40 Security Assessment jobs in Saudi Arabia

What Youll Do

• Lead Microsoft 365 collaboration & security strategy, aligning solutions with business goals.
• Design, implement & optimize M365 services (Exchange, Teams, SharePoint, Intune, Purview, Entra, Defender).
• Automate processes & reporting using Graph APIs, PowerShell & AI-driven solutions.
• Advise clients through workshops, assessments & executive briefings; act as trusted technical advisor.
• Review designs, validate deliverables & mentor teams to ensure delivery excellence.
• Oversee governance, compliance & documentation standards.
• Drive continuous improvement in security, resilience & productivity across collaboration environments.

Key Skills & Competencies

• Deep expertise in Microsoft 365 Security, Compliance & Collaboration (Purview, Defender, Intune, Entra, Teams, SharePoint, Exchange).
• Strong knowledge of IAM, compliance frameworks (GDPR, HIPAA, ISO 27001, SOC 2) & enterprise-scale security design.
• Proficiency in Microsoft Graph APIs & PowerShell automation.
• Excellent communication & stakeholder management skills.

What You'll Bring

• 8+ years in IT infra, collaboration & security; 5+ years in M365 Security & Compliance.
• Bachelor's in CS/IT/Security (Master's preferred).
• Certifications: SC-900 (required), SC-400/SC-200/Teams Voice Engineer (preferred); CISSP/CISM desirable.
• Proven leadership, advisory & mentoring experience in enterprise consulting environments.

Cipher | سايڤر is a cybersecurity solutions provider based in Riyadh, Saudi Arabia. The company's goal is to simplify the perception of complexity surrounding cybersecurity problems and solutions. Cipher's team of Saudi professionals and experts work tirelessly to develop, customize, and manage digital services and cybersecurity solutions to ensure their peace of mind. Our goal is to provide peace of mind to our clients by making digital security simple and efficient.

Key Responsibilities:

• Engage with clients to define the scope and objectives of penetration tests, including systems, applications, and environments to be assessed.
• Plan, design, and execute manual penetration tests across web applications, mobile applications, APIs, cloud services, and enterprise infrastructure.
• Perform advanced security assessments such as source code reviews, business logic testing, and red team/adversary simulations.
• Conduct onsite and remote testing to identify vulnerabilities, misconfigurations, and gaps in defensive controls.
• Simulate real-world attacks to evaluate the effectiveness of detection, prevention, and response mechanisms.
• Document and communicate findings in detailed technical reports with clear risk ratings, business impact analysis, and actionable remediation steps.
• Present results and recommendations to both technical and executive-level stakeholders.
• Provide strategic security advice to clients on hardening systems, reducing attack surface, and improving detection and response.
• Continuously update knowledge of emerging threats, vulnerabilities, tools, and penetration testing methodologies (e.g., OWASP, MITRE ATT&CK).

Educational Requirements:

Bachelor's degree of Computer Science, Cybersecurity, Information Technology, or a related field.

Certifications:

Preferred Certifications:

• OSCP (Offensive Security Certified Professional)
• eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme)
• CRTP (Certified Red Team Professional)
• Additional relevant certifications such as OSWE, OSEP, GXPN, CREST CRT, or equivalent.

Required Skills & Competencies:

• Strong hands-on experience in penetration testing of web, mobile, cloud, and infrastructure environments.
• Expertise in manual vulnerability discovery and exploitation (excluding exploit development).
• Experience conducting detailed source code reviews to identify security weaknesses.
• Familiarity with red team frameworks, adversary simulation techniques, and threat modeling.
• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash).
• Strong analytical and problem-solving skills, with the ability to evaluate complex systems.
• In-depth understanding of technical systems, application architectures, and common attack vectors.
• Excellent written and verbal communication skills for delivering clear reports and executive presentations.
• Ability to translate technical findings into meaningful business risk insights.

Perform penetration tests and vulnerability assessments to identify, exploit, and help remediate security weaknesses in the organization's IT environment. Deliver clear, actionable results for technical and non-technical audiences.

Key Responsibilities:

• Conduct regular penetration tests (internal/external, web, network, applications) and vulnerability assessments.

