
Tabby
Information Security Engineer
- Permanent
- Riyadh, Saudi Arabia
- Experience 2 - 5 yrs
Job expiry date: 01/03/2026
Job overview
Date posted
15/01/2026
Location
Riyadh, Saudi Arabia
Salary
SAR 15,000 - 20,000 per month
Compensation
Salary only
Job description
The Information Security Engineer (SOC) at Tabby is responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across infrastructure, applications, and cloud environments within a high-growth FinTech ecosystem. The role operates within the InfoSec Monitoring department and focuses on protecting large-scale payment and financial platforms used by millions of users and tens of thousands of merchants. The position involves continuous monitoring and analysis of logs and alerts from diverse sources including firewalls, IDS/IPS, endpoints, servers, and cloud platforms, correlating events to detect advanced threats, and tuning detection logic to reduce false positives. The engineer leads incident response activities across the full lifecycle, from detection and containment to eradication, recovery, and post-incident analysis, while coordinating with internal teams and external vendors during high-severity incidents or data breaches. The role also contributes to threat intelligence operations by researching emerging threats, developing and tuning detection rules, maintaining a Cyber Threat Intelligence (CTI) platform, and integrating CTI feeds into security controls to enable proactive, intelligence-driven detections. Collaboration with IT, DevOps, Risk, and Compliance teams is critical, as is maintaining dashboards, reports, and detailed incident documentation. The role requires hands-on experience with SIEM, SOAR, EDR/XDR, cloud-native monitoring tools, scripting for automation, and familiarity with modern application architectures including REST APIs and microservices, supporting Tabby’s large-scale, cloud-based financial platform.
Required skills
Key responsibilities
- security operations center
- incident response
- security monitoring
- log analysis
- event correlation
- IDS
- IPS
- firewalls
- endpoint security
- cloud security
- SIEM
- SOAR
- EDR
- XDR
- threat intelligence
- CTI platforms
- forensic investigation
- root cause analysis
- DLP
- anti-malware
- phishing detection
- user behavior analytics
Experience & skills
- 2–3 years of experience in a Security Operations Center or cybersecurity operations role
- Hands-on experience with incident handling, alert triage, log analysis, and threat modeling
- Experience operating SIEM platforms, SOAR tools, EDR/XDR solutions, and Threat Intelligence platforms
- Familiarity with cloud environments and cloud-native logging and monitoring tools
- Operational knowledge of DLP, antivirus, and anti-malware systems
- Experience with phishing detection, user behavior analytics, and security awareness initiatives
- Understanding of REST APIs, microservices, and modern application architectures
- Scripting experience using Python or similar languages for automation
- Security certifications such as Security+, CySA+, eCIR, eCTHPv2, GCIA, or GMON preferred