We're looking for a Cybersecurity Engineer!
Key Responsibilities
Security Monitoring & Detection
- Monitor and analyze logs and alerts from a wide range of sources including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoints, servers, and cloud platforms.
- Perform correlation of events from multiple sources to identify advanced threats and unusual patterns of behavior.
- Fine-tune alert thresholds and detection logic to reduce false positives and improve signal-to-noise ratio. Maintain dashboards and reporting to provide real-time visibility into security posture.
Incident Response & Investigation
- Serve as a frontline responder for security incidents, managing incidents through their lifecycle – detection, containment, eradication, recovery, and lessons learned.
- Coordinate with internal stakeholders and external vendors during high-severity incidents or data breaches.
- Perform root cause analysis and forensic investigations using endpoint and network-based artifacts. Maintain detailed incident documentation and contribute to post-mortem analysis and reports.
Threat Intelligence & Detection Rule Development
- Research emerging threats and trends. Contribute to the creation and tuning of detection rules, threat-hunting queries, and use cases across multiple platforms including cloud environments.
Vulnerability Monitoring & Management
- Support vulnerability scanning and remediation efforts across infrastructure and endpoints. Correlate vulnerabilities with threat intelligence to prioritize risks.
Collaboration and Communication
- Communicate effectively with cross-functional teams including IT, DevOps, Risk, and Compliance during incidents and investigations.
- Provide concise and clear updates during incident handling to stakeholders and management. Mentor junior analysts and assist in training efforts within the SOC team.
Skills, Knowledge and Expertise
- Must be Saudi National
- 2–3 years of experience in a SOC or cybersecurity operations role, ideally in a fast-paced fintech or enterprise environment.
- Strong knowledge of security best practices, including incident handling, alert triage, log analysis, and threat modeling.
- Understanding of online technologies, REST APIs, microservices, and modern application architectures.
- Experience working in a culturally diverse and collaborative environment.
- Familiarity with DLP, AV, and anti-malware systems from an operational monitoring perspective.
- Experience with phishing detection, user behavior analytics, and security awareness campaigns.
- Security certifications such as Security+, CEH, or CySA+ (preferred but not required).
- Strong communication skills, especially for coordinating incident response and writing clear incident reports.
- Experience with SIEM platforms, SOAR tools, EDR/XDR, and Threat Intelligence platforms.
- Familiarity with cloud environments and cloud-native logging and monitoring tools.
- Scripting experience (e.g., Python) to automate tasks and improve SOC efficiency.