IT Security Engineer

The IT Security Engineer ensures the confidentiality, integrity, and availability of all IT systems, applications, and data, aligning security practices with Saudi regulatory requirements, governance frameworks, and internal policies.

This role provides hands-on security implementation, risk management, and monitoring, supporting the internalization of previously vendor-managed systems, safeguarding the organization’s assets, and enabling secure digital transformation.

Security Governance & Compliance Ensure IT security practices comply with Saudi regulations.

Implement and maintain internal security policies, procedures, and standards.

Conduct security audits and compliance assessments for applications, infrastructure, and cloud services.

Collaborate with management to ensure adherence to corporate governance requirements.

Threat & Vulnerability Management Monitor, detect, and respond to security threats across all IT systems.

Conduct vulnerability assessments and penetration testing.

Implement corrective measures and patch management to mitigate risks.

Maintain security incident logs and coordinate with relevant teams for incident resolution.

Application & Infrastructure Security Secure all application and infrastructure layers, including web, backend, APIs, databases, and client applications.

Review code, architecture, and deployment processes to identify security risks.

Implement access control, authentication, encryption, and secure configurations.

Collaborate with DevOps and Infra teams to ensure secure deployment pipelines.

Monitoring & Incident Response Set up monitoring, alerting, and logging for security events across applications and infrastructure.

Lead incident response efforts and post-incident analysis.

Develop disaster recovery and business continuity plans aligned with security requirements.

Knowledge Management & Training Develop security guidelines, SOPs, and documentation.

Conduct training sessions and workshops to raise awareness among internal users and technical teams.

Promote a security-conscious culture across the organization.

Collaboration & Technical Delivery Work closely with Infra, DevOps, and Development teams for secure architecture and operations.

Review and approve security measures for new tools, applications, and integrations.

Advise on security requirements for new projects, features, or customer integrations.

Job Relations: Reports to: IT Infrastructure Lead / IT Manager Internal Relations: DevOps Engineer, Infra Engineer, QA, Development Teams, IT Support External Communications: Communicate with regulators and auditors to ensure compliance and provide reports.

Liaise with external vendors for security assessments, penetration tests, and certifications.

Escalate critical security risks to IT leadership and management.

Bachelor’s degree in computer engineering, Computer Science, or related field Certifications preferred: CISSP, CISM, CEH, ISO27001 Lead Implementer, or equivalent.

3+ years in IT security, preferably in enterprise or multi-location environments.

with security governance, risk management, and compliance.

Hands-on experience with: Network and infrastructure security (firewalls, VPNs, IDS/IPS), Application security (web, backend, APIs, mobile), Security monitoring tools and SIEM, and Backup, DR, and disaster recovery planning Knowledge of Saudi regulations and compliance frameworks.

Competencies: Strong analytical and problem-solving skills.

Risk-aware mindset with attention to detail.

Ability to translate regulatory requirements into operational security measures.

Collaboration and influence across technical and non-technical teams.

Proactive, process-oriented, and able to enforce security policies.

& Languages: Vulnerability management, penetration testing, and threat intelligence Security monitoring and SIEM tools Network security, firewalls, VPNs, encryption, IAM Application security best practices.

Backup, disaster recovery, and business continuity planning Fluent in English (required).

Arabic proficiency (preferred).