Senior Network & Email Security Engineer (5+ years) — Saudi National

OverviewSenior Network & Email Security Engineer (5+ years) — Saudi NationalResponsibilitiesOperational Ownership (Network)Daily health checks for NGFW clusters, threat/content updates, license/status, HA sync/state.Rulebase hygiene: reduce unused/overlapping rules, enforce least privilege, maintain application-based policies, validate security profiles (AV/IPS/URL filtering).Remote access posture (e.g., GlobalProtect or equivalent): portal/gateway policies, MFA integration with IAM team, and user experience SLAs.Traffic troubleshooting: ACC/log analysis, PCAPs, policy simulation; coordinate fixes with platform owners.Operational Ownership (Email Security)Inbound/outbound policy tuning; phishing/BEC controls and executive spoof protection.URL and attachment sandboxing effectiveness; manage quarantine queues and approval flows.Partner with Messaging team on SPF/DKIM/DMARC alignment; monitor sending reputation and delivery health.Provide user-facing guidance (digests, safe release, false positive/negative handling).Incident Response & Threat HandlingLead P1 incidents across perimeter/email; coordinate with SOC (SIEM alerts, playbooks).Rapid containment (block rules, URL detonation verdicts, sender throttling), evidence capture, and RCA with corrective actions.Prepare CAB-ready change plans (impact, test, rollback) for signature/content updates, firmware upgrades, and policy changes.Post-change validation and documentation.Compliance & EvidenceUpdate logs, quarantine reports, incident timelines, and monthly posture reviews.Familiarity with SAMA & NCA CSF audit and regulations requirements.Support internal/external audits with traceable evidence.Documentation & KTOwn runbooks/SOPs (policy hygiene, incident triage, quarantine workflows, upgrade steps).QualificationsSaudi National; 5+ years in enterprise network and email security operations.Hands-on with NGFWs (preferably Palo Alto) and a major Secure Email Gateway (e.g., Proofpoint).Strong change/incident management discipline; clear written reports in English (Arabic a plus).Comfortable with packet analysis, SSL decryption concepts, and mail flow basics with messaging teams.PreferredBanking/regulated-sector experience.Experience integrating controls with SIEM/SOAR.Performance MetricsNGFW: rulebase cleanup achieved; 100% Internet-bound policies; HA stability with zero unscheduled failovers.VPN: user connectivity SLA met; MFA posture validated; incident MTTR ≤ agreed SLA.Email: measurable drop in false negatives for phishing/BEC; quarantine SLA adherence; monthly evidence packs accepted in internal pre-audit.Location & ModelOn-site at Client’s Premises (Riyadh), Sun–Thu; on-call for P1s/changes.#J-18808-Ljbffr