• Identify attack paths and prioritize exploitable weaknesses while ensuring service continuity.

• Produce clear, actionable reports for technical teams and leadership.

• Develop and test incident response playbooks and remediation guidance.

• Use SIEM and log analysis to support testing and post-exploit investigations.

• Support SOC operations and continuous monitoring activities.

• Run periodic IDS/IPS and detection-control tests and update response procedures.

• Collaborate with IT teams to validate fixes and improve defenses.

• Maintain thorough documentation of tests, findings, and remediation steps.

• Stay current with global threat developments and adjust testing methodologies accordingly.

Minimum Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or related field.

• 3–4 years' experience in penetration testing, red teaming, or offensive security.

Preferred Certifications:

• eJPT

• OSCP

• CEH

or equivalent.

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region's ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments.

As experts in business security and privacy.

We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Recommends security controls to mitigate risks identified through testing and review.
• Conducts required reviews, including reviews of defensive measures, according to the organization's policies.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and nontechnical risk and vulnerability assessments of organizational technology environments.
• Maintains a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits.
• Tests for vulnerabilities in web applications, client applications and standard applications.
• Conducts physical security assessments of servers, systems, and network devices.
• Reports penetration testing and vulnerability assessment findings including risk level, proposed mitigation, and details necessary to reproduce the test results.
• Explains business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Designs simulated attacks to reflect impact in the organization's business and its users.
• Supports in collaborating with cybersecurity vendors to drive innovation in Penetration Testing services development and manage overall Penetration Testing service lifecycle.
• Supports in leading the implementation of go-to-market and roadmap for Penetration Testing services solutions & tools.
• Supports in developing Penetration Testing Services' lifecycle end-to-end, including Ideation, feasibility analysis, planning, sourcing, business case, toolkits and operating models design, commercialization, launch, performance management, and retirement, in collaboration with other Advisory sections.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualification:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.

Professional Certificate:

• Offensive Security (OSCP, OSWP, OSWE, OSEP, etc)
• GIAC (GXPN, GCPN, GAWN, GPYC, etc)
• Pen tester Academy (Red Team Expert)

Years of Experience:

• 3 – 5 years in relevant experience

Skills:

• Advance proficiency in conducting vulnerability scans and determine vulnerabilities from the results.
• Intermediate proficiency in conducting penetration testing in line with the organization's policies and best practice.
• Advance proficiency in developing insights about an organization's threat environment.
• Advance proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues
• Advance proficiency in mimicking threat behaviors.
• Intermediate proficiency in implementing adversary Tactics, Techniques and Procedures.
• Basic proficiency in service development.
• Basic proficiency in user experience knowledge.
• Basic proficiency in recognizing industry trends & KPIs

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region's ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments. As experts in business security and privacy. We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Participates in reporting penetration testing and vulnerability assessment findings including risk level, proposed mitigation and details necessary to reproduce the test results.
• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and non-technical risk and vulnerability assessments of organizational technology environments.
• Tests for vulnerabilities in web applications, client applications, and standard applications.
• Conducts physical security assessments of servers, systems and network devices.
• Participates in explaining business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Participates in designing complex simulated attacks to reflect impact in the organization's business and its users.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
• Master's degree in Cybersecurity, Computer Science/Information Technology or related discipline is preferred.

Professional Certifications Preferred:

• Relevant certification in technology Security (CISSP, CAP, SSCP, (ISC)2, CCFP, CISM etc.) is preferred. ISO 27001 Lead Implementor, Lead Auditor.

Years of Experience:

• 3-5 years in relevant experience.

Skills:

• Intermediate proficiency in data collection and analysis.
• Intermediate proficiency in reporting skills and recommending actions to be taken.
• Intermediate proficiency in reviewing and editing cybersecurity related plans.
• Intermediate proficiency in identifying gaps and limitations in cyber threat intelligence provision.
• Intermediate proficiency in developing, deploying, and integrating policies that meet organizational system cybersecurity objectives.

