Analyst, Information Security

Department: InfoSec Monitoring

Employment Type: Full Time

Location: KSA

Description

Key Responsibilities

• Assist senior architects in documenting and maintaining security architecture designs for IT projects, ensuring alignment with the organization's security standards and regulatory requirements.
• Support the review of proposed system designs and configurations by checking them against established security baselines and flagging gaps for senior review.
• Help maintain up-to-date architecture diagrams, design documentation, and security control mappings across assigned systems and platforms.
• Participate in cross-functional meetings with IT, DevOps, and Risk Management teams as an observer and note-taker, gaining exposure to security strategy discussions.

• Assist in monitoring the organization's cloud environments (GCP/AWS) for misconfigurations and security posture issues using Cloud Security Posture Management (CSPM) tools.
• Support the review and documentation of cloud infrastructure configurations (e.g., GCP, Terraform, Kubernetes) against security best practices under senior guidance.
• Help track and document CI/CD pipeline security findings and assist in preparing remediation recommendations for engineering teams.
• Learn and apply foundational cloud security concepts including identity and access management, network segmentation, and secrets management in cloud-native environments.

• Assist in integrating and operating security tools within CI/CD pipelines (e.g., SAST, DAST, dependency scanning) under the direction of senior engineers.
• Help review and triage automated security scan results from SAST and DAST tools, categorizing findings and escalating critical issues for senior review.
• Support source code review activities by following established checklists and flagging common vulnerability patterns (e.g., OWASP Top 10) for senior validation.
• Assist in maintaining documentation of security checkpoints and tool configurations across the development pipeline.

• Assist in executing pre-defined vulnerability assessment test cases for web, mobile, API, and infrastructure targets under close senior supervision.
• Support infrastructure vulnerability scanning activities using approved tools, helping to collect, organize, and document scan outputs.
• Help maintain the vulnerability register by tracking identified findings, their severity, assigned owners, and remediation status.
• Assist in re-testing patched vulnerabilities to confirm effective remediation, documenting results accurately.

• Assist in the administration and monitoring of enterprise endpoint protection solutions (AV/EDR), including alert triage and basic incident escalation.
• Support infrastructure security reviews by gathering configuration data, running approved audit scripts, and documenting findings against security baselines.
• Help maintain firewall ruleset documentation and assist in identifying outdated or unnecessary rules for senior review.
• Support Data Loss Prevention (DLP) monitoring activities, escalating triggered alerts per defined procedures.
• Assist in backup and disaster recovery documentation, helping verify that recovery procedures are current and accurately recorded.

• Assist in developing and maintaining security assessment checklists and testing models for application security, network architecture reviews, and configuration audits.
• Support project management activities by tracking security-related tasks, action items, and remediation tickets across DevOps and engineering teams.
• Help prepare status updates and progress reports on security control implementation for review by senior staff.
• Assist in prioritizing security bugs and features by gathering data and supporting triage discussions led by senior engineers.

• Assist in the planning and execution of phishing simulation campaigns by helping configure scenarios, distribute materials, and collect results data.
• Support the preparation and delivery of security awareness training materials and communication content.
• Assist in security monitoring activities by reviewing alerts from SIEM and other monitoring platforms, escalating anomalies per defined playbooks.
• Help maintain and update incident response playbooks and procedure documentation under senior direction.
• Support threat intelligence gathering from internal and publicly available sources, summarizing findings for the security team.
• Assist in developing and tuning basic detection rules under the guidance of senior security engineers.

Skills, Knowledge and Expertise

• Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field.
• Recent graduates and fresh university leavers are strongly encouraged to apply — no prior professional experience is required.
• Academic projects, capstone work, or self-directed labs involving networking, cloud, or application security will be considered favorably.
• No mandatory professional experience required. 
• Any internship, academic project, or personal lab experience related to cybersecurity, networking, or software development is a strong advantage.
• Exposure to regulated environments (Fintech, banking) is a plus but not required.