Who are we?

Noon, the region's leading consumer commerce platform. On December 12th, 2017, Noon launched its consumer platform in Saudi Arabia and the UAE, expanding to Egypt in February 2019. The noon ecosystem of services now includes marketplaces for food delivery, quick-commerce, fintech, and fashion. Noon is a work in progress; we’re six years in, but only 5% done. Noon’s mission: every door, every day.

What you'll do:

We are looking for a highly-motivated and dynamic candidate to join our Red Team and who will support our red teaming security program and offensive security operations. The candidate is expected to participate in Red Team/Purple team operations/penetration testing and adversary emulation assessments. Additionally, the candidate will assist Noon’s company in enhancing their cybersecurity resilience by providing an "attacker's approach" and identifying high-impact attack vectors that threat actors could use.

An ideal candidate should have a passion for red teaming, must demonstrate technically sound offensive security skills, and have an attacker mindset. The candidate is also expected to coordinate across the infosec department to plan and oversee the execution of assessments, as well as assist in helping improve Noon security defense.

Key Responsibilities:

• Conduct deep app-level offensive testing, own CVEs or patch-diff research, and produce validated PoCs.
• Run continuous security reviews, eliminate false positives, and optimize detection patterns for higher accuracy.
• Design and build scalable security tools, identify and fix problems proactively without waiting for direction.
• Assist in overseeing the design, implementation, and delivery of Red Team assessments, including the pentesting, reporting, and metrics.
• Function as a SME (Subject-Matter Expert) and primary contact to coordinate Red Team activities, organize and lead penetration testing activities.
• Run the day-to-day red team operations and working with other red teamers to deliver high-quality assessments focused on infrastructure, mobile, and web applications, purple team, wireless and social engineering.
• Plan and perform adversarial simulated attacks against organizations' services, platforms, and infrastructures, to detect security vulnerabilities ahead of the attackers.
• Adopt new TTPs and implement them in Red and Purple team assessments.
• Conduct research on new emerging threats and risks. Leading critical security initiatives (e.g., validation and re-tests, root cause analysis proof-of-concept, and process design).
• Provide 3rd party vendors supporting in external Penetration Tests/Red Team assessments.
• Assist in developing and improving the red team security program.
• Effectively communicate at all levels, including developing metrics and detailed reporting for communication to executive leadership and technical teams within Noon.
• Contribute hands-on technical expertise to the Red Team, including mentorship for junior team members and provide oversight, guidance, and support to other red team members.

What you'll need:

• We are (hiring for all levels)
• Experience in performing network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social engineering assessments
• Advanced knowledge of Active Directory, Windows exploitation and AV evasion techniques.
• In-depth knowledge with hands-on experience of advanced web applications penetration testing OR mobile applications.
• Ability to conduct source code reviews and define mitigation controls within source code for languages such as Python, Node.js, Java, etc.
• Industry certifications such as OSCE, OSWE, CRPT, GPEN, GWAPT, GXPN are desirable.
• Establishes industry expertise through writing, public speaking, shipping open-source projects, or online presence.
• Deep understanding of mapping attack surfaces, including hands-on experience with various Cybersecurity standards and technologies (MITRE ATT&CK)
• Strong understanding of Linux and its underlying components/ Networking basics.
• Advanced experience in automation and hands-on experience in scripting, e.g., Bash Shell, Python/Go, and Powershell.
• Experience in developing red team end to end operational frameworks and standards
• Strong interpersonal skills with the ability to communicate and work effectively across the organization.
• Self-starter, ability to work independently with minimal supervision and as part of a team

Who will excel?

‘noon isn’t for everyone. And that’s okay.’ This is one of our core operating principles.

We're looking for resourceful doers. Thinkers who are both creative and analytical. Problem solvers who are enthusiastic about delivering results. Our ideal candidate will be comfortable in a fast-paced, multi-tasked, high-energy and often ambiguous environment.

If the above values resonate with you, then noon might be the place for you.