Role Name: Credit Risk Assessment Consultant – Auto Financing

Location: Saudi Arabia (Remote)

Work Week: Sunday – Thursday

Working Hours: 9:00 AM – 6:00 PM (Saudi Arabia Standard Time)

Role Summary: We are seeking a consultant to advise on the development of our auto-financing risk assessment logic, with a focus on affordability, creditworthiness, and data-driven decision-making.

• At least 7 years of experience in risk management, with a strong preference for backgrounds in consumer lending or auto-financing.
• Advise on DBR calculation, income/obligation evaluation, and risk tiers.
• Review and refine credit approval frameworks.
• Provide market and regulatory insight to guide model assumptions.
• Validate proposed policies against market data and SAMA expectations.
• Design customer segmentation logic based on risk and affordability profiles to guide product eligibility criteria.
• Collaborate with data and engineering teams to translate risk logic into actionable rule engines and scoring models.
• Define and monitor key credit KPIs, such as approval rate, default risk, early delinquency, and portfolio performance.
• Support stress testing scenarios to assess the resilience of credit models under macroeconomic shifts.
• Review third-party data sources (e.g., Open Banking, SIMAH, employer databases) for integration into credit decision-making.
• Ensure credit policies comply with evolving SAMA regulatory frameworks and align with Sandbox expectations.

1. Credit Risk Analysis:
   • Experience with consumer credit evaluation , ideally in auto-financing or personal loans
   • Understanding of DSR (Debt Service Ratio) , loan-to-value , credit scoring models , and affordability checks
   • Ability to design or review credit policies for used cars, salaried vs. self-employed, etc.
2. Familiarity with SAMA Regulations:
   • Working knowledge of SAMA’s financing regulations , including Fair Credit Terms , KYC , AML , and consumer protection
   • Understanding how credit decisions must align with regulatory compliance in KSA
3. Data & Tech Fluency:
   • Comfort working with credit data inputs from:
   • SIMAH / Bayan Credit Bureau
   • Open Banking APIs (e.g., income and obligation analysis)
   • Can work with or define eligibility models , and help refine your risk engine logic
   • Familiarity with basic Excel modeling and tools like Power BI / Looker / Metabase for analyzing credit outcomes
4. Process & Workflow Design:
   • Experience designing or reviewing credit approval workflows (manual or automated)
   • Can define stages like: pre-screening → document check → scoring, → final offer
5. Stakeholder Alignment:
   • Able to collaborate with tech, ops, and compliance teams to ensure credit logic is embedded in product design
   • Experience working with LOS (Loan Origination Systems) or CRM systems is a plus

• Prior work at a BNPL, auto-leasing, or consumer finance company
• Can help with pilot program design to test risk logic in-market
• Familiarity with machine learning basics to support collaboration with data teams on smarter credit models

Role Name: Credit Risk Assessment Consultant – Auto Financing

Location: Saudi Arabia (Remote)

Work Week: Sunday – Thursday

Working Hours: 9:00 AM – 6:00 PM (Saudi Arabia Standard Time)

Role Summary: We are seeking a consultant to advise on the development of our auto-financing risk assessment logic, with a focus on affordability, creditworthiness, and data-driven decision-making.

• At least 7 years of experience in risk management, with a strong preference for backgrounds in consumer lending or auto-financing.
• Advise on DBR calculation, income/obligation evaluation, and risk tiers.
• Review and refine credit approval frameworks.
• Provide market and regulatory insight to guide model assumptions.
• Validate proposed policies against market data and SAMA expectations.
• Design customer segmentation logic based on risk and affordability profiles to guide product eligibility criteria.
• Collaborate with data and engineering teams to translate risk logic into actionable rule engines and scoring models.
• Define and monitor key credit KPIs, such as approval rate, default risk, early delinquency, and portfolio performance.
• Support stress testing scenarios to assess the resilience of credit models under macroeconomic shifts.
• Review third-party data sources (e.g., Open Banking, SIMAH, employer databases) for integration into credit decision-making.
• Ensure credit policies comply with evolving SAMA regulatory frameworks and align with Sandbox expectations.

