Senior Network & Email Security Engineer – Cyber Defense Specialist (5+ Years)

Senior Network & Email Security Engineer – Cyber Defense Specialist (5+ Years)

Location: Riyadh, Saudi Arabia (On-site)
Employment Type: Full-Time
Eligibility: Saudi Nationals Only
Company: One of the Global Big 5 Consulting Firms

About the Role

We are seeking a highly skilled Senior Network & Email Security Engineer to join a leading Big 5 consulting firm, supporting a mission-critical, enterprise-scale environment within a regulated sector.

This role is responsible for maintaining a hardened network perimeter and securing enterprise email systems, ensuring operational excellence, audit readiness, and stability across all security controls. You will own day-to-day operations, incident response, and change governance across network and email security platforms.

Key Responsibilities

Network Security Operations

• Perform daily health checks for Next-Generation Firewall (NGFW) environments, including cluster status, updates, licensing, and HA synchronization
• Maintain and optimize firewall rulebases by removing unused or redundant rules and enforcing least privilege access
• Ensure proper configuration of security profiles (IPS, Anti-Virus, URL Filtering, Threat Prevention)
• Manage remote access solutions (e.g., VPN), ensuring secure configurations and seamless user experience
• Troubleshoot traffic and connectivity issues using logs, packet capture (PCAP), and policy simulations

Email Security Operations

• Manage and optimize Secure Email Gateway policies for inbound and outbound email protection
• Strengthen defenses against phishing, BEC (Business Email Compromise), and impersonation attacks
• Oversee URL rewriting, sandboxing, and attachment detonation processes
• Manage quarantine workflows, user notifications, and false positive/negative handling
• Collaborate with messaging teams on SPF, DKIM, and DMARC alignment and email delivery health

Incident Response & Threat Management

• Lead and coordinate response to high-priority (P1) security incidents
• Work closely with SOC teams to analyze SIEM alerts and execute response playbooks
• Implement rapid containment measures (blocking rules, sender controls, sandbox verdicts)
• Conduct root cause analysis (RCA) and implement corrective and preventive actions

Change Management & Upgrades

• Prepare CAB-ready change requests with full impact analysis, testing plans, and rollback strategies
• Execute firmware upgrades, signature updates, and policy changes
• Perform post-change validation and ensure proper documentation

Compliance & Audit Readiness

• Maintain comprehensive, audit-ready documentation including change records, policy exports, logs, and incident reports
• Ensure alignment with regulatory frameworks such as SAMA and NCA Cybersecurity Framework (CSF)
• Support internal and external audits with clear, traceable evidence and reporting

Documentation & Knowledge Transfer

• Develop and maintain SOPs and runbooks for operational processes and incident handling
• Mentor junior engineers (L1/L2) and support knowledge transfer initiatives
• Drive continuous improvement in operational practices and documentation standards

Technology Environment

• Network Security: NGFW (Palo Alto or equivalent), VPN (site-to-site & remote access), IPS, URL filtering, sandboxing, SSL decryption, HA/failover
• Email Security: Secure Email Gateway (Proofpoint or equivalent), phishing/BEC protection, sandboxing, quarantine management
• Monitoring & Integration: SIEM/SOAR platforms, log analysis, threat intelligence integration

Candidate Profile

Required Qualifications

• Saudi National
• 5+ years of experience in enterprise network and email security operations
• Hands-on experience with NGFW platforms (preferably Palo Alto)
• Experience with Secure Email Gateways (e.g., Proofpoint or equivalent)
• Strong understanding of incident and change management processes
• Proficiency in packet analysis, SSL decryption concepts, and email flow fundamentals
• Strong communication and reporting skills (English required, Arabic is a plus)

Preferred Qualifications

• Experience in banking or regulated environments
• Familiarity with SIEM/SOAR integrations and security automation
• Relevant certifications (e.g., PCNSE, email security certifications, ITIL)

Success Metrics (First 90–180 Days)

• Improved firewall rulebase hygiene with reduced redundancy and full security profile coverage
• High availability stability with zero unplanned failovers
• VPN performance aligned with defined SLAs and MFA enforcement
• Measurable reduction in phishing/BEC incidents and improved email security effectiveness
• Timely delivery of audit-ready documentation and successful internal audit validation

Working Model

• On-site at client premises in Riyadh (Sunday–Thursday)
• On-call support required for critical incidents (P1) and planned changes

Why Join This Opportunity

• Be part of one of the world’s leading Big 5 consulting firms
• Work in a highly secure, regulated, enterprise-scale environment
• Exposure to advanced cybersecurity technologies and threat landscapes
• Opportunity to lead critical security operations with real business impact
• Strong career growth within cybersecurity and consulting domains