Information Security Engineer

1. Under general supervision implements the design of a complex unified cyber security program in Nesma Holding.
2. Manage the Nesma Group IT Policy for Nesma Holding Company.
3. Provides highly technical security expertise and support related to alarms and monitoring devices.
4. Manages the various security projects including performing impact diagnostics on existing technology projects.
5. Evaluates business and technical security requirements; driving the selection, prototyping and implementation of applications and technical solutions; and effectively communicating inherent security risks to non-technical users and administrators
6. Coordinates and implements enterprise design and remediation solutions based on gathered statistics.
7. Responsible for analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.
8. Performs other duties as assigned within the scope of the qualifications.
9. Strong, hands-on approach to ensuring secure development and engineering practices across multiple internal teams by leading by example. Persons in this role will help reduce risk, threats, and vulnerabilities in Nesma’s Applications, Cloud, Networks, and associated web services.

Performing manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited to cross-site Scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems.

Performing network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols.

Analyzing and testing attack and penetration of Internet infrastructure and Web-based applications utilizing manual and automated tools.

Preparing clear and concise reports and documentation.

Application source code security review.

Communicating clearly and concisely, both orally and in writing.

Establishing and maintaining effective working relationships with those contacted in the course of work.

Other Requirements:

Professional Certification such as GSEC, GIAC, CEH, are strongly preferred.

* Option A to be Saudi

A Bachelor’s degree in Computer Science, Computer Information Systems, Information System Technologi