IT Security Professional

Job Title IT Security Professional
Sector Operations
Division IT
Section Strategy and Compliance
Unit IT Security
Report To IT Security Manager
Main Job Purpose:
The primary objective of this role is to contribute to the design, implementation, and optimization of
comprehensive IT security solutions. This role involves safeguarding the organization’s computers,
networks, applications, and data from unauthorized access, use, disclosure, modification, disruption,
destruction, and theft. Additionally, conducting in-depth security assessments, developing security policies,
and implementing advanced security technologies. This role plays a key part in mitigating financial,
reputational, and legal risks by proactively identifying and addressing security vulnerabilities and providing
technical leadership on projects.
Duties & Responsibilities:
1. Contribute to information security activities within corporate projects by providing support,
documentation, and technical guidance.
2. Participate in Information Security awareness training programs and workshops to promote a
security-focused culture across the organization.
3. Support the deployment, implementation, and ongoing management of security policies, controls,
and security procedures.
4. Assist with application security mechanisms, including the configuration, deployment, and
troubleshooting of Web Application Firewalls (WAF) and SSL/TLS certificates.
5. Collaborate with software operators to coordinate and verify the deployment of security patches
and updates across systems and applications.
6. Monitor access-control activities to ensure compliance with defined security requirements,
procedures, and user-access governance standards.
7. Oversee whitelisting requests by reviewing, validating, and processing them in accordance with
approved security guidelines.
8. Collaborate with senior IT security personnel to maintain and enhance the organization’s IT security
landscape, ensuring alignment with established security standards.
9. Support application security throughout the development lifecycle (SDLC), ensuring adherence to
secure coding principles and security guidelines.
10. Respond to IT security incidents by analyzing alerts, escalating critical events, and assisting other
teams in containment and recovery efforts in accordance with incident-response procedures.
11. Perform vulnerability scans, review security findings, and coordinate remediation activities with
system and application owners.
12. Conduct IT security activities such as penetration testing and various technical assessments covering
operating systems, applications, databases, and network components.
13. Identify and log security events in the Security Information and Event Management (SIEM) system,
ensuring accurate and timely event documentation.
14. Act as a SOC Tier (2) analyst by monitoring, triaging, analyzing, and escalating security events and
potential incidents.
15. Monitor malware activities within the IT environment and collaborate with relevant teams to
contain, remediate, and prevent recurring infections.
16. Participate in processes and controls related to access control, application whitelisting, active threat
handling, failover readiness, system availability monitoring, end-user support for security matters,
and the monitoring of email security issues such as spam and phishing attempts.
Behavioral Competencies:
1. Communication: Conveys information clearly and adjusts messaging for both technical and
non-technical audiences.
2. Collaboration: Works effectively with cross-functional teams, sharing information and supporting
joint security efforts.
3. Complex Problem-Solving: Identifies root causes of security issues and evaluates practical solutions
to resolve them.
4. Analytical Thinking: Analyzes data, logs, and evidence to draw accurate conclusions and support
informed decisions.
5. Proactivity & Initiative-Taking: Anticipates security risks, takes early action, and suggests
improvements without being prompted.
6. Result Orientation: Delivers high-quality work on time, follows through commitments, and drives
actions that reduce security risk.
Technical Competencies:
1. Advanced Security Assessments and Penetration Testing: Advanced expertise in conducting
complex security assessments and penetration tests.
2. SIEM, SOC, and AI in Security: Advanced proficiency in utilizing SIEM tools, managing SOC
operations, and applying AI to enhance security measures .
3. In-Depth Secure Systems Architecture and SDLC: In-depth knowledge of secure systems
architecture, software development life cycle (SDLC), and development methodologies.
4. Encryption Expertise: Expertise in encryption technologies, cryptographic algorithms, and secure
key management practices.
5. Expert Security planning: Expert-level knowledge of offensive, preventive, detective, and responsive
security strategies.
6. Security Automation & Scripting: Ability to use scripting tools (e.g., PowerShell, Python, Bash) to
automate security tasks, streamline monitoring activities, and improve efficiency in threat detection
and remediation.
Qualifications:
Education A bachelor’s degree in Engineering, IT, Information Security, Electrical, Electronic, or a
related field.
Experience 3-5 years of relevant experience.
Certificates Relevant Certifications in information Security from known bodies are preferred.
Language Fluency in Arabic and English writing and speaking.