
Information Security Analyst l (PenTester)📣 إعلان
| نوع العقد | دوام كامل | |
| طبيعة الوظيفة | بالموقع | |
| الموقع | الرياض |
وصف الوظيفة
About the Information Security Analyst Role
Tabby is seeking an Information Security Analyst, specifically focusing on Penetration Testing, to join its team. This role serves as a structured entry point into offensive security, emphasizing the development of skills in industry-standard tools, methodologies, and frameworks such as OWASP Top 10 and MITRE ATT&CK. The position supports Tabby's mission to validate and strengthen its security posture against potential exploitation by malicious actors. Tabby is a FinTech company that provides financial freedom through its offerings, enabling users to split payments with no interest or fees. Over 15 million users and 40,000 brands utilize Tabby, which generates over $10 billion in annual transaction volume. Founded in 2019, Tabby has secured significant funding and is valued at $ billion. This is a Full Time position requiring 0-1 years of experience.
Core Responsibilities: Technical Security Assessment
The Information Security Analyst will assist senior engineers in conducting penetration tests across web applications, APIs, and network infrastructure by executing assigned test cases and documenting findings. This includes supporting vulnerability assessments using automated scanning tools like Nmap and other scanners under supervision, and verifying results through basic manual checks. The role also involves participating in Red Team exercises as a supporting team member, learning adversary simulation methodologies, and assisting in pre-agreed test scenarios. Controlled offensive testing tasks, such as running scripts, setting up test environments, and assisting with phishing simulations, will be executed as directed by senior staff. The analyst will also help identify, document, and track vulnerabilities throughout the assessment lifecycle and support the development and maintenance of basic scripts and testing utilities for offensive security activities.
Key Duties: Risk Documentation and Reporting
In this role, the analyst will assist in analyzing and documenting assessment findings, including reproduction steps, evidence, and initial severity observations for review by senior engineers. Support will be provided in preparing penetration test reports by compiling findings, screenshots, and tool outputs into structured report templates. The position also involves helping to track the status of identified vulnerabilities and remediation progress, maintaining accurate records in relevant tracking systems. Additionally, the analyst will assist in validating patched vulnerabilities by re-testing affected systems following confirmed remediation, under senior guidance.
Collaboration and Program Support Functions
The Information Security Analyst will participate in Purple Team exercises in a support and observer capacity, gaining exposure to detection logic and incident response workflows. Basic log collection and organizational support will be provided to the incident response team during active security incidents, as directed. The role includes assisting in maintaining up-to-date documentation on offensive security tools, tactics, and methodologies used by the team. Support for compliance testing efforts will involve executing pre-defined test cases to validate controls required by regulations such as SAMA CSF and PCI-DSS. Active engagement in self-directed learning of offensive security TTPs, emerging vulnerabilities, and attack vectors is expected to build technical depth. Assistance will also be provided in preparing technical examples and real-world findings for contribution to the security awareness program.
Required Qualifications and Foundational Skills
Candidates should possess a Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field. A basic understanding of common vulnerabilities and attack concepts, including OWASP Top 10, CVEs, and common misconfigurations, is required. Foundational knowledge of networking protocols such as TCP/IP, DNS, HTTP/S, FTP, and SMB, and how they can be abused, is necessary. Exposure to at least one security tool in categories like port scanners (Nmap), web proxies (Burp Suite Community), or vulnerability scanners is expected. Basic proficiency in at least one scripting or programming language, such as Python, Bash, or PowerShell, for task automation is essential. A fundamental understanding of operating system internals for both Windows and Linux environments is also required, along with an awareness of the MITRE ATT&CK framework and its mapping of adversary behaviors. Familiarity with cloud concepts (GCP, AWS, or Azure) is considered an advantage.
متطلبات الوظيفة
- لا تتطلب خبرة
وظائف مشابهة
قد يعجبك أيضاً
- وظائف ذات صلة بـ Information Security Analyst l (PenTester)
- وظائف مقدم طعام (ويتر) في الرياض
- وظائف مندوب مبيعات في الرياض
- وظائف أخصائي تمريض في الرياض
- وظائف مدخل بيانات في الرياض
- وظائف مصور فيديو ومصمم في الرياض
- مجالات وظيفية أخرى في الرياض
- وظائف مقدم طعام (ويتر) في الرياض
- وظائف مندوب مبيعات في الرياض
- وظائف أخصائي تمريض في الرياض
- وظائف مدخل بيانات في الرياض
- وظائف مصور فيديو ومصمم في الرياض
- وظائف مدير تطوير اعمال في الرياض
- وظائف Marketing Specialist في الرياض
- وظائف Sales Manager في الرياض
- وظائف Sales Consultant في الرياض
- وظائف Sales Accountant في الرياض
- استكشف الوظائف في أنحاء المملكة
- وظائف مسؤول عمليات تنفيذي (قطاع العقار) في جدة
- وظائف Regional Sales Manager في الرياض
- وظائف مرافق (مشرف) حافلة في النعيرية
- وظائف مصفف شعر (كوافير) في الجبيل
- وظائف Recruitment Specialist في الخرج
- وظائف مدير مالي في مكة المكرمة
- وظائف مشرف تنظيف وتدبير في مكة المكرمة
- وظائف Translator في ينبع
- وظائف MAINTENANCE TECHNICIAN في الدمام
- وظائف مدخل بيانات في الطائف