1. Credit Risk Analysis:
   • Experience with consumer credit evaluation , ideally in auto-financing or personal loans
   • Understanding of DSR (Debt Service Ratio) , loan-to-value , credit scoring models , and affordability checks
   • Ability to design or review credit policies for used cars, salaried vs. self-employed, etc.
2. Familiarity with SAMA Regulations:
   • Working knowledge of SAMA’s financing regulations , including Fair Credit Terms , KYC , AML , and consumer protection
   • Understanding how credit decisions must align with regulatory compliance in KSA
3. Data & Tech Fluency:
   • Comfort working with credit data inputs from:
   • SIMAH / Bayan Credit Bureau
   • Open Banking APIs (e.g., income and obligation analysis)
   • Can work with or define eligibility models , and help refine your risk engine logic
   • Familiarity with basic Excel modeling and tools like Power BI / Looker / Metabase for analyzing credit outcomes
4. Process & Workflow Design:
   • Experience designing or reviewing credit approval workflows (manual or automated)
   • Can define stages like: pre-screening → document check → scoring, → final offer
5. Stakeholder Alignment:
   • Able to collaborate with tech, ops, and compliance teams to ensure credit logic is embedded in product design
   • Experience working with LOS (Loan Origination Systems) or CRM systems is a plus

• Prior work at a BNPL, auto-leasing, or consumer finance company
• Can help with pilot program design to test risk logic in-market
• Familiarity with machine learning basics to support collaboration with data teams on smarter credit models

Role Name: Credit Risk Assessment Consultant – Auto Financing

Location: Saudi Arabia (Remote)

Work Week: Sunday – Thursday

Working Hours: 9:00 AM – 6:00 PM (Saudi Arabia Standard Time)

Role Summary: We are seeking a consultant to advise on the development of our auto-financing risk assessment logic, with a focus on affordability, creditworthiness, and data-driven decision-making.

• At least 7 years of experience in risk management, with a strong preference for backgrounds in consumer lending or auto-financing.
• Advise on DBR calculation, income/obligation evaluation, and risk tiers.
• Review and refine credit approval frameworks.
• Provide market and regulatory insight to guide model assumptions.
• Validate proposed policies against market data and SAMA expectations.
• Design customer segmentation logic based on risk and affordability profiles to guide product eligibility criteria.
• Collaborate with data and engineering teams to translate risk logic into actionable rule engines and scoring models.
• Define and monitor key credit KPIs, such as approval rate, default risk, early delinquency, and portfolio performance.
• Support stress testing scenarios to assess the resilience of credit models under macroeconomic shifts.
• Review third-party data sources (e.g., Open Banking, SIMAH, employer databases) for integration into credit decision-making.
• Ensure credit policies comply with evolving SAMA regulatory frameworks and align with Sandbox expectations.

1. Credit Risk Analysis:
   • Experience with consumer credit evaluation , ideally in auto-financing or personal loans
   • Understanding of DSR (Debt Service Ratio) , loan-to-value , credit scoring models , and affordability checks
   • Ability to design or review credit policies for used cars, salaried vs. self-employed, etc.
2. Familiarity with SAMA Regulations:
   • Working knowledge of SAMA’s financing regulations , including Fair Credit Terms , KYC , AML , and consumer protection
   • Understanding how credit decisions must align with regulatory compliance in KSA
3. Data & Tech Fluency:
   • Comfort working with credit data inputs from:
   • SIMAH / Bayan Credit Bureau
   • Open Banking APIs (e.g., income and obligation analysis)
   • Can work with or define eligibility models , and help refine your risk engine logic
   • Familiarity with basic Excel modeling and tools like Power BI / Looker / Metabase for analyzing credit outcomes
4. Process & Workflow Design:
   • Experience designing or reviewing credit approval workflows (manual or automated)
   • Can define stages like: pre-screening → document check → scoring, → final offer
5. Stakeholder Alignment:
   • Able to collaborate with tech, ops, and compliance teams to ensure credit logic is embedded in product design
   • Experience working with LOS (Loan Origination Systems) or CRM systems is a plus

• Prior work at a BNPL, auto-leasing, or consumer finance company
• Can help with pilot program design to test risk logic in-market
• Familiarity with machine learning basics to support collaboration with data teams on smarter credit models