Deloitte Innovation Hub | Cyber Security | Offensive Security Senior Engineer, Cairo, Egypt.

Connect to your career at DeloitteDeloitte, established globally in 1845, is the world’s largest and leading professional services firm, providing Audit & Assurance, Tax & Legal and Consulting and related services to public and private clients spanning multiple industries. Present in more than 150 countries, Deloitte is distinct in its ability to help clients solve their most complex problems, from strategy to implementation.Deloitte innovation hub (DIH) is a strategic initiative established by Deloitte North & South Europe (NSE) to support our ambition to become the leading business transformation partner of choice for our clients and to expand and scale our delivery footprint across EMEA. With access to a scaled, diverse, highly skilled, motivated, and engaged workforce, DIH is delivering complex technical solutions for clients’ most complex business problems, across portfolios that include ‘Strategy & Transactions’, ‘Customer’, ‘Engineering, AI & Data, ‘Enterprise, Technology & Performance’ and ‘Cyber’. DIH is aiming to become the destination for top talents in Egypt for a long, exciting career.We invest in outstanding people of diverse talents and backgrounds and empower them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we. Our organization has grown in scale and diversity, providing services across the region, with our shared culture remaining the same. We aim to help clients realize their ambitions, make a positive difference in society, and maximize the success of our people. This drive fuels the commitment and humanity that run deep through our every action.Connect to your opportunity.At Deloitte, you will make a real impact by working on diverse projects and collaborating with experts to deliver innovative solutions. As an Offensive Security Senior Engineer, you will focus on adversary emulation and red teaming to simulate advanced persistent threats (APTs) and cyberattacks. Using frameworks like MITRE ATT&CK, you will test the resilience of our security controls and incident response capabilities. Additionally, you will conduct penetration testing on web applications, mobile apps, APIs, and networks, using scripting, defense evasion techniques, and code review to identify and exploit vulnerabilities.Your Role Might Include All The FollowingRed Teaming and Penetration Testing Lead red team engagements to emulate the TTPs of advanced adversaries, using frameworks like MITRE ATT&CK and Caldera to simulate real-world attack scenarios. Design and execute complex attack chains, including initial access, privilege escalation, lateral movement, data exfiltration, and persistence, to test the effectiveness of security controls. Simulate sophisticated threats such as nation-state actors, ransomware groups, and insider threats to identify gaps in detection and response processes. Conduct penetration testing across web applications, networks, cloud environments, and internal systems to identify vulnerabilities and validate red team findings. Test for vulnerabilities in web applications (e.g., SQL injection, XSS, CSRF, IDOR, OWASP Top 10), mobile apps (iOS and Android), and APIs (REST, GraphQL, SOAP). Use tools like Burp Suite, OWASP ZAP, Frida, and MobSF to identify and exploit vulnerabilities in diverse attack surfaces. Web Application Security Conduct in-depth penetration testing of web applications to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), insecure direct object references (IDOR), and other OWASP Top 10 issues. Test for business logic flaws, session management issues, and authentication/authorization vulnerabilities in web applications. Use tools like Burp Suite, OWASP ZAP, and manual techniques to identify and exploit web application vulnerabilities. Scripting and Automation Write and maintain custom scripts (e.g., in Python, PowerShell, Bash, or JavaScript) to automate attack techniques, payloads, and reconnaissance processes for web, mobile, and API testing. Build tools to streamline pentesting workflows, such as automated vulnerability scanning, exploitation, and post-exploitation activities. Create scripts to bypass web application firewalls (WAFs), evade detection, and test the resilience of blue team defenses. Defense Evasion TechniquesResearch and implement advanced defense evasion techniques to bypass endpoint detection and response (EDR), antivirus, WAFs, and other security solutions. Develop obfuscation methods for payloads and exploits to avoid detection by SIEM, IDS/IPS, and other monitoring tools. Stay updated on the latest evasion techniques and adapt strategies to simulate sophisticated adversaries targeting web applications and other systems.Code Review & Secure DevelopmentPerform thorough code reviews to identify vulnerabilities in web applications, APIs, and mobile apps, focusing on languages such as Java, JavaScript, Python, PHP, or C#. Identify insecure coding practices, such as improper input validation, lack of output encoding, and insecure API integrations. Collaborate with development teams to provide actionable recommendations for secure coding practices and remediation of identified vulnerabilities. Mobile and API Security Perform penetration testing on mobile applications (iOS and Android) to identify vulnerabilities such as insecure storage, improper session handling, and weak authentication mechanisms. Assess API security (REST, GraphQL, SOAP) for issues like broken authentication, excessive data exposure, and lack of rate limiting. Use tools like Burp Suite, Frida, and MobSF to analyze mobile and API attack surfaces and develop exploits for identified vulnerabilities.Connect To Your Skills And Professional ExperienceBachelor’s degree in Cybersecurity, information technology, computer science, or a relevant degree.Minimum 3 to 7 years of hands-on experience in penetration testing, red teaming, or related offensive security roles. Analytical capabilities, critical thinking, and problem-solving mindset (ability to analyze complex data and information to identify key insights and trends). Proficient in English speaking and writing. Flexibility for travel and working hours. strong proficiency in web application pentesting tools such as Burp Suite, OWASP ZAP, and manual testing techniques. Proficiency in scripting languages such as Python, PowerShell, Bash, or JavaScript for automation and tool development. Deep understanding of defense evasion techniques, including bypassing WAFs, EDR, and AV solutions. Expertise in code review for identifying vulnerabilities in web applications, APIs, and mobile apps. Strong knowledge of mobile security testing tools (e.g., Frida, MobSF, Drozer) and API testing tools (e.g., Postman, Burp Suite). Familiarity with common pentesting tools like Metasploit, Nmap, Cobalt Strike, BloodHound, and Kali Linux. Understanding of cloud environments (AWS, Azure, GCP) and their associated attack vectors. The Following Attributes Are Also PreferableRelevant certifications such as OSCP, OSWE, OSEP, CRTO, CRTP, GWAPT, GXPN, or equivalent are a plus. Active participation in CTF competitions with demonstrated achievements. Experience with penetration testing of AI systems and Large Language Models (LLMs), including testing for vulnerabilities like prompt injection, data poisoning, model inversion, or adversarial attacks. Experience with adversary emulation frameworks like MITRE ATT&CK or Caldera. Knowledge of secure software development lifecycle (SDLC) and DevSecOps practices. Contributions to the security community through blogs, tools, or conference talks. Familiarity with container security (Docker, Kubernetes) and serverless architectures. Personal IndependenceRegulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to several audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints. This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm. The recruitment team will provide further detail as you progress through the recruitment process.Connect with your colleaguesLocation: Cairo, Egypt“What attracted me to Deloitte were the endless opportunities and the collective experience of other like-minded individuals. Deloitte’s clients include many of the world’s largest organizations; I wanted to be part of a team that made a difference that I could be proud of.” -Dan, Technology & Transformation“Everyone always says, “it’s the people,” and that’s true. Working for a brand you feel proud of feels pretty good too. And you don’t have any stress about fitting into a particular stereotype, because there are so many different types of people in Deloitte Digital.” – Gillian, Technology & TransformationOur commitment to youMaking an impact is more than just what we do: it’s why we’re here. So, we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before.We want you. The true you. Your own strengths, perspective, and personality. So, we’re nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we’ll take your wellbeing seriously, too. Because it’s only when you’re comfortable and at your best that you can make the kind of impact you, and we, live for.Your expertise is our capability, so we’ll make sure it never stops growing. Whether it’s from the complex work you do, or the people you collaborate with, you’ll learn every day. Through world-class development, you’ll gain invaluable technical and personal skills. Whatever your level, you’ll learn how to lead.Connect to your next stepA career at Deloitte is an opportunity to develop in any direction you choose. Join us and you’ll experience a purpose you can believe in and an impact you can see. You’ll be free to bring your true self to work every day. And you’ll never stop growing, whatever your level.