Saudi National - Senior Information Security Engineer

Department: InfoSec Monitoring

Employment Type: Full Time

Location: KSA

Reporting To: Weam Munshi

Description

Key Responsibilities

• Lead the analysis and triage of high-fidelity alerts and complex event correlations across firewalls, IDS/IPS, endpoints, servers, and cloud platforms.
  
  
• Identify and investigate sophisticated threats, advanced persistent threats (APTs), and anomalous behavior patterns.
  
  
• Continuously refine detection logic, SIEM rules, and alerting thresholds to optimize SOC effectiveness.
  
  
• Design and maintain operational dashboards and KPIs to track security trends and SOC performance.
  
  

• Act as the primary incident commander for major security incidents, coordinating technical response and stakeholder communication.
  
  
• 
  Conduct root cause analysis, full-scope investigations, and forensic analysis using endpoint and network-based artifacts.
  
  
• Drive post-incident reviews and deliver actionable recommendations to reduce future risk.
  
  
• Oversee incident documentation quality and ensure consistency in reporting and knowledge transfer.
  
  

• Research and operationalize threat intelligence into custom detection rules, threat hunting queries, and playbooks.
  
  
• Develop and tune detection use cases aligned with MITRE ATT&CK and evolving threat actor techniques.
  
  
• Contribute to the development and enhancement of SOAR workflows and automation to improve SOC efficiency.
  
  

• Collaborate with infrastructure and DevOps teams to assess and prioritize vulnerabilities in context with threat intelligence.
  
  
• Support patch validation and track remediation efforts for critical exposures.
  
  
• Guide vulnerability lifecycle processes, ensuring risks are addressed in a timely and measurable way.
  
  

• Serve as a technical mentor and escalation point for Tier 1 and Tier 2 SOC analysts.
  
  
• Lead training initiatives and tabletop exercises to strengthen SOC readiness and maturity.
  
  
• Work closely with IT, Engineering, Compliance, and Risk teams to ensure alignment during investigations and threat mitigation efforts.
  
  
• Communicate clearly and effectively with stakeholders, including drafting concise executive summaries during major incidents.
  
  

Skills, Knowledge and Expertise

• 3–5+ years of hands-on experience in a SOC or cybersecurity operations role, including incident handling and threat detection.
  
  
• Deep understanding of security operations, threat hunting, attack vectors, and cyber kill chains.
  
  
• Proven expertise in log analysis, endpoint telemetry, and cloud-native security tools (e.g., AWS CloudTrail, Azure Sentinel).
  
  
• Strong scripting experience (e.g., Python, PowerShell) for automation and detection engineering.
  
  
• Experience with SIEMs (e.g., Splunk, Elastic, Sentinel), SOAR platforms, EDR/XDR tools, and Threat Intelligence platforms.
  
  
• Familiarity with DevSecOps, APIs, microservices, and modern application architectures.
  
  
• Security certifications such as GCIA, GCIH, CySA+, or equivalent (preferred).
  
  
• Clear and confident communicator with the ability to lead during high-pressure situations and present findings to technical and non-technical audiences.