Cybersecurity Offense Lead

Who Are We

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financials Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

Job Summary: 

The Cybersecurity Offense Lead is primarily responsible for developing and directing the organization's offensive security strategy by leading a penetration tester to simulate realistic cyberattacks and proactively identify and exploit security vulnerabilities across systems, networks, and applications; critically, this role involves documenting and communicating these findings and attack pathways to both technical and executive audiences with clear recommendations, and collaborating with defensive security teams to test, validate, and enhance the organization's overall detection and response capabilities against sophisticated, real-world threats

Key Responsibilities: 

• Lead HALA’s offensive security program (red teaming, adversary simulation, penetration testing) aligned with SAMA FEER requirements. 

• Plan and execute controlled attack exercises on apps, cloud, APIs, and payment/merchant platforms; validate real-world exploitability.

• Develop TTP-based scenarios (MITRE ATT&CK) and collaborate with Defense/SOC in purple-team engagements to improve detections.

• Own offensive tooling, lab environments, and rules of engagement; ensure safe testing with zero business disruption.

• Deliver clear remediation guidance and track closure of critical findings with Product/Engineering

Qualifications: 

• Bachelor’s in Cybersecurity/CS or related field.

• 7–10+ years in red teaming / offensive security, with leadership experience in fintech/financial services preferred.

• Deep skills in web/mobile/API/cloud pentest, adversary emulation, and ATT&CK mapping.

• Familiarity with SAMA FEER and KSA financial-sector testing governance.

• Relevant certs preferred: OSCP/OSCE, CRTO, GPEN, GXPN, or equivalent.

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in-office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper-growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.