cbt-12
Senior Network & Email Security Engineer – Cyber Defense Specialist (5+ Years)
Job description
Senior Network & Email Security Engineer – Cyber Defense Specialist (5+ Years)
Location: Riyadh, Saudi Arabia (On-site)
Employment Type: Full-Time
Eligibility: Saudi Nationals Only
Company: One of the Global Big 5 Consulting Firms
About the Role
We are seeking a highly skilled Senior Network & Email Security Engineer to join a leading Big 5 consulting firm , supporting a mission-critical, enterprise-scale environment within a regulated sector.
This role is responsible for maintaining a hardened network perimeter and securing enterprise email systems, ensuring operational excellence, audit readiness, and stability across all security controls. You will own day-to-day operations, incident response, and change governance across network and email security platforms.
Key Responsibilities
Network Security Operations
• Perform daily health checks for Next-Generation Firewall (NGFW) environments, including cluster status, updates, licensing, and HA synchronization
• Maintain and optimize firewall rulebases by removing unused or redundant rules and enforcing least privilege access
• Ensure proper configuration of security profiles (IPS, Anti-Virus, URL Filtering, Threat Prevention)
• Manage remote access solutions (e.g., VPN), ensuring secure configurations and seamless user experience
• Troubleshoot traffic and connectivity issues using logs, packet capture (PCAP), and policy simulations
Email Security Operations
• Manage and optimize Secure Email Gateway policies for inbound and outbound email protection
• Strengthen defenses against phishing, BEC (Business Email Compromise), and impersonation attacks
• Oversee URL rewriting, sandboxing, and attachment detonation processes
• Manage quarantine workflows, user notifications, and false positive/negative handling
• Collaborate with messaging teams on SPF, DKIM, and DMARC alignment and email delivery health
Incident Response & Threat Management
• Lead and coordinate response to high-priority (P1) security incidents
• Work closely with SOC teams to analyze SIEM alerts and execute response playbooks
• Implement rapid containment measures (blocking rules, sender controls, sandbox verdicts)
• Conduct root cause analysis (RCA) and implement corrective and preventive actions
Change Management & Upgrades
• Prepare CAB-ready change requests with full impact analysis, testing plans, and rollback strategies
• Execute firmware upgrades, signature updates, and policy changes
• Perform post-change validation and ensure proper documentation
Compliance & Audit Readiness
• Maintain comprehensive, audit-ready documentation including change records, policy exports, logs, and incident reports
• Ensure alignment with regulatory frameworks such as SAMA and NCA Cybersecurity Framework (CSF)
• Support internal and external audits with clear, traceable evidence and reporting
Documentation & Knowledge Transfer
• Develop and maintain SOPs and runbooks for operational processes and incident handling
• Mentor junior engineers (L1/L2) and support knowledge transfer initiatives
• Drive continuous improvement in operational practices and documentation standards
Technology Environment
• Network Security: NGFW (Palo Alto or equivalent), VPN (site-to-site & remote access), IPS, URL filtering, sandboxing, SSL decryption, HA/failover
• Email Security: Secure Email Gateway (Proofpoint or equivalent), phishing/BEC protection, sandboxing, quarantine management
• Monitoring & Integration: SIEM/SOAR platforms, log analysis, threat intelligence integration
Candidate Profile
Required Qualifications
• Saudi National
• 5+ years of experience in enterprise network and email security operations
• Hands-on experience with NGFW platforms (preferably Palo Alto)
• Experience with Secure Email Gateways (e.g., Proofpoint or equivalent)
• Strong understanding of incident and change management processes
• Proficiency in packet analysis, SSL decryption concepts, and email flow fundamentals
• Strong communication and reporting skills (English required, Arabic is a plus)
Preferred Qualifications
• Experience in banking or regulated environments
• Familiarity with SIEM/SOAR integrations and security automation
• Relevant certifications (e.g., PCNSE, email security certifications, ITIL)
Success Metrics (First 90–180 Days)
• Improved firewall rulebase hygiene with reduced redundancy and full security profile coverage
• High availability stability with zero unplanned failovers
• VPN performance aligned with defined SLAs and MFA enforcement
• Measurable reduction in phishing/BEC incidents and improved email security effectiveness
• Timely delivery of audit-ready documentation and successful internal audit validation
Working Model
• On-site at client premises in Riyadh (Sunday–Thursday)
• On-call support required for critical incidents (P1) and planned changes
Why Join This Opportunity
• Be part of one of the world’s leading Big 5 consulting firms
• Work in a highly secure, regulated, enterprise-scale environment
• Exposure to advanced cybersecurity technologies and threat landscapes
• Opportunity to lead critical security operations with real business impact
• Strong career growth within cybersecurity and consulting domains


