Information Security Analyst l (PenTester)📣 Job Ad

About the Information Security Analyst Role

Tabby is a fintech company focused on reshaping how people shop, earn, and save by providing financial freedom. With over 15 million users, Tabby offers interest-free payment solutions to shoppers and partners with over 40,000 brands globally, including Amazon, Noon, and IKEA. The company generates over $10 billion in annual transaction volume and is a rapidly growing fintech in the GCC region. This Information Security Analyst position serves as an entry point into offensive security, emphasizing learning industry-standard tools and methodologies to strengthen the organization's security posture.

Key Responsibilities

• Assist senior engineers in conducting penetration tests on web applications, APIs, and network infrastructure by executing assigned test cases and documenting findings.
• Support vulnerability assessments using automated scanning tools and verify results through basic manual checks under supervision.
• Participate in Red Team exercises as a supporting team member, learning adversary simulation methodologies.
• Execute controlled offensive testing tasks, such as running scripts and setting up test environments, as directed by senior staff.
• Assist in identifying, documenting, and tracking vulnerabilities throughout the assessment lifecycle.
• Support the development and maintenance of basic scripts and testing utilities for offensive security activities.
• Analyze and document assessment findings, including reproduction steps and initial severity observations.
• Compile findings, screenshots, and tool outputs for penetration test reports.
• Track the status of identified vulnerabilities and remediation progress in relevant systems.
• Assist in validating patched vulnerabilities by re-testing affected systems under senior guidance.
• Provide basic log collection and organizational support to the incident response team during security incidents.
• Maintain up-to-date documentation on offensive security tools, tactics, and methodologies.
• Support compliance testing by executing pre-defined test cases to validate regulatory controls.
• Engage in self-directed learning of offensive security techniques, emerging vulnerabilities, and attack vectors.
• Prepare technical examples and real-world findings for contribution to the security awareness program.

Qualifications and Foundational Knowledge

• Bachelor's degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, or a related field.
• Basic understanding of common vulnerabilities and attack concepts, including OWASP Top 10 and CVEs.
• Foundational knowledge of networking protocols such as TCP/IP, DNS, HTTP/S, FTP, and SMB, and their potential for abuse.
• Exposure to at least one security tool in categories like port scanners (*, Nmap), web proxies (*, Burp Suite Community), or vulnerability scanners.
• Basic proficiency in at least one scripting or programming language (*, Python, Bash, PowerShell) for task automation.
• Fundamental understanding of operating system internals for both Windows and Linux environments.
• Awareness of the MITRE ATT&CK framework and its mapping of adversary behaviors.

Additional Skills and Experience

• Familiarity with cloud concepts (GCP, AWS, or Azure) is considered an advantage.
• Experience in participating in Purple Team exercises as an observer or support role.
• Ability to assist in executing pre-defined test cases for compliance validation.

Work Type and Company Information

This is a Full-time position at Tabby. The company is a leading fintech innovator in the GCC region, focused on providing flexible financial solutions.