Information Security Engineer - VAPT (Saudi National)
Skills
About This Role
Description
- Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money.
- Over 15 million users choose Tabby to stay in control of their spending and make the most out of their money.
- The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees.
- Over 40,000 global brands and small businesses, including Amazon, Noon, IKEA, and SHEIN use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.
- Tabby generates over $10 billion in annual transaction volume for its partner brands and is the highest-rated, most-reviewed, largest, and fastest-growing FinTech in the GCC region.
- Tabby launched in 2019 and has since raised +$1 billion in equity and debt funding from global and regional investors, and is now valued at $4.5 billion.
- We are thrilled to announce an opportunity for a skilled Information Security Engineer to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security methodologies.
- Paying attention to details and efficiently solving problems will be crucial in ensuring the safety of Tabby’s systems.
- The role you will be involved in both operations and important implementation projects contributing to the growth and maintenance of our technology infrastructure.
- If you have a passion for cybersecurity, possess technical skills and aspire to make a significant impact we strongly encourage you to apply and become an essential part of our dedicated cybersecurity team.### **Key Responsibilities**
- **Penetration Testing**: Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for Web, Mobile, and API applications. Plan and conduct Infrastructure Vulnerability Assessment and Penetration Testing of systems, switches, servers, and more.
- **Adversary Simulation (Red Teaming):** Participate in sophisticated Red Team
- engagements, emulating real-world threat actor Tactics, Techniques, and Procedures (TTPs) to assess the detection and response capabilities of the Blue Team/SOC.
- **Vulnerability & Application Security Analysis:** Conduct both Dynamic (DAST) and Static (SAST) Application Security Testing, and perform systematic vulnerability assessments using automated tools combined with meticulous manual verification.
- **Report Development:** Produce actionable, high-quality assessment reports that clearly articulate technical findings, business risk, and remediation strategies for both technical implementers and non-technical executives.
- **Control Evasion & Social Engineering:** Conduct controlled offensive testing, including Breach & Attack Simulations (BAS) and targeted phishing campaigns, to assess the resilience and bypassability of technical and human controls.
- **Tool Development & Reporting:** Develop and maintain custom scripts and tools to enhance offensive security capabilities, and produce high-quality, actionable reports detailing discovered threats and validated vulnerabilities on an ongoing basis.
- **Security Awareness**: Experience in conducting phishing simulations and other
- awareness exercises to evaluate employee susceptibility to social engineering attacks and provide targeted training to enhance resilience.
Skills, Knowledge & Expertise
- Degree in Information Technology, Computer Science, Software Engineering, or related field
- Knowledge of Information Technology security issues and approaches to manage
- Information Technology security with a fast paced Fintech environment.
- Security Qualification Good to have: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), CREST Registered Penetration Tester (CRT) or equivalent.
- Excellent communication, influencing and stakeholder management skills
- 2-3 Experience of working across teams to deliver solutions and generate high levels of internal buy-in
- Experience of working in a culturally diverse environment
- Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
- Programming and scripting understanding (Bash, Python etc.)
About Tabby
Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.
The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees.
Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.
Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.
Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.
Your resume, rewritten
for this exact role.
Sign up free — Base Career tailors your CV to this job description in 60 seconds.
01 / 05
Resume Tailored to This Job
Your keywords, structure, and story — rewritten to match this exact role and pass ATS filters.
Free · No card · 60 seconds
02 / 05
Cover Letter for This Role, Done
Job-specific cover letters written in Gulf professional tone — ready in seconds, not hours.
Free · No card · 60 seconds
03 / 05
See How Well You Fit This Role
AI match score with clear reasons — know your fit before investing time in the application.
Free · No card · 60 seconds
04 / 05
Apply in One Click
Autofill any application form on Workday, LinkedIn, Bayt, Greenhouse — with your tailored content.
Free · No card · 60 seconds
05 / 05
Track It. Follow Up at the Right Time.
Visual pipeline for every application with AI-timed follow-up reminders so nothing slips.
Free · No card · 60 seconds
Similar Jobs
Chief Information Security Officer - Cloud Security - Saudi Arabia
ByteDance · Riyadh
Responsibilities About the team: The Cloud Security team is responsible for the security assurance of ByteDance enterprise businesses and the underlying cloud platform, covering areas such as security architecture, SDLC,
Skills
Information security Lead Auditor (Kingdom of Saudi Arabia)
DNV · Jiddah
About Us We are the independent expert in assurance and risk management. Driven by our purpose, to safeguard life, property, and the environment, we empower our customers and their stakeholders with facts and reliable in
Skills
3 days ago
Apply Now↗Apply Now ↗Regional Information Security Officer (RISO)
Oracle · Saudi Arabia
The role involves advising on cybersecurity strategy, engaging with executives, navigating regulations, and enhancing security transparency across Oracle's offerings.
Skills
5 days ago
Apply Now↗Apply Now ↗Information Security Specialist
Tamimi Commercial · Eastern Province
Monitor networks for security breaches, conduct risk assessments, implement security measures, develop policies, and collaborate with IT to enhance cybersecurity.
Skills
5 days ago
Apply Now↗Apply Now ↗Country Information Security Officer, Saudi National
Standard Chartered · Riyadh
Job Summary The Country Information Security Officer (CISO) for Saudi Arabia is a senior leadership position requiring a sophisticated blend of business insight and technical expertise in Information and Cyber Security (
Skills
5 days ago
Apply Now↗Apply Now ↗Information Security Engineer - VAPT (Saudi National)
Tabby | تابي · Riyadh
Department: InfoSec Monitoring Location: KSA Description Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 15 million users choose Tabby to stay in con
Skills
1 weeks ago
Apply Now↗Apply Now ↗Information Security Governance Coordination Support Service
Talents Arena · الرياض
The service provides administrative and coordination support to the Information Security, Risk, and Business Continuity functions, including: Assisting in the preparation and formatting of governance documentation such
Skills
1 weeks ago
Apply Now↗Apply Now ↗Information Security Engineer L3
Prospex Development · Riyadh
Key Responsibilities Conduct advanced penetration testing and comprehensive security assessments across systems, networks, and applications. Identify, analyze, and remediate vulnerabilities in infrastructure and web ap
Skills
2 weeks ago
Apply Now↗Apply Now ↗Information Security Engineer L2
Prospex Development · Riyadh
Role Overview We are seeking a skilled Information Security Engineer L2 to support and enhance the organization’s cybersecurity operations. The role focuses on managing security platforms, monitoring threats, responding
Skills
2 weeks ago
Apply Now↗Apply Now ↗2.2K+
Cover Letters & Follow-ups
1.8K+
Resumes Tailored
190.5K+
Jobs Tracked
Trusted by professionals at
Stop applying blindly.
Start getting hired.
Base Career automates the hardest parts of job searching — apply smarter, not harder.
AI Resume in 60s
Your resume rewritten for this exact role using the job description as the brief.
ATS-Optimized
Get past automated screening filters with the right keywords matched to each job.
Application Tracker
Track every job, follow-up, and interview in one visual kanban board.
Free plan · No credit card required