Analyst, Information Security

Role overview

This position sits within the InfoSec Monitoring team in KSA and supports defensive security work across architecture, cloud, endpoints, secure development, monitoring, and incident response. The analyst works closely with senior security architects and engineers, gaining practical exposure in a fast-moving fintech setting while helping strengthen the organization’s security posture.

The role is designed as an entry-level pathway into security engineering. It focuses on learning by doing across infrastructure protection, cloud controls, SDLC security, vulnerability handling, and awareness initiatives, while building the collaboration skills needed to contribute more independently over time.

Security architecture support

• Help senior architects keep security architecture documents current for IT initiatives, making sure they remain consistent with internal standards and regulatory expectations.
• Review proposed designs and configurations against approved security baselines and highlight concerns for senior validation.
• Maintain architecture diagrams, design records, and mappings of security controls for assigned systems and platforms.
• Join meetings with IT, DevOps, and Risk teams as an observer and note-taker to build understanding of broader security decisions.

Cloud security support

• Monitor GCP and AWS environments for configuration weaknesses and security posture issues using CSPM tooling.
• Review and document cloud setups such as GCP, Terraform, and Kubernetes against recognized security practices with guidance from senior staff.
• Track CI/CD pipeline security issues and help prepare remediation suggestions for engineering teams.
• Build familiarity with cloud security fundamentals, including identity and access management, network segmentation, and secrets handling.

Secure SDLC support

• Assist with deploying and operating security tools in CI/CD pipelines, including SAST, DAST, and dependency scanning.
• Review automated findings from SAST and DAST tools, sort them by type, and escalate urgent issues for senior attention.
• Support source code review using established checklists and flag common weakness patterns such as OWASP Top 10 risks.
• Keep documentation up to date for security checkpoints and tool settings across the development pipeline.

Penetration testing and vulnerability assessment support

• Execute predefined vulnerability assessment cases for web, mobile, API, and infrastructure targets under close supervision.
• Assist with infrastructure vulnerability scans by collecting, organizing, and recording scan outputs from approved tools.
• Maintain the vulnerability register, including findings, severity, ownership, and remediation progress.
• Re-test patched issues to verify remediation and document outcomes accurately.

Endpoint and infrastructure security support

• Help administer and monitor endpoint protection tools such as AV and EDR, including alert triage and basic escalation.
• Gather configuration details, run approved audit scripts, and document infrastructure security review findings against baselines.
• Support firewall rules documentation and identify obsolete or unnecessary rules for senior review.
• Monitor DLP alerts and escalate triggered events according to established procedures.
• Assist with backup and disaster recovery records, including checking that recovery steps are current and properly documented.

Controls development and project support

• Contribute to the creation and upkeep of security checklists and testing models for application security, network reviews, and configuration audits.
• Track security tasks, action items, and remediation tickets across DevOps and engineering efforts.
• Prepare progress updates and status reports on security control implementation for review by senior team members.
• Help prioritize security bugs and feature requests by collecting information and supporting triage discussions.

Security awareness and monitoring support

• Support phishing simulation activities by helping set up scenarios, share materials, and compile results.
• Assist in creating and distributing security awareness training content and communications.
• Review alerts from SIEM and related monitoring tools, escalating unusual activity as defined in playbooks.
• Help maintain incident response playbooks and supporting procedure documents.
• Gather threat intelligence from internal and public sources and summarize the key points for the security team.
• Support the creation and tuning of basic detection rules under senior guidance.

Requirements

This role is open to recent graduates and fresh university leavers; no prior professional experience is necessary. Relevant academic projects, capstone work, or self-driven labs in networking, cloud, or application security will be viewed positively. Exposure to cybersecurity, networking, or software development through internships, projects, or personal labs is an added advantage. Experience in regulated sectors such as fintech or banking is beneficial but not mandatory.

Education

A bachelor’s degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a closely related discipline is required.

Additional notes

The role is part of the defensive security function and offers hands-on exposure across cloud security, endpoint protection, vulnerability management, incident response, and awareness work. It is intended to build the foundations for growth into a fully independent security engineer.