Information Security Analyst l (PenTester)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Support offensive security activities including penetration testing, vulnerability assessments, and red team exercises under senior guidance. Learn industry-standard tools and frameworks like OWASP Top 10 and MITRE ATT&CK.
Key Skills for This Role
Full Job Posting
Description
Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money.
Over 15 million users choose Tabby to stay in control of their spending and make the most out of their money.
The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees.
Over 40,000 global brands and small businesses, including Amazon, Noon, IKEA, and SHEIN use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.
Tabby generates over $10 billion in annual transaction volume for its partner brands and is the highest-rated, most-reviewed, largest, and fastest-growing FinTech in the GCC region.
Tabby launched in 2019 and has since raised +$1 billion in equity and debt funding from global and regional investors, and is now valued at $4.5 billion.
The Cyber Security Analyst (Offensive Security) role serves as a structured entry point into offensive security, with a strong emphasis on learning industry-standard tools, methodologies, and frameworks (OWASP Top 10, MITRE ATT&CK), while supporting the organization's mission to validate and strengthen its security posture before malicious actors can exploit weaknesses
• Technical Security Assessment Support
- Assist senior engineers in conducting penetration tests across web applications, APIs, and network infrastructure by performing assigned test cases and documenting findings.
- Support vulnerability assessments using automated scanning tools (e.g., Nmap, vulnerability scanners) under supervision, and help verify results through basic manual checks.
- Participate in Red Team exercises as a supporting team member, learning adversary simulation methodologies and assisting in pre-agreed test scenarios.
- Help execute controlled offensive testing tasks (e.g., running scripts, setting up test environments, assisting with phishing simulations) as directed by senior staff.
- Assist in identifying, documenting, and tracking vulnerabilities throughout the assessment lifecycle.
- Support the development and maintenance of basic scripts and testing utilities to assist in offensive security activities.
2.Risk Documentation & Reporting
- Assist in analyzing and documenting assessment findings, including reproduction steps, evidence, and initial severity observations for review by senior engineers.
- Support the preparation of penetration test reports by compiling findings, screenshots, and tool outputs into structured report templates.
- Help track the status of identified vulnerabilities and remediation progress, maintaining accurate records in relevant tracking systems.
- Assist in validating patched vulnerabilities by re-testing affected systems following confirmed remediation, under senior guidance.
• Collaboration & Program Support
- Participate in Purple Team exercises as an observer and support role, gaining exposure to detection logic and incident response workflows.
- Provide basic log collection and organizational support to the incident response team during active security incidents, as directed.
- Assist in maintaining up-to-date documentation on offensive security tools, tactics, and methodologies used by the team.
- Support compliance testing efforts by executing pre-defined test cases to validate controls required by regulations (e.g., SAMA CSF, PCI-DSS).
- Actively engage in self-directed learning of offensive security TTPs, emerging vulnerabilities, and attack vectors to build technical depth.
- Assist in validating patched vulnerabilities by re-testing affected systems following confirmed remediation, under senior guidance.
3. Collaboration & Program Support
- Participate in Purple Team exercises as an observer and support role, gaining exposure to detection logic and incident response workflows.
- Provide basic log collection and organizational support to the incident response team during active security incidents, as directed.
- Assist in maintaining up-to-date documentation on offensive security tools, tactics, and methodologies used by the team.
- Support compliance testing efforts by executing pre-defined test cases to validate controls required by regulations (e.g., SAMA CSF, PCI-DSS).
- Actively engage in self-directed learning of offensive security TTPs, emerging vulnerabilities, and attack vectors to build technical depth.
- Assist in preparing technical examples and real-world findings for contribution to the security awareness program
Skills, Knowledge & Expertise
- Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field.
- Basic understanding of common vulnerabilities and attack concepts (OWASP Top 10, CVEs, common misconfigurations).
- Foundational knowledge of networking protocols (TCP/IP, DNS, HTTP/S, FTP, SMB) and how they can be abused.
- Exposure to at least one security tool in any of the following categories: port scanners (Nmap), web proxies (Burp Suite Community), or vulnerability scanners.
- Basic proficiency in at least one scripting or programming language (Python, Bash, or PowerShell) for task automation.
- Fundamental understanding of operating system internals for both Windows and Linux environments.
- Awareness of the MITRE ATT&CK framework and how it maps adversary behaviors.
- Familiarity with cloud concepts (any provider — GCP, AWS, or Azure) is an advantage
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Tabby | تابي
Analyst, Information Security
Riyadh, KSA
Department: InfoSec Monitoring Location: KSA Description The Cyber Security Analyst (Defensive Security) supports the organization's security architecture and infrastructure protection functions under the close guidance
Account Management Specialist
Abu Dhabi, UAE
Department: Account Management Employment Type: Full Time Location: UAE Reporting To: Mayar Elsayed Description About Tabby: Tabby creates financial freedom in the way people shop, earn and save by reshaping their relati
Account Management Specialist
Dubai, UAE
Department: Account Management Location: UAE Description About Tabby: Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 20 million users choose Tabby t
Analyst, Information Security
Riyadh, KSA
Department: InfoSec Monitoring Location: KSA Description The Cyber Security Analyst (Defensive Security) supports the organization's security architecture and infrastructure protection functions under the close guidance
AML Associate
Riyadh, KSA
Department: AML Location: KSA Description As an AML Associate, you will support the company’s efforts to prevent money laundering and financial crimes by monitoring transactions, conducting investigations, and ensuring c
Ad Ops Specialist
Riyadh, KSA
Department: Marketplace, Product Location: KSA Description Tabby Ads is our retail media business living right inside the Tabby marketplace – and it's growing fast. We're looking for someone to be the engine room behind
Legal Specialist
Riyadh, KSA
Department: Legal Location: KSA Description About the Role We are looking for a hands-on Legal Specialist to join our legal team in KSA. The ideal candidate brings 1-2 years of legal experience, preferably in a fintech,
Sales Development Representative Intern
Dubai, UAE
Department: Merchant Business Location: UAE Description About Tabby: Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 20 million users choose Tabby to
Analyst, Information Security
Riyadh, KSA
Account Management Specialist
Abu Dhabi, UAE
Account Management Specialist
Dubai, UAE
Analyst, Information Security
Riyadh, KSA
AML Associate
Riyadh, KSA
Ad Ops Specialist
Riyadh, KSA
Legal Specialist
Riyadh, KSA
Sales Development Representative Intern
Dubai, UAE