Cybersecurity Engineer

Department: Cyber Security Monitoring

Employment Type: Full Time

Location: KSA

Description

Key Responsibilities

• Strong understanding of cloud services such as Google Cloud Platform (GCP), Terraform, CI/CD Security, Kubernetes Security, GitLab, and product security features and fixes.

• Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for web, mobile, and API applications.
• Plan and conduct infrastructure vulnerability assessments and penetration testing of systems, switches, servers, and other critical components.

• Plan, implement, and manage enterprise-level Anti-Virus (AV) solutions to safeguard against malware, viruses, and other threats.

• Review corporate IT infrastructure security, including network security controls, anti-malware implementation, Cloud Security Posture Management (CPM), Data Loss Prevention (DLP), firewall rule sets, backup and disaster recovery, and vulnerability management processes.

• Work across various product and engineering teams to prioritize security features and bugs, ensuring implementation and mitigation.
• Collaborate with DevOps and other teams to implement and improve security controls and processes.

• Conduct phishing simulations and other awareness exercises to assess employee susceptibility to social engineering attacks.
• Provide targeted training to enhance resilience against cybersecurity threats.

• Automate and improve incident response procedures, including playbook creation to reduce manual response efforts.
• Monitor threats and vulnerabilities, conduct regular threat intelligence research, and develop detection rules using various tools.

Skills, Knowledge and Expertise

• Degree in Information Technology, Computer Science, Software Engineering, or a related field.
• Knowledge of IT security issues and best practices, particularly in a fast-paced fintech environment.
• Security certifications such as CEH, CompTIA Security+ (preferred but not required).
• Strong communication, influencing, and stakeholder management skills.
• Two to three years of experience working across teams to deliver security solutions and drive adoption.
• Experience in developing and delivering security training programs.
• Experience working in a culturally diverse environment.
• Understanding of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
• Programming and scripting knowledge (e.g., Bash, Python).
• Strong cloud experience, with knowledge of AWS, GCP, and OCI.