Information Security Engineer - VAPT (Saudi National)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Description Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 15 million users choose Tabby to stay in control of their spending and make the most out of their money.
Key Skills for This Role
Full Job Posting
Description
- Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money.
- Over 15 million users choose Tabby to stay in control of their spending and make the most out of their money.
- The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees.
- Over 40,000 global brands and small businesses, including Amazon, Noon, IKEA, and SHEIN use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.
- Tabby generates over $10 billion in annual transaction volume for its partner brands and is the highest-rated, most-reviewed, largest, and fastest-growing FinTech in the GCC region.
- Tabby launched in 2019 and has since raised +$1 billion in equity and debt funding from global and regional investors, and is now valued at $4.5 billion.
- We are thrilled to announce an opportunity for a skilled Information Security Engineer to join our team and play a role in enhancing our security measures by utilizing your abilities and deep knowledge of information security methodologies.
- Paying attention to details and efficiently solving problems will be crucial in ensuring the safety of Tabby’s systems.
- The role you will be involved in both operations and important implementation projects contributing to the growth and maintenance of our technology infrastructure.
- If you have a passion for cybersecurity, possess technical skills and aspire to make a significant impact we strongly encourage you to apply and become an essential part of our dedicated cybersecurity team.### **Key Responsibilities**
- **Penetration Testing**: Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for Web, Mobile, and API applications. Plan and conduct Infrastructure Vulnerability Assessment and Penetration Testing of systems, switches, servers, and more.
- **Adversary Simulation (Red Teaming):** Participate in sophisticated Red Team
- engagements, emulating real-world threat actor Tactics, Techniques, and Procedures (TTPs) to assess the detection and response capabilities of the Blue Team/SOC.
- **Vulnerability & Application Security Analysis:** Conduct both Dynamic (DAST) and Static (SAST) Application Security Testing, and perform systematic vulnerability assessments using automated tools combined with meticulous manual verification.
- **Report Development:** Produce actionable, high-quality assessment reports that clearly articulate technical findings, business risk, and remediation strategies for both technical implementers and non-technical executives.
- **Control Evasion & Social Engineering:** Conduct controlled offensive testing, including Breach & Attack Simulations (BAS) and targeted phishing campaigns, to assess the resilience and bypassability of technical and human controls.
- **Tool Development & Reporting:** Develop and maintain custom scripts and tools to enhance offensive security capabilities, and produce high-quality, actionable reports detailing discovered threats and validated vulnerabilities on an ongoing basis.
- **Security Awareness**: Experience in conducting phishing simulations and other
- awareness exercises to evaluate employee susceptibility to social engineering attacks and provide targeted training to enhance resilience.
Skills, Knowledge & Expertise
- Degree in Information Technology, Computer Science, Software Engineering, or related field
- Knowledge of Information Technology security issues and approaches to manage
- Information Technology security with a fast paced Fintech environment.
- Security Qualification Good to have: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), CREST Registered Penetration Tester (CRT) or equivalent.
- Excellent communication, influencing and stakeholder management skills
- 2-3 Experience of working across teams to deliver solutions and generate high levels of internal buy-in
- Experience of working in a culturally diverse environment
- Knowledge of online technologies, payment methods, content delivery networks, REST APIs, microservices, and application development.
- Programming and scripting understanding (Bash, Python etc.)
About Tabby
Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.
The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees.
Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.
Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.
Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Tabby
Vendor Manager
الرياض, KSA
Tabby is hiring a Vendor Risk Manager to own the third-party risk program end-to-end, from due diligence to offboarding. Requires 3-4 years in third-party risk management, knowledge of NIST CSF, ISO 27001, SOC 2, and str
Intern QA Engineer
Riyadh, KSA
Tabby is looking for an Intern QA Engineer to join their team in Riyadh. This is an engineering role with real responsibility, focusing on product quality across multiple systems. Interns will work on production tasks, i
Intern Backend (Go) Engineer
الرياض, KSA
Tabby offers a paid backend engineering internship for strong early-career engineers. Interns work on production code in Go, developing and maintaining backend services, APIs, and data storage for high-load financial sys
Finance Manager (Financial Control)
Riyadh, KSA
Tabby is looking for a Finance Manager to support finance operations for its Saudi Arabia entity, ensuring accurate financial reporting, regulatory compliance, and strong financial governance. The role oversees statutory
Intern QA Engineer
الرياض, KSA
Tabby is seeking an Intern QA Engineer to join their engineering team in Riyadh. This is a paid internship with real responsibility, focusing on product quality across multiple systems. Candidates should have programming
DevOps Intern
الرياض, KSA
Tabby offers a paid DevOps internship for strong early-career engineers in Riyadh. Interns work on production cloud infrastructure, Kubernetes, CI/CD, and observability with real responsibility and a path to a junior rol
DBA Intern
الرياض, KSA
Tabby offers a paid DBA internship for strong early-career engineers to work on production database systems including PostgreSQL. Interns will investigate slow queries, review schema changes, maintain backups, and suppor
Senior Tax Associate
Riyadh, KSA
Tabby is seeking a Senior Tax Associate to manage tax compliance, audits, and transfer pricing across KSA and the GCC region. The role requires 2-3 years of tax experience, strong knowledge of Saudi tax regulations, and
Vendor Manager
الرياض, KSA
Intern QA Engineer
Riyadh, KSA
Intern Backend (Go) Engineer
الرياض, KSA
Finance Manager (Financial Control)
Riyadh, KSA
Intern QA Engineer
الرياض, KSA
DevOps Intern
الرياض, KSA
DBA Intern
الرياض, KSA
Senior Tax Associate
Riyadh, KSA
