157 IT Security Specialist jobs in Saudi Arabia

Key Responsibilities

• Deploy, configure, and maintain security tools (EDR, antivirus, vulnerability scanners) across all endpoints and cloud assets, ensuring full coverage and effectiveness.
• Conduct regular health checks, audits, and assessments of security tools and infrastructure to proactively identify and remediate gaps.
• Actively participate in incident response activities, coordinating with Cybersecurity teams to contain, analyze, and recover from security events.
• Support business continuity management (BCM) and disaster recovery (DR) initiatives, including planning, testing, and documentation.
• Serve as a first point of contact for security-related IT helpdesk tasks, triaging issues and escalating as appropriate.
• Manage patch management processes to ensure timely and secure deployment of software and firmware updates organization-wide.
• Implement, monitor, and maintain identity and access management (IAM) controls consistent with company policies and regulatory requirements.
• Collaborate cross-functionally to align IT governance with cybersecurity frameworks such as the SAMA Cyber Security Framework.
• Maintain up-to-date knowledge of evolving threats, vulnerabilities, and compliance mandates, recommending enhancements to improve risk posture.
• Provide security awareness guidance and training support for IT staff and end-users.

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field.
• 1-2+ years’ experience in IT security operations or security engineering.
• Proven ability to work collaboratively between IT and Cybersecurity teams to drive security initiatives and operational excellence.
• Relevant certifications such as Security+.

• Proficiency in deploying and managing endpoint security solutions (EDR, antivirus, vulnerability management).
• Experience with patch management tools and automation processes.
• Solid knowledge of identity and access management (IAM) solutions and practices.
• Basic scripting and automation skills (PowerShell, Python) to support operational efficiency.

Purpose of this Job

To support on keeping the availability, security, and reliability of SADAFCO's information systems, core system and business applications. Provides general cybersecurity support. Assists in cybersecurity tasks. Uses data collected from cyber defense tools to analyze events that occur within their organization to detect and mitigate cyber threats.

Operate Technical Defense and Protection:

• Provide timely detection, identification and alerting of possible attacks, anomalous activities and misuse activities and distinguish them from benign activities.
• Support in implementing secure solutions across SADAFCO environments to sustain a resilient enterprise – covering network services, physical connections, topologies and architecture, and cloud connectivity.
• Use monitoring, detection, incident response, and automation to proactively support ongoing security operations in SADAFCO environment.
• Apply security practices to cloud, on-premises, endpoint, and mobile infrastructure, while considering cryptographic technologies and techniques
• Administer the hardware and software that protects and defends IT systems and networks against cybersecurity threats.
• Analyze security of operations and systems integrated into the network; Analyze vulnerability and configuration data to identify cybersecurity issues.
• Apply cybersecurity and privacy principles to SADAFCO requirements.
• Evaluate, analyze, and identify weaknesses and improvements systems and networks.
• Use the data collected from cyber defense tools to analyze events that occur within to detect and mitigate cyber threats.
• Ensures that security records are accurate and complete and that requests for support are dealt with according to agreed procedures.
• Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
• Verify minimum security requirements are in place.
• Periodically analyze security of our operations and integrated systems.

Threat Management

• Collect and analyze multi-source information about cybersecurity threats to develop deep understanding and awareness of cyber threats and actors’ Tactics, Techniques and Procedures (TTPs)
• Derive and report indicators to help SADAFCO to detect and predict cyber incidents and protect systems and networks from cyber threats.
• Analyze external threat landscape and map it to potential impact.
• Source all data used in intelligence, assessment and planning activities.
• Proactively search for undetected threats in networks and systems, identifies their Indicators of Compromise (IOCs) and recommends mitigation.

Governance, Risk and Compliance:

• Manage individual and entity identities and access to resources by applying identification, authentication and authorization systems and processes.
• Monitor SADAFCO’s cybersecurity program compliance with requirements, policies, and standards.
• Analyze cybersecurity controls and assess their effectiveness from a technical Point of view.
• Prepare audit reports and communicate them to authorized parties.

Engagements with stakeholders:

• Communicate cybersecurity concepts and practices in an effective manner.
• Effectively communicate insights about the threat environment and improvements to security posture

User Awareness and Education:

• Help in Promoting awareness of cybersecurity policy and strategy as appropriate among SADAFCO's staff.
• Maintain training records and reports in alignment with training department in SADAFCO.
• Administer and maintain SADAFCO’s adopted training system.

Disaster Recover (DR) and Business Continuity:

• Develop and test procedures to transfer system operations to an alternate site.
• Execute business continuity and disaster recovery procedures.
• Support peer functions to prepare their own Business Continuity Plan (BCP) by giving IT input.

Vulnerability Assessment :

• Analyze exercise results and system environment to plan and recommend modifications and adjustments.
• Perform vulnerability assessments of systems and networks. Identify deviations from acceptable configurations or applicable policies.
• Measure effectiveness against known vulnerabilities.
• Make recommendations to enable effective remediation of vulnerabilities.

Incident Response (IR):

• Isolate and remove malware.
• Coordinate and support Incident Response activities during cybersecurity events.
• Collect and analyze digital evidence to support investigation of cybersecurity incidents - derive useful information to mitigate system and network vulnerabilities as first responder.

Job Summary

We are seeking a motivated and knowledgeable mid-level Network Security Consultant to join our team. The ideal candidate will assist in designing, implementing, and maintaining secure network solutions to protect organizational assets and support compliance with industry regulations. This role involves evaluating network infrastructure, identifying vulnerabilities, and providing guidance on mitigating security risks. The Network Security Consultant will collaborate with cross-functional teams to deliver tailored security solutions for clients while growing their expertise in the field.

