**Job Code:** \[T24\-006\-EMT\-Mid] **Job Type:** Hybrid (Office and Remote) **Location:** HQ, Cairo, Egypt **Job Description:** Cyber Force is seeking a dynamic Mid\-Level Exposure Management Specialist to join our team. This role is critical for managing and mitigating cybersecurity risks through Penetration Testing, Vulnerability Management, and assessment of benchmarks such as CIS, STIG, and FedRamp. You’ll conduct Tactics, Techniques, and Procedures (TTP) simulations and red teaming exercises to proactively identify and address potential vulnerabilities. Familiarity with tools like CIS Benchmarks tools, Qualys, Tenable products, Nipper, and VECTR for red teaming attack simulations is essential. Active participation in programs such as hackthebox and bug bounty hunting is a must, showcasing a hands\-on approach to cybersecurity. **Responsibilities:** * Conduct comprehensive Penetration Tests and Vulnerability Assessments using tools such as Qualys, Tenable, Nipper, and others to identify vulnerabilities and recommend mitigation strategies. * Manage and assess compliance with CIS, STIG, and FedRamp benchmarks, ensuring that systems are secure and up to industry standards. * Engage in red teaming activities and TTP simulations using tools like VECTR, to evaluate the effectiveness of our defense mechanisms. * Actively participate in cybersecurity programs such as hackthebox and bug bounty hunting, demonstrating a proactive approach to finding and resolving vulnerabilities. * Collaborate with various teams to integrate security measures and practices into the broader cybersecurity framework of the organization. **Qualifications:** * Solid understanding and experience with cybersecurity tools and platforms for vulnerability management and penetration testing, including CIS * Benchmarks tools, Qualys, Tenable products, and Nipper. * Proven track record in conducting TTP simulations, red teaming, and participating in hackthebox, bug bounty programs, or similar activities. * Strong analytical skills with the ability to identify and mitigate vulnerabilities effectively. * Excellent communication skills, with the ability to document and explain vulnerabilities and mitigation strategies to both technical and non\-technical stakeholders. * Certifications such as CEH, OSCP, GPEN, etc., are highly regarded but not mandatory.