Network Email Security Engineer – Riyadh

<div><h3><b>Network Email Security Engineer – Riyadh</b></h3><ul><li>Manage and support Next-Generation Firewalls (e.g., Palo Alto or equivalent), including site-to-site and remote-access VPNs.</li><li>Configure and maintain IPS/Threat Prevention, URL filtering, sandboxing (e.g., WildFire or equivalent), and SSL decryption where applicable.</li><li>Ensure high availability (HA), failover readiness, and seamless logging integration with SIEM platforms.</li><li>Administer Secure Email Gateway solutions (e.g., Proofpoint or equivalent), including inbound and outbound email security policies.</li><li>Implement and optimize anti-phishing, Business Email Compromise (BEC), and impersonation protection controls.</li><li>Manage URL rewriting, attachment sandboxing/detonation, and quarantine workflows.</li><li>Collaborate with the Messaging team on SPF, DKIM, and DMARC configurations and posture assessments.</li><li>Perform daily health checks for NGFW clusters, including threat/content updates, licensing, and HA synchronization.</li><li>Maintain rulebase hygiene by removing unused or redundant rules, enforcing least privilege, and validating security profiles (AV, IPS, URL filtering).</li><li>Manage remote access solutions (e.g., GlobalProtect or equivalent), including policy configuration, MFA integration with IAM teams, and user experience SLAs.</li><li>Troubleshoot network traffic issues using log analysis, ACC, PCAPs, and policy simulations in coordination with relevant stakeholders.</li><li>Continuously tune inbound/outbound policies and strengthen phishing/BEC detection capabilities.</li><li>Monitor and enhance sandboxing effectiveness for URLs and attachments.</li><li>Manage quarantine queues, approval workflows, and user notifications (digests).</li><li>Provide user guidance on safe email practices and handling false positives/negatives.</li><li>Lead and manage P1 security incidents across network perimeter and email security domains.</li><li>Coordinate closely with SOC teams for SIEM alerts and response playbooks.</li><li>Execute rapid containment measures (e.g., blocking rules, URL detonation actions, sender restrictions).</li><li>Conduct root cause analysis (RCA) and implement corrective/preventive actions.</li><li>Prepare CAB-ready change requests, including impact analysis, testing, and rollback plans for updates, upgrades, and policy changes.</li><li>Perform post-change validation and maintain accurate documentation.</li><li>Maintain audit-ready documentation, including change approvals, policy exports, update logs, quarantine reports, and incident timelines.</li><li>Conduct regular security posture reviews and reporting.</li><li>Ensure alignment with regulatory frameworks such as SAMA and NCA CSF.</li><li>Support internal and external audits with clear, traceable evidence.</li><li>Develop and maintain runbooks and SOPs covering policy management, incident response, quarantine workflows, and upgrade procedures.</li><li>Mentor L1/L2 team members and support knowledge transfer through shadowing and reverse-shadowing practices.</li></ul><h3>Qualifications&Skills</h3><ul><li>Hands-on experience with Next-Generation Firewalls (preferably Palo Alto) and a leading Secure Email Gateway solution (e.g., Proofpoint or equivalent).</li><li>Strong discipline in change and incident management processes, with the ability to produce clear and concise reports in English (Arabic is an advantage).</li><li>Solid understanding of packet analysis, SSL decryption concepts, and email flow fundamentals, with the ability to collaborate effectively with messaging teams.</li></ul></div>#J-18808-Ljbffr