Senior Information Security Engineer

Riyadh
Permanent
Full-time

1 month ago

Senior Information Security EngineerDepartment: InfoSec MonitoringEmployment Type: Full TimeLocation: KSAReporting To: Weam MunshiDescriptionWe're looking for an experienced and proactive Senior Information Security Engineer to serve as a senior member of our cybersecurity operations team. You'll lead complex investigations, shape our detection capabilities, and provide strategic input into incident response and threat management. As a technical authority in the SOC, you'll mentor junior analysts, collaborate across teams, and help drive continuous improvement in our security posture.Key ResponsibilitiesAdvanced Threat Detection & Monitoring

Lead the analysis and triage of high-fidelity alerts and complex event correlations across firewalls, IDS/IPS, endpoints, servers, and cloud platforms.

Identify and investigate sophisticated threats, advanced persistent threats (APTs), and anomalous behavior patterns.

Continuously refine detection logic, SIEM rules, and alerting thresholds to optimize SOC effectiveness.

Design and maintain operational dashboards and KPIs to track security trends and SOC performance.

Incident Response & Forensics

Act as the primary incident commander for major security incidents, coordinating technical response and stakeholder communication.

Conduct root cause analysis, full-scope investigations, and forensic analysis using endpoint and network-based artifacts.

Drive post-incident reviews and deliver actionable recommendations to reduce future risk.

Oversee incident documentation quality and ensure consistency in reporting and knowledge transfer.

Detection Engineering & Threat Intelligence

Research and operationalize threat intelligence into custom detection rules, threat hunting queries, and playbooks.

Develop and tune detection use cases aligned with MITRE ATT&CK and evolving threat actor techniques.

Contribute to the development and enhancement of SOAR workflows and automation to improve SOC efficiency.

Vulnerability & Risk Management

Collaborate with infrastructure and DevOps teams to assess and prioritize vulnerabilities in context with threat intelligence.

Support patch validation and track remediation efforts for critical exposures.

Guide vulnerability lifecycle processes, ensuring risks are addressed in a timely and measurable way.

Collaboration & Mentorship

Serve as a technical mentor and escalation point for Tier 1 and Tier 2 SOC analysts.

Lead training initiatives and tabletop exercises to strengthen SOC readiness and maturity.

Work closely with IT, Engineering, Compliance, and Risk teams to ensure alignment during investigations and threat mitigation efforts.

Communicate clearly and effectively with stakeholders, including drafting concise executive summaries during major incidents.

Skills, Knowledge and Expertise

3-5+ years of hands-on experience in a SOC or cybersecurity operations role, including incident handling and threat detection.

Deep understanding of security operations, threat hunting, attack vectors, and cyber kill chains.

Proven expertise in log analysis, endpoint telemetry, and cloud-native security tools (e.g., AWS CloudTrail, Azure Sentinel).

Strong scripting experience (e.g., Python, PowerShell) for automation and detection engineering.

Experience with SIEMs (e.g., Splunk, Elastic, Sentinel), SOAR platforms, EDR/XDR tools, and Threat Intelligence platforms.

Familiarity with DevSecOps, APIs, microservices, and modern application architectures.

Security certifications such as GCIA, GCIH, CySA+, or equivalent (preferred).

Clear and confident communicator with the ability to lead during high-pressure situations and present findings to technical and non-technical audiences.

Tabby

Apply Now