Network Security Engineer (m/f/d)

<div><h3>Senior Network&Email Security Engineer</h3><p>Maintain a hardened perimeter and secure enterprise email with full operational evidence for audits and transition stability. This role owns day-to-day operations, hygiene, incident response, and change control across network security controls and the email security gateway in Client’s production environment.</p><h3>In-scope technologies</h3><ul><li><b>Network Security:</b>Next-Gen Firewalls (e.g., Palo Alto / equivalent), site-to-site&remote-access VPN, IPS/Threat Prevention, URL filtering, WildFire/sandboxing (or equivalent), SSL decryption where applicable, HA/failover, logging to SIEM.</li><li><b>Email Security:</b>Secure Email Gateway (e.g., Proofpoint or equivalent): inbound/outbound policies, anti-phishing/BEC, impersonation protection, URL rewriting/sandboxing, attachment detonation, quarantine workflows, user digests, SPF/DKIM/DMARC posture checks (with Messaging team).</li></ul><h3>Responsibilities</h3><h3>Operational Ownership (Network)</h3><ul><li>Daily health checks for NGFW clusters, threat/content updates, license/status, HA sync/state.</li><li>Rulebase hygiene: reduce unused/overlapping rules, enforce least privilege, maintain application-based policies, validate security profiles (AV/IPS/URL filtering).</li><li>Remote access posture (e.g., GlobalProtect or equivalent): portal/gateway policies, MFA integration with IAM team, and user experience SLAs.</li><li>Traffic troubleshooting: ACC/log analysis, PCAPs, policy simulation; coordinate fixes with platform owners.</li></ul><h3>Operational Ownership (Email Security)</h3><ul><li>Inbound/outbound policy tuning; phishing/BEC controls and executive spoof protection.</li><li>URL and attachment sandboxing effectiveness; manage quarantine queues and approval flows.</li><li>Partner with Messaging team on SPF/DKIM/DMARC alignment; monitor sending reputation and delivery health.</li><li>Provide user-facing guidance (digests, safe release, false positive/negative handling).</li></ul><h3>Incident Response&Threat Handling</h3><ul><li>Lead P1 incidents across perimeter/email; coordinate with SOC (SIEM alerts, playbooks).</li><li>Rapid containment (block rules, URL detonation verdicts, sender throttling), evidence capture, and RCA with corrective actions.</li></ul><h3>Change, Patch&Upgrades</h3><ul><li>Prepare CAB-ready change plans (impact, test, rollback) for signature/content updates, firmware upgrades, and policy changes.</li><li>Post-change validation and documentation.</li></ul><h3>Compliance&Evidence</h3><ul><li>Maintain audit-ready artifacts: change tickets/approvals, policy exports, content update logs, quarantine reports, incident timelines, and monthly posture reviews.</li><li>Familiarity with SAMA&NCA CSF audit and regulations requirements.</li><li>Support internal/external audits with traceable evidence.</li></ul><h3>Documentation&KT</h3><ul><li>Own runbooks/SOPs (policy hygiene, incident triage, quarantine workflows, upgrade steps).</li><li>Mentor L1/L2; drive shadow → reverse-shadow.</li></ul><h3>Required Qualifications</h3><ul><li>5+ years in enterprise network and email security operations.</li><li>Hands‑on with NGFWs (preferably Palo Alto) and a major Secure Email Gateway (e.g., Proofpoint).</li><li>Strong change/incident management discipline; clear written reports in English (Arabic a plus).</li><li>Comfortable with packet analysis, SSL decryption concepts, and mail flow basics with messaging teams.</li></ul><h3>Preferred</h3><ul><li>Banking/regulated‑sector experience.</li><li>Experience integrating controls with SIEM/SOAR.</li><li>Certifications: PCNSE (or equivalent NGFW), vendor SEG certification, ITIL.</li></ul><p>We encourage applications from all qualified candidates, regardless of race, gender, disability, or any other characteristic that makes them unique.</p></div>#J-18808-Ljbffr