15 Security Intelligence jobs in Saudi Arabia

1- Job Purpose

Ensure the efficient management of terminal operations by overseeing passenger flows, ensuring stakeholder compliance, monitoring facility performance, and supervising project execution. Provide strategic support to enhance overall airport functionality and improve the passenger experience.

2- Position Accountability Description

Operational Excellence:

1. Actively manage passenger flows and queuing systems in the terminal check-in areas, ensuring queuing layouts are strategically designed to minimize passenger waiting times and maintain organized control of queues.
2. Actively monitor passenger, airline, and Ground Handling Agent (GHA) compliance with the airport baggage acceptance policy, enforcing adherence to regulations and addressing any issues promptly.
3. Monitor and manage passenger flows in the arrivals areas and baggage reclaim halls, ensuring all service levels are consistently met and addressing any disruptions immediately.
4. Inspect and continuously monitor the performance and functionality of facilities, equipment, and systems within the terminal, coordinating with maintenance teams to address and resolve any problems promptly, ensuring operational efficiency.
5. Inspect and monitor any project execution activities within the terminal, ensuring they adhere to planned schedules and do not interfere with terminal operations.
6. Continuously evaluate and optimize terminal operations, integrating feedback and best practices to enhance overall passenger experience and operational effectiveness.

Stakeholder Management:

1. Monitor the performance of all stakeholders, including airlines and service providers, and resolve any issues on the spot to prevent disturbances to airport operations.
2. Monitor and support the Head of Facilities (HOF) and Airport Quality Improvement (AQI) teams in terminal operations, providing strategic oversight and guidance to ensure seamless and efficient operations.
3. Develop and maintain strong relationships with external stakeholders, including government agencies and vendors, to ensure smooth operations and compliance with regulations.

Sustainability:

1. Implement and monitor sustainability initiatives within terminal operations to reduce environmental impact and promote eco-friendly practices.
2. Ensure compliance with environmental regulations and standards, and continuously seek opportunities to improve sustainability practices.

Record Keeping and Reporting:

1. Maintain accurate records of terminal operations, including passenger flows, compliance reports, and facility performance metrics.
2. Prepare and present regular reports on terminal operations to senior management, highlighting key performance indicators and areas for improvement.

Team Collaboration and Development:

1. Work collaboratively with team members by sharing knowledge, providing support, and actively participating in team activities, fostering a positive and productive work environment.
2. Pursue continuous learning by seeking feedback, attending training sessions, and staying updated on industry trends, enhancing personal skills and professional growth.
3. Provide training and development opportunities for team members to enhance their skills and knowledge, ensuring high performance and job satisfaction.

Emergency Preparedness and Response:

1. Develop and implement emergency preparedness plans for terminal operations, ensuring all team members are trained and ready to respond to emergencies.
2. Coordinate with relevant authorities and stakeholders to ensure effective emergency response and recovery plans are in place.

Customer Service and Experience:

1. Ensure a high level of customer service is provided to all passengers, addressing any issues or concerns promptly and professionally.

1. Monitor passenger feedback and complaints, using this information to improve the overall passenger experience within the terminal.

Key Responsibilities :

• Monitor security alerts and events using SIEM tools and other monitoring systems.

• investigate, triage, and respond to cybersecurity incidents in real-time.

• Coordinate incident response activities across teams and escalate critical event.

• Develop and maintain incident response plans, playbooks, and procedures.

• Generate incident reports and track remediation efforts.

• vulnerability assessments and penetration testing reviews.

• Risk assessment.

• analyze indicators of compromise (IOCs) and perform deep-dive investigations into suspicious activities.

• Work with compliance and audit teams to ensure compliance.

• Managing Firewall Palo Alto, Sophos.

• Protecting AICC local environment.

• Protecting AICC Cloud Azure environment

Qualifications:

• Bachelor’s degree in computer science, related field.

• Minimum 3 years of experience in cybersecurity, with at least 2 years in incident response.

• Familiarity with SIEM, SOC as services.

• Familiarity with regulator, NCA , SADIA.

• Familiarity with IT infrastructure.

Key Responsibilities :

• Monitor security alerts and events using SIEM tools and other monitoring systems.

• investigate, triage, and respond to cybersecurity incidents in real-time.

• Coordinate incident response activities across teams and escalate critical event.

• Develop and maintain incident response plans, playbooks, and procedures.

• Generate incident reports and track remediation efforts.

• vulnerability assessments and penetration testing reviews.

• Risk assessment.

• analyze indicators of compromise (IOCs) and perform deep-dive investigations into suspicious activities.

• Work with compliance and audit teams to ensure compliance.

• Managing Firewall Palo Alto, Sophos.

• Protecting AICC local environment.

• Protecting AICC Cloud Azure environment

Qualifications:

• Bachelor’s degree in computer science, related field.

