Information Security Engineer

Department:
InfoSec Monitoring

Location:
KSA

Description
Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 15 million users choose Tabby to stay in control of their spending and make the most out of their money.

The company's flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 40,000 global brands and small businesses, including Amazon, Noon, IKEA, and SHEIN use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby generates over $10 billion in annual transaction volume for its partner brands and is the highest-rated, most-reviewed, largest, and fastest-growing FinTech in the GCC region.

Tabby launched in 2019 and has since raised +$1 billion in equity and debt funding from global and regional investors, and is now valued at $4.5 billion.

As
Information Security Engineer
, you'll play a key part in monitoring and defending our infrastructure, applications, and cloud environments from cyber threats.

You'll lead incident response efforts, develop and tune detection rules, investigate security events, and collaborate with cross-functional teams to strengthen our security posture.

Key Responsibilities
Security Monitoring & Detection

• Monitor and analyze logs and alerts from a wide range of sources including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoints, servers, and cloud platforms.
• Perform correlation of events from multiple sources to identify advanced threats and unusual patterns of behavior.
• Fine-tune alert thresholds and detection logic to reduce false positives and improve signal-to-noise ratio.
• Maintain dashboards and reporting to provide real-time visibility into security posture.

Incident Response & Investigation

• Serve as a frontline responder for security incidents, managing incidents through their lifecycle – detection, containment, eradication, recovery, and lessons learned.
• Coordinate with internal stakeholders and external vendors during high-severity incidents or data breaches.
• Perform root cause analysis and forensic investigations using endpoint and network-based artifacts.
• Maintain detailed incident documentation and contribute to post-mortem analysis and reports.

Threat Intelligence & Detection Rule Development

• Research emerging threats and trends.
• Contribute to the creation and tuning of detection rules, threat-hunting queries, and use cases across multiple platforms including cloud environments.
• Maintaining CTI Platform along with the integration of the CTI feeds with the security controls to have active CTI driven detections.

Collaboration and Communication

• Communicate effectively with cross-functional teams including IT, DevOps, Risk, and Compliance during incidents and investigations.
• Provide concise and clear updates during incident handling to stakeholders and management.
• Mentor junior analysts and assist in training efforts within the SOC team.

Skills, Knowledge and Expertise

• 2–3 years of experience in a SOC or cybersecurity operations role, ideally in a fast-paced fintech or enterprise environment.
• Strong knowledge of security best practices, including incident handling, alert triage, log analysis, and threat modeling.
• Understanding of online technologies, REST APIs, microservices, and modern application architectures.
• Experience working in a culturally diverse and collaborative environment.
• Familiarity with DLP, AV, and anti-malware systems from an operational monitoring perspective.
• Experience with phishing detection, user behavior analytics, and security awareness campaigns.
• Security certifications such as Security+, CySA+, eCIR, eCTHPv2, GCIA, or GMON (preferred but not required).
• Strong communication skills, especially for coordinating incident response and writing clear incident reports.
• Experience with
  SIEM platforms
  ,
  SOAR tools
  ,
  EDR/XDR
  , and
  Threat Intelligence platforms
  .
• Familiarity with cloud environments and cloud-native logging and monitoring tools.
• Scripting experience (e.g.,
  Python
  ) to automate tasks and improve SOC efficiency.