Information Security Intern
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Tabby is seeking an Information Security Intern to join their InfoSec GRC team in Riyadh. The internship offers two tracks: VAPT (application security testing, threat modelling, secure code review) and GRC (compliance, risk assessments, policy maintenance).
Key Skills for This Role
Responsibilities
- Triage findings from SAST, DAST, SCA, and dependency scanners across mobile and backend repos
- Reproduce and document vulnerabilities; write remediation tickets for product teams
- Contribute to secure code reviews on selected merge requests
- Participate in threat modelling sessions for new features and produce write ups
- Run scoped assessments against staging environments under senior sign off
- Help maintain security tooling: scanner configs, baseline rules, dashboards, false positive triage queues
- Help with security checks during release cycles
- Contribute to DevSecOps — security gates in CI/CD pipelines, dependency and container image scanning
- Exposure to logging, monitoring, and alert triage workflows alongside the SOC
- Participate in incident response exercises and post mortems alongside senior engineers
Requirements
- Solid understanding of information security fundamentals (CIA, OWASP Top 10, common controls)
- Understanding of HTTP, TLS, DNS, and TCP/IP fundamentals
- Understanding of authentication and authorization patterns (sessions, cookies, OAuth 2.0, JWT)
- Familiarity with Linux command line and POSIX like environments
- Ability to read technical material and explain it clearly in writing
- Experience with Git and standard development workflows
- Strong ethical mindset and discretion
- Open to constructive feedback
- English sufficient for documentation and team communication
- Saudi nationals only
Full Job Posting
Description
- Tabby builds financial products used by millions of users across the GCC. We work on high load, security critical systems with strict regulatory requirements.
- The Information Security function protects Tabby across mobile apps, backend services, payment integrations, and cloud infrastructure.
- This internship is not educational by default. It is an engineering role with real responsibility.
- Information Security at Tabby covers two complementary tracks: VAPT and GRC.
- The internship is designed for strong early career engineers who want to grow as security practitioners.
Key Responsibilities
- Triage findings from SAST, DAST, SCA, and dependency scanners across mobile and backend repos
- Reproduce and document vulnerabilities; write clear remediation tickets for product teams
- Contribute to secure code reviews on selected merge requests (auth, input validation, data handling)
- Participate in threat modelling sessions for new features and produce write ups
- Run scoped assessments against staging environments under senior sign off
- Help maintain security tooling: scanner configs, baseline rules, dashboards, false positive triage queues
- Help with security checks during release cycles
- Contribute to DevSecOps — security gates in CI/CD pipelines, dependency and container image scanning
- Exposure to logging, monitoring, and alert triage workflows alongside the SOC
- Participate in incident response exercises and post mortems alongside senior engineers
Skills, Knowledge & Expertise
- Solid understanding of information security fundamentals: confidentiality, integrity, availability; common attack categories (OWASP Top 10) and common control categories
- Understanding of HTTP, TLS, DNS, and TCP/IP fundamentals
- Understanding of authentication and authorization patterns (sessions, cookies, OAuth 2.0, JWT)
- Familiarity with Linux command line and POSIX like environments
- Ability to read technical material and explain it clearly in writing
- Experience with Git and standard development workflows
- Strong ethical mindset and discretion
- Open to constructive feedback
- English sufficient for documentation and team communication
Eligibility
- Saudi nationals only
- Self funded internship by Tabby
- We welcome both current students and fresh grads
- We expect a full time level of engagement throughout the internship.
Format
- Paid internship
- Full integration into the Information Security team
- Distributed engineering team across multiple countries
- Open to Saudi nationals (Saudi passport required); location flexible — candidates may be based outside KSA
- Office first in Riyadh where possible
- Clear path to a junior Information Security engineer role based on performance
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Tabby | تابي
Commercial Operations Executive
Riyadh, KSA
Tabby seeks a Program Management Executive (Implementations) to support merchant and channel partner onboarding, technical coordination, and product rollout execution. Requires strong technical literacy, cross-functional
Internal Audit Lead - Financial Risk
Abu Dhabi, UAE
Tabby is hiring an Internal Audit Lead for Financial Risk to lead end-to-end audits across finance, treasury, and financial risk management. The role requires 7+ years of experience in internal/external audit within fint
Internal Audit Lead - Financial Risk
Dubai, UAE
Tabby is hiring an Internal Audit Lead to oversee finance, treasury, and financial risk audits. The role requires 7+ years of experience, a relevant degree, professional certifications, and advanced data analytics skills
Senior Internal Auditor - Operations
Dubai, UAE
Tabby is seeking a Senior Internal Auditor to lead operational audits across business processes including ERM, vendor management, HR, and marketing. The role requires 5+ years of internal audit experience, a relevant deg
Internal Audit Lead - Financial Crime
Abu Dhabi, UAE
Tabby is hiring an Internal Audit Lead - Financial Crime to lead and deliver audits across financial crime and compliance domains. The role requires deep expertise in AML, CTF, sanctions, fraud prevention, and data analy
Internal Audit Lead - Financial Crime
Dubai, UAE
Tabby is hiring an Internal Audit Lead - Financial Crime to lead and deliver audits across financial crime and compliance domains. The role requires deep expertise in AML, CTF, sanctions, fraud prevention, and data analy
Senior Internal Auditor - Operations
Abu Dhabi, UAE
Tabby is hiring a Senior Auditor - Operational Audits to deliver end-to-end audits across business and operational processes. The role focuses on risk-based audit engagements, assessing governance and internal controls.
Head of Finance (Financial Control)
Jeddah, KSA
Tabby seeks a Head of Finance (Financial Control) for KSA to lead finance operations, ensuring robust financial reporting, statutory compliance, and governance. The role involves monthly closing, tax filings, SAMA pruden
Commercial Operations Executive
Riyadh, KSA
Internal Audit Lead - Financial Risk
Abu Dhabi, UAE
Internal Audit Lead - Financial Risk
Dubai, UAE
Senior Internal Auditor - Operations
Dubai, UAE
Internal Audit Lead - Financial Crime
Abu Dhabi, UAE
Internal Audit Lead - Financial Crime
Dubai, UAE
Senior Internal Auditor - Operations
Abu Dhabi, UAE
Head of Finance (Financial Control)
Jeddah, KSA