• Minimum 3 years of experience in cybersecurity, with at least 2 years in incident response.

• Familiarity with SIEM, SOC as services.

• Familiarity with regulator, NCA , SADIA.

• Familiarity with IT infrastructure.

Help AG is looking for a talented and enthusiastic individual to join as a Digital Forensic and Incident Response Specialist under the Cyber Defense Department. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

The Digital Forensic and Incident Response Specialist will be responsible for leading the Digital Forensics and Incident Response team and performing off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents.

Responsibilities:

• Lead and mentor the DFIR team and act on daily management tasks.
• Lead and coordinate incident response activities in unknown environments, including triage, containment, eradication, and remediation.
• Conduct in-depth forensic investigations to determine the root cause of security incidents and breaches.
• Develop and maintain standard incident response plans, best practices, policies, and procedures.
• Develop custom incident response plans tied to specific environments and customer situations.
• Collaborate with cross-functional teams, including IT, legal, and management, to ensure a coordinated response to security incidents.
• Examine and analyze logs/data from a broad variety of security technologies, such as but not limited to Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security data and log sources.
• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.
• Reverse engineer malicious software and develop signatures and indicators of compromise.
• Actively develop incident response tools, scripts, and various detection content.
• Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.
• Articulate and execute common Incident Response methods (e.g. SANS).
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Work on-site as required with clients during Live Security Incidents.
• Maintain a high degree of awareness of the current threat landscape.
• Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.
• Create and present customer reports to ensure quality, accuracy and value to the client.
• Provide technical expertise and guidance to junior incident response and forensic investigation team members.
• Stay current with industry trends, emerging threats, and best practices in incident response and digital forensics.
• Perform other essential duties as assigned.

Qualifications & Skills:

• A degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience in accountability for and applying the methods of Incident Response, including adherence to process and direct engagement with stakeholders.
• 3+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.
• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).
• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.
• At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.
• Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable.
• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.
• Demonstrable experience in analyzing and interpreting system, security and application logs.
• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.
• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.
• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.
• Rapid development in scripting languages: Python/PowerShell/Bash.
• Deep TCP/IP knowledge, networking and security product experience.

Benefits:

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement activities throughout the year.
• Tailored training & development program.

About Us:

Help AG is the cybersecurity arm of e& enterprise and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by Etisalat in Feb 2020, hence creating a cyber security and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor agnostic, trustworthy, independent, and cyber security focused. With best-of-breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

Get AI-powered advice on this job and more exclusive features.

Experience Required: Minimum 3 years in DFIR or related cybersecurity role

Employment Type: Full-time

About the Role:

Security Matterz is seeking a skilledDFIR Specialist to join our growing team. In this role, you will be responsible for investigating, analyzing, and responding to complex cybersecurity incidents, as well as conducting digital forensic investigations to support our clients.

Key Responsibilities:

• Lead digital forensic investigations on endpoints, networks, and cloud environments
• Perform incident response activities including containment, eradication, and recovery
• Analyze malware, logs, and artifacts to identify root cause and impact
• Develop and document investigation reports for internal and client use
• Collaborate with SOC, threat intelligence, and other security teams
• Support continuous improvement of DFIR processes, tools, and playbooks

Qualifications:

• Minimum 3 years of hands-on experience in DFIR, cybersecurity investigations, or incident response
• Strong knowledge of forensic tools (EnCase, FTK, X-Ways, Volatility, Autopsy, etc.)
• Experience with SIEM, EDR, and threat hunting tools
• Familiarity with NIST, SANS, and other incident handling frameworks
• Excellent analytical, documentation, and communication skills
• Relevant certifications (GCFA, GCFE, CHFI, CCE, or similar) are a plus

Why Join Us?

At Security Matterz, you’ll be part of a passionate team delivering high-impact cybersecurity services across multiple industries. We value innovation, expertise, and continuous growth.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Design, Art/Creative, and Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Security Matterz by 2x

Get notified about new Digital Specialist jobs in Riyadh, Riyadh, Saudi Arabia .

Riyadh, Riyadh, Saudi Arabia 16 hours ago

Riyadh, Riyadh, Saudi Arabia 20 hours ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from ACWA Power

Incident Response & Forensics Manager (IT & OT) - Saudi Nationals Only

ACWA Power is seeking an experienced Incident Response & Forensics Manager (IT & OT) to lead investigation and response efforts across our global IT infrastructure and industrial control systems (ICS/SCADA).

This is a high-impact role focused on managing major cyber incidents, conducting digital forensics, and ensuring the security of both digital systems and physical OT environments .

