Information Security Engineer

Company: Tabby –

WebSite: Riyadh, Saudi Arabia

Job Description:**Formal Option:**

**Subject: Information Security Engineer Position – [Company Name]**

[Company Name] is seeking a highly qualified and experienced Information Security Engineer to join our InfoSec Monitoring team in [Location]. This role is crucial in maintaining and enhancing the security posture of our systems and infrastructure. The successful candidate will possess a comprehensive understanding of information security principles and methodologies, coupled with exceptional attention to detail and problem-solving abilities.

The Information Security Engineer will be involved in both operational activities and strategic implementation projects, contributing to the growth and maintenance of our technology infrastructure. This position offers a significant opportunity to leverage technical skills and cybersecurity expertise to make a tangible impact within our organization.

**Key Responsibilities:**

* **Cloud Security:** Demonstrate a thorough understanding of cloud services, including Google Cloud Platform (GCP), Terraform, CI/CD Security, Kubernetes Security, GitLab, and product security features and fixes.
* **Penetration Testing:** Conduct Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for Web, Mobile, and API applications. Plan and execute Infrastructure Vulnerability Assessments and Penetration Testing of systems, switches, servers, and other infrastructure components.
* **Endpoint Protection:** Plan, implement, and manage enterprise-level Anti-Virus (AV) solutions to effectively protect against malware, viruses, and other malicious threats.
* **Infrastructure Security:** Conduct comprehensive security reviews of the corporate IT infrastructure, encompassing network security controls, anti-malware implementations, Cloud Security Posture Management (CPM), Data Loss Prevention (DLP), firewall rulesets, backup and disaster recovery procedures, and vulnerability management processes.
* **Project Management:** Collaborate with product and engineering teams to prioritize security features and bug fixes, ensuring effective implementation and mitigation strategies. Work with DevOps and other teams to implement and improve security controls and/or processes.
* **Security Awareness:** Develop and implement phishing simulations and other awareness exercises to assess employee susceptibility to social engineering tactics and provide targeted training to enhance overall security resilience.
* **Security Monitoring:** Automate and improve Incident Response procedures, develop playbooks to reduce manual effort in responding to common cyber incidents, and conduct regular threat intelligence activities. Research and develop detection rules utilizing a variety of security tools.

**Skills, Knowledge, and Expertise:**

* Bachelor’s degree in Information Technology, Computer Science, Software Engineering, or a related field.
* Extensive knowledge of Information Technology security issues and approaches to manage Information Technology security within a fast-paced Fintech environment.
* Security certifications (e.g., CEH, CompTIA Security+) are desirable.
* Excellent communication, influencing, and stakeholder management skills.
* Minimum of 2-3 years of experience working across teams to deliver solutions and achieve high levels of internal buy-in.
* Experience developing and delivering security training programs.
* Experience working in a culturally diverse environment.
* Strong understanding of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
* Proficiency in programming and scripting languages (e.g., Bash, Python).
* Proven experience with cloud platforms such as AWS, GCP, and OCI.

Skills: