About the job Senior Network & Email Security Engineer (5+ years) — Saudi National
Job Title
Senior Network & Email Security Engineer (5+ years) — Saudi National
Job Summary:
Maintain a hardened perimeter and secure enterprise email with full operational
evidence for audits and transition stability. This role owns day-to-day operations,
hygiene, incident response, and change control across network security controls and
the email security gateway in Client’s production environment.
In-scope technologies (representative, non-exhaustive)
Network Security: Next-Gen Firewalls (e.g., Palo Alto / equivalent), site-to-site &
remote-access VPN, IPS/Threat Prevention, URL filtering, WildFire/sandboxing
(or equivalent), SSL decryption where applicable, HA/failover, logging to SIEM.
Email Security: Secure Email Gateway (e.g., Proofpoint or equivalent):
inbound/outbound policies, anti-phishing/BEC, impersonation protection, URL
rewriting/sandboxing, attachment detonation, quarantine workflows, user digests,
SPF/DKIM/DMARC posture checks (with Messaging team).
Responsibilities
1. Operational Ownership (Network)
Daily health checks for NGFW clusters, threat/content updates, license/status,
HA sync/state.
Rulebase hygiene: reduce unused/overlapping rules, enforce least privilege,
maintain application-based policies, validate security profiles (AV/IPS/URL
filtering).
Remote access posture (e.g., GlobalProtect or equivalent): portal/gateway
policies, MFA integration with IAM team, and user experience SLAs.
Traffic troubleshooting: ACC/log analysis, PCAPs, policy simulation; coordinate
fixes with platform owners.
2. Operational Ownership (Email Security)
Inbound/outbound policy tuning; phishing/BEC controls and executive spoof
protection.
URL and attachment sandboxing effectiveness; manage quarantine queues and
approval flows.
Partner with Messaging team on SPF/DKIM/DMARC alignment; monitor sending
reputation and delivery health.
Provide user-facing guidance (digests, safe release, false positive/negative
handling).
3. Incident Response & Threat Handling
Lead P1 incidents across perimeter/email; coordinate with SOC (SIEM alerts,
playbooks).
Rapid containment (block rules, URL detonation verdicts, sender throttling),
evidence capture, and RCA with corrective actions.
4. Change, Patch & Upgrades
Prepare CAB-ready change plans (impact, test, rollback) for signature/content
updates, firmware upgrades, and policy changes.
Post-change validation and documentation.
5. Compliance & Evidence
Maintain audit-ready artifacts: change tickets/approvals, policy exports, content
update logs, quarantine reports, incident timelines, and monthly posture reviews.
Familiarity with SAMA & NCA CSF audit and regulations requirements.
Support internal/external audits with traceable evidence.
6. Documentation & KT
Own runbooks/SOPs (policy hygiene, incident triage, quarantine workflows,
upgrade steps).
Mentor L1/L2; drive shadow → reverse-shadow.
Required Qualifications
Saudi National; 5+ years in enterprise network and email security operations.
Hands-on with NGFWs (preferably Palo Alto) and a major Secure Email
Gateway (e.g., Proofpoint).
Strong change/incident management discipline; clear written reports in English
(Arabic a plus).
Comfortable with packet analysis, SSL decryption concepts, and mail flow basics
with messaging teams.
Preferred
Banking/regulated-sector experience.
Experience integrating controls with SIEM/SOAR.
Certifications: PCNSE (or equivalent NGFW), vendor SEG certification, ITIL.
Success KPIs (first 90–180 days)
NGFW: rulebase cleanup achieved (unused/overlap ↓), security profiles applied
to 100% Internet-bound policies; HA stability with zero unscheduled failovers.
VPN: user connectivity SLA met; MFA posture validated; incident MTTR ≤ agreed
SLA.
Email: measurable drop in false negatives for phishing/BEC; quarantine SLA
adherence; monthly evidence packs accepted in internal pre-audit.
Location & Model
On-site at Client’s Premises (Riyadh), Sun–Thu; on-call for P1s/changes.