img
نوع العقددوام كامل
طبيعة الوظيفةبالموقع
الموقعالرياض

وصف الوظيفة

About the Information Security Analyst Role

Tabby is a fintech company focused on reshaping how people shop, earn, and save by providing financial freedom. With over 15 million users, Tabby offers interest-free payment solutions to shoppers and partners with over 40,000 brands globally, including Amazon, Noon, and IKEA. The company generates over $10 billion in annual transaction volume and is a rapidly growing fintech in the GCC region. This Information Security Analyst position serves as an entry point into offensive security, emphasizing learning industry-standard tools and methodologies to strengthen the organization's security posture.

Key Responsibilities

  • Assist senior engineers in conducting penetration tests on web applications, APIs, and network infrastructure by executing assigned test cases and documenting findings.
  • Support vulnerability assessments using automated scanning tools and verify results through basic manual checks under supervision.
  • Participate in Red Team exercises as a supporting team member, learning adversary simulation methodologies.
  • Execute controlled offensive testing tasks, such as running scripts and setting up test environments, as directed by senior staff.
  • Assist in identifying, documenting, and tracking vulnerabilities throughout the assessment lifecycle.
  • Support the development and maintenance of basic scripts and testing utilities for offensive security activities.
  • Analyze and document assessment findings, including reproduction steps and initial severity observations.
  • Compile findings, screenshots, and tool outputs for penetration test reports.
  • Track the status of identified vulnerabilities and remediation progress in relevant systems.
  • Assist in validating patched vulnerabilities by re-testing affected systems under senior guidance.
  • Provide basic log collection and organizational support to the incident response team during security incidents.
  • Maintain up-to-date documentation on offensive security tools, tactics, and methodologies.
  • Support compliance testing by executing pre-defined test cases to validate regulatory controls.
  • Engage in self-directed learning of offensive security techniques, emerging vulnerabilities, and attack vectors.
  • Prepare technical examples and real-world findings for contribution to the security awareness program.

Qualifications and Foundational Knowledge

  • Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field.
  • Basic understanding of common vulnerabilities and attack concepts, including OWASP Top 10 and CVEs.
  • Foundational knowledge of networking protocols such as TCP/IP, DNS, HTTP/S, FTP, and SMB, and their potential for abuse.
  • Exposure to at least one security tool in categories like port scanners (*, Nmap), web proxies (*, Burp Suite Community), or vulnerability scanners.
  • Basic proficiency in at least one scripting or programming language (*, Python, Bash, PowerShell) for task automation.
  • Fundamental understanding of operating system internals for both Windows and Linux environments.
  • Awareness of the MITRE ATT&CK framework and its mapping of adversary behaviors.

Additional Skills and Experience

  • Familiarity with cloud concepts (GCP, AWS, or Azure) is considered an advantage.
  • Experience in participating in Purple Team exercises as an observer or support role.
  • Ability to assist in executing pre-defined test cases for compliance validation.

Work Type and Company Information

This is a Full-time position at Tabby. The company is a leading fintech innovator in the GCC region, focused on providing flexible financial solutions.


متطلبات الوظيفة

  • تتطلب ٥-١٠ سنوات خبرة

وظائف مشابهة