• Assist in assessments of clients' network infrastructure to identify vulnerabilities and threats.
• Support the team in conducting penetration testing and vulnerability scans.
• Contribute to reports with findings and recommendations for security improvements.
• Design and implement secure network architectures, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and access control solutions.
• Configure and deploy security tools to monitor and protect against potential threats.
• Integrate security protocols and standards into existing and new network designs.
• Collaborate on designing and implementing secure solutions for cloud environments (OCI, Azure, GCP).
• Secure cloud-based resources, including virtual networks, storage, and compute instances.
• Deploy cloud-native security tools and frameworks to ensure robust protection.
• Deploy firewall and other network security products in cloud environments.
• Work with clients to understand their security requirements and provide assistance in implementing solutions.
• Participate in technical presentations, training sessions, and workshops to educate clients on best practices.
• Maintain positive relationships with clients to ensure ongoing support and satisfaction.
• Stay updated on emerging threats, vulnerabilities, and security technologies.
• Assist clients in maintaining compliance and implementing necessary controls.
• Create and maintain documentation, including security policies, procedures, and network diagrams under guidance.
• Provide status updates and performance reports to stakeholders as needed.

• Education: Bachelor’s degree in computer science, Information Technology, or a related field, or equivalent practical experience.
• Certifications: Working toward or holding certifications such as CISSP, CISM, CEH, CCSP, or CCNA Security is a plus; Fortinet and Palo Alto certifications are beneficial.
• Experience: 2-4 years of experience in network security, including design, implementation, or auditing; exposure to firewalls, IDS/IPS, SIEM tools, and endpoint protection technologies.
• Technical Skills: Knowledge of network protocols, architecture, and troubleshooting; familiarity with configuring and managing firewalls, routers, and switches; knowledge of cloud platforms and their security frameworks (OCI, Azure, GCP).
• Soft Skills: Strong analytical and problem-solving abilities; good communication and interpersonal skills; ability to manage multiple tasks and meet deadlines.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Other
• Industries: IT Services and IT Consulting

Note: Referrals increase your chances of interviewing at eSense. Get notified about new Network Security Specialist jobs in Riyadh, Riyadh, Saudi Arabia.

Job summary

The Cyber Security Specialist will assist the information security team in protecting the organization's information assets from cyber threats, with a specific focus on maintaining and improving the ISO/IEC 27001 Information Security Management System (ISMS). This role is ideal for a junior professional with a strong interest in cyber governance, compliance, and risk management.

Skills

Essential duties and responsibilities

• Compliance and policy management: Support the information security team in day-to-day tasks related to the ISO 27001 framework. This includes maintaining ISMS documentation, records, and policies to ensure they are up-to-date and compliant with the standard.
• Risk assessment and management: Assist with identifying, assessing, and documenting potential security risks and vulnerabilities. Support the implementation of controls and mitigation plans to address identified risks.
• Audit support: Help coordinate evidence collection for internal and external audits related to ISO 27001. Track and follow up on any compliance tasks and remediation actions across departments.
• Security monitoring: Monitor network traffic, logs, and security alerts for suspicious activity or security incidents. Escalate and assist in investigating security events as they occur.
• Vulnerability management: Support vulnerability assessment and penetration testing activities on internal systems, applications, and networks. Assist with remediation efforts to fix identified weaknesses.
• Security awareness and training: Contribute to the development and delivery of security awareness training programs for employees. Track completion and help foster a security-conscious culture.
• Incident response: Participate in incident response activities and business continuity testing as directed by senior staff. Help to document incident details and remediation steps.
• Reporting: Prepare and maintain reports documenting security metrics, incident summaries, and ISMS performance.

Qualifications

Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field

• Experience: One year of experience in information security, IT support, or risk management role, with exposure to security frameworks.
• ISO 27001 knowledge: Basic understanding of ISO 27001 principles and its associated controls, risk assessment processes, and compliance practices.
• Analytical skills: Strong analytical and problem-solving skills, with excellent attention to detail.
• Communication: Excellent verbal and written communication skills to effectively collaborate with technical and non-technical stakeholders.
• Technical foundation: Familiarity with network protocols, security controls (e.g., firewalls, access controls), and common security tools (e.g., SIEM, vulnerability scanners) is a plus.
• Certifications (preferred): A relevant entry-level security certification, such as CompTIA Security+, or an introductory ISO/IEC 27001 certification

” The Job Description”

1. Develop, implement, and enforce cybersecurity policies, standards, and procedures aligned with industry best practices and national compliance frameworks.
2. Lead the identification, analysis, and remediation of security incidents, vulnerabilities, and threats.
3. Oversee and maintain security solutions including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, SIEM, and DLP tools.
4. Conduct regular risk assessments, penetration testing, and audits to evaluate the effectiveness of security controls.
5. Manage identity and access management (IAM) systems and enforce least-privilege principles.
6. Monitor network, application, and system logs for signs of anomalous or unauthorized activities.

Requirements:

• Bachelor’s degree in Computer Science or Computer Engineering.
• Minimum of 8 years of professional experience in IT security or cybersecurity roles.
• Saudi Nationality is required.
• Deep knowledge of cybersecurity technologies, architectures, and methodologies.
• Hands-on experience with firewalls, SIEM, IDS/IPS, DLP, endpoint protection, and encryption solutions.
• Strong understanding of networking, system security, and cloud security (e.g., AWS, Azure).
• Expertise in security compliance and regulatory frameworks (e.g., ISO 27001, NIST, NCA ECC).
• Experience with forensic investigation tools and incident response processes.