Key Responsibilities

Security Monitoring & Detection

Monitor and analyze logs and alerts from a wide range of sources including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoints, servers, and cloud platforms.
Perform correlation of events from multiple sources to identify advanced threats and unusual patterns of behavior.
Fine-tune alert thresholds and detection logic to reduce false positives and improve signal-to-noise ratio.
Maintain dashboards and reporting to provide real-time visibility into security posture.

Incident Response & Investigation

Serve as a frontline responder for security incidents, managing incidents through their lifecycle – detection, containment, eradication, recovery, and lessons learned.
Coordinate with internal stakeholders and external vendors during high-severity incidents or data breaches.
Perform root cause analysis and forensic investigations using endpoint and network-based artifacts.
Maintain detailed incident documentation and contribute to post-mortem analysis and reports.

Threat Intelligence & Detection Rule Development

Research emerging threats and trends.
Contribute to the creation and tuning of detection rules, threat-hunting queries, and use cases across multiple platforms including cloud environments.

Vulnerability Monitoring & Management

Support vulnerability scanning and remediation efforts across infrastructure and endpoints.
Correlate vulnerabilities with threat intelligence to prioritize risks.

Collaboration and Communication

Communicate effectively with cross-functional teams including IT, DevOps, Risk, and Compliance during incidents and investigations.
Provide concise and clear updates during incident handling to stakeholders and management.
Mentor junior analysts and assist in training efforts within the SOC team.

Skills, Knowledge and Expertise

Must be Saudi National
2–3 years of experience in a SOC or cybersecurity operations role, ideally in a fast-paced fintech or enterprise environment.
Strong knowledge of security best practices, including incident handling, alert triage, log analysis, and threat modeling.
Understanding of online technologies, REST APIs, microservices, and modern application architectures.
Experience working in a culturally diverse and collaborative environment.
Familiarity with DLP, AV, and anti-malware systems from an operational monitoring perspective.
Experience with phishing detection, user behavior analytics, and security awareness campaigns.
Security certifications such as Security+, CEH, or CySA+ (preferred but not required).
Strong communication skills, especially for coordinating incident response and writing clear incident reports.
Experience with SIEM platforms, SOAR tools, EDR/XDR, and Threat Intelligence platforms.
Familiarity with cloud environments and cloud-native logging and monitoring tools.
Scripting experience (e.g., Python) to automate tasks and improve SOC efficiency.

About Tabby

Tabby creates financial freedom in the way people shop, earn and save, by reshaping their relationship with money.

The company’s flagship offering allows shoppers to split their payments online and in-store with no interest or fees. Over 32,000 global brands and small businesses, including Amazon, Noon, IKEA and Shein use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby has generated over $7 billion in transaction volume for its partner brands and has the highest rated, most reviewed, largest and fastest growing app of any fintech in the GCC region.

Tabby launched operations in 2020 and has raised +$1 billion in equity and debt funding from global and regional investors.

Apply Now

Our Hiring Process

Stage 1:

Applied

Stage 2:

Review

Stage 3:

HR call @Tabby

Stage 4:

Technical interview @Tabby

Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.

Name	Domain	Expiration	Description
_pinpoint_session	pinpointhq.com	As soon as browser window is closed	Allows us to associate file uploads to our file storage provider with your form submissions
LSW_WEB	tabby.pinpointhq.com	As soon as browser window is closed	Allows our load balancer to send your specific traffic to the same backend server
LSW_WEB	app.pinpointhq.com	As soon as browser window is closed	Allows our load balancer to send your specific traffic to the same backend server
cc_cookie	tabby.pinpointhq.com	Six months	Saves your decisions about these cookies so we don't need to ask every time

Name	Domain	Expiration	Description
ahoy_visitor	pinpointhq.com	Two years	We use an internal metrics collector to understand interactions with our website over time
ahoy_visit	pinpointhq.com	Four hours	We use an internal metrics collector to understand interactions with our website over time