What You’ll Be Doing:

• Lead incident response and forensic investigations across IT and OT environments.
• Triage and escalate threats from SIEM, XDR, and threat detection platforms .
• Perform detailed root cause analysis and ensure timely remediation.
• Collaborate with IT, OT, legal, compliance, and external vendors to coordinate investigations and recovery.
• Develop and conduct incident response training and simulation exercises.
• Prepare incident reports for internal stakeholders and regulatory authorities.
• Ensure compliance with frameworks like NIST, ISO 27001, NERC-CIP, and ISA/IEC 62443 .

What You Bring:

• 5+ years in cybersecurity, with hands-on incident response and forensics experience.
• Strong technical knowledge of both enterprise IT and OT systems (SCADA, ICS, PLCs).
• Experience with Splunk , ELK , QRadar , forensic tools, and malware analysis.
• Certifications such as GCIA, GCIH, GCFA, CFCE, CISSP , or GICSP are preferred.
• Exceptional communicator, able to clearly report high-stakes incidents to both technical and business stakeholders.

Why Join Us:

This is your opportunity to secure the future of a company that powers millions across the globe. At ACWA Power, you'll play a mission-critical role protecting some of the most advanced digital and industrial infrastructures in the world.

Refrain from reaching the recruiter, please apply directly.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Services for Renewable Energy

Referrals increase your chances of interviewing at ACWA Power by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Experience Required: Minimum 3 years in DFIR or related cybersecurity role

Employment Type: Full-time

About the Role:

Security Matterz is seeking a skilledDFIR Specialist to join our growing team. In this role, you will be responsible for investigating, analyzing, and responding to complex cybersecurity incidents, as well as conducting digital forensic investigations to support our clients.

Key Responsibilities:

• Lead digital forensic investigations on endpoints, networks, and cloud environments
• Perform incident response activities including containment, eradication, and recovery
• Analyze malware, logs, and artifacts to identify root cause and impact
• Develop and document investigation reports for internal and client use
• Collaborate with SOC, threat intelligence, and other security teams
• Support continuous improvement of DFIR processes, tools, and playbooks

Qualifications:

• Minimum 3 years of hands-on experience in DFIR, cybersecurity investigations, or incident response
• Strong knowledge of forensic tools (EnCase, FTK, X-Ways, Volatility, Autopsy, etc.)
• Experience with SIEM, EDR, and threat hunting tools
• Familiarity with NIST, SANS, and other incident handling frameworks
• Excellent analytical, documentation, and communication skills
• Relevant certifications (GCFA, GCFE, CHFI, CCE, or similar) are a plus

Why Join Us?

At Security Matterz, you'll be part of a passionate team delivering high-impact cybersecurity services across multiple industries. We value innovation, expertise, and continuous growth.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Design, Art/Creative, and Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Security Matterz by 2x

Get notified about new Digital Specialist jobs in Riyadh, Riyadh, Saudi Arabia .

Riyadh, Riyadh, Saudi Arabia 16 hours ago

Riyadh, Riyadh, Saudi Arabia 20 hours ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Threat Intelligence Lead role at Canonical

Join to apply for the Threat Intelligence Lead role at Canonical

Get AI-powered advice on this job and more exclusive features.

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you'll do in this role

• Build and own Canonical's threat intelligence strategy
• Build and maintain OSINT research environments
• Develop OSINT tradecraft, principals, and techniques
• Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets
• Collaborate across teams to inform on activity of interest
• Coordinate adversary/campaign tracking
• Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
• Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
• Identify intelligence gaps and propose new tools and research projects to fill them
• Conduct briefings for executives, internal stakeholders and external customers
  
  

• An experienced threat intelligence leader (or similar)
• Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
• Able to travel twice a year, for company events up to two weeks long
  
  

• A professional portfolio of OSINT related scripts, tools, or frameworks
• Demonstrated involvement in the larger OSINT community (please share relevant links)
• Degree qualified, with a bachelor's degree in computer science, information security, or a related field
• Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
• Experience in a tech company or government/military signal intelligence departments
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Threat Intelligence Lead jobs in Jiddah, Makkah, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you'll do in this role

• Build and own Canonical's threat intelligence strategy
• Build and maintain OSINT research environments
• Develop OSINT tradecraft, principals, and techniques
• Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets
• Collaborate across teams to inform on activity of interest
• Coordinate adversary/campaign tracking
• Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
• Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
• Identify intelligence gaps and propose new tools and research projects to fill them
• Conduct briefings for executives, internal stakeholders and external customers
  
  

• An experienced threat intelligence leader (or similar)
• Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
• Able to travel twice a year, for company events up to two weeks long
  
  

• A professional portfolio of OSINT related scripts, tools, or frameworks
• Demonstrated involvement in the larger OSINT community (please share relevant links)
• Degree qualified, with a bachelor's degree in computer science, information security, or a related field
• Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
• Experience in a tech company or government/military signal intelligence departments
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Threat Intelligence Lead jobs in Riyadh, Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.