security operations teams.
  • Provide technical guidance on secure coding practices and remediation strategies.
  • Support compliance initiatives requiring penetration testing and security validation.
  • Support internal and external security audits, regulatory assessments, and compliance reviews by providing technical expertise, evidence, vulnerability validation, remediation support, and timely closure of audit observations.
  • Additional Responsibilities
  • Additional Responsibilities: Perform other duties within the scope of work as instructed by the direct manager.

Eligibility / Qualification Required:

  • Job Requirements:
  • Bachelor's degree in Computer Science, Information Security, Cyber Security, or a related discipline.
  • 2–5 years of hands-on experience in offensive security, penetration testing, or ethical hacking.
  • Prior experience in the banking or financial services sector is required, with a strong understanding of applicable regulatory and industry security frameworks
  • Demonstrated experience performing end-to-end penetration testing engagements.
  • OSCP (Preferred), OSWE, OSEP, CRTO, CRTE, PNPT, GPEN, GWAPT, eCPPT

Job Details:

  • Department: Information Security
  • Job Type: Permanent
  • Grade: AVP
  • Positions: 1
  • Locations: Islamabad
  • Application Deadline: Jul 22, 2026

How to Apply:

Register or sign in to the Mobilink Microfinance Bank careers portal, select the preferred location when offered, complete the application form, and submit it before the deadline.

Apply online for this position

Attachments

Related jobs you may like

Mobilink Microfinance Bank Limited (MMBL), Pakistan
Apply Now