Cybersecurity Operations Specialist (Project-Based) – KSA (J26-327)

Location: KSA

Sector: IT

Start Date: ASAP

Job Overview

We are seeking a Cybersecurity Operations Specialist for a project-based engagement in Saudi Arabia. The ideal candidate will be responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents while ensuring the security and integrity of the organization’s IT infrastructure.

This role requires hands-on experience in Security Operations Center (SOC) environments and the ability to work independently with minimal supervision.

Key Responsibilities

1. Incident Detection & Response

• Monitor security events using SIEM tools (e.g., Splunk, IBM QRadar, Microsoft Sentinel)
• Analyze and investigate alerts related to:
• Malware infections
• Phishing attacks
• Unauthorized access
• Perform incident response activities:
• Triage
• Containment
• Eradication
• Recovery
• Conduct root cause analysis and prepare incident reports

2. Threat Monitoring & Detection

• Monitor logs from endpoints, servers, network devices, and cloud environments
• Develop and fine-tune detection rules and correlation logic
• Utilize frameworks such as MITRE ATT&CK for threat analysis
• Identify suspicious activities and potential threats proactively

3. Security Operations & Optimization

• Improve SOC processes and workflows
• Reduce false positives and improve alert quality
• Develop and maintain incident response playbooks
• Support automation initiatives using SOAR tools (e.g., Cortex XSOAR)

4. Endpoint & Network Security

• Monitor and manage EDR/XDR solutions (e.g., Microsoft Defender, CrowdStrike)
• Analyze firewall, VPN, IDS/IPS, and network traffic logs
• Ensure endpoint protection and compliance with security policies

5. Vulnerability & Threat Management

• Perform vulnerability assessments using tools like Nessus or Qualys
• Track and support remediation efforts
• Integrate threat intelligence feeds into monitoring systems

Required Qualifications

• Bachelor’s degree in IT, Cybersecurity, or related field
• 3-7 years of experience in SOC or cybersecurity operations
• Hands-on experience with at least one SIEM platform (Splunk, Sentinel, QRadar)

Strong understanding of:

• Incident response processes
• Log analysis
• Network security fundamentals
• Experience with EDR/XDR tools
• Familiarity with TCP/IP, DNS, HTTP, firewalls
• Preferred Qualifications
• Experience with SOAR platforms
• Knowledge of cloud security (AWS / Azure)
• Scripting skills (Python, PowerShell)
• Familiarity with MITRE ATT&CK framework
• Certifications (Preferred)
• CompTIA Security+
• CySA+
• CEH
• GCIH
• Cisco CyberOps Associate