Senior Cybersecurity Operations Engineer (SOC / Firewall Security)

The company is seeking a highly skilled and proactive System Operator – Internet Firewall & External Applications to support cybersecurity operations in a leading healthcare environment in Riyadh, Saudi Arabia. The ideal candidate will be responsible for monitoring, managing, and operating enterprise cybersecurity systems to ensure continuous protection of IT infrastructure, applications, and network environments.

The candidate will work onsite during official working hours and collaborate closely with cybersecurity and IT teams to maintain operational security, investigate incidents, and ensure compliance with organizational security standards.

Key Responsibilities:

• Operate and manage cybersecurity solutions including EDR, AV, SIEM, WAF, Firewalls, Proxy, IPS/IDS, and related security tools.
• Continuously monitor security alerts, events, and incidents across enterprise infrastructure.
• Analyze, classify, prioritize, and investigate cybersecurity incidents and threats.
• Execute incident response procedures and escalate incidents based on severity levels.
• Coordinate with system owners and internal departments during incident investigations.
• Document, track, and report cybersecurity incidents accurately.
• Resolve user-related cybersecurity service requests and operational issues.
• Monitor and track cyberattacks, vulnerabilities, and suspicious activities.
• Create and update SIEM use cases and detection rules for new applications and systems.
• Ensure compliance with cybersecurity standards, policies, and technical security requirements.
• Handle incidents reported through the National Cybersecurity Authority (NCA) channels and follow approval processes.
• Prepare monthly operational and incident summary reports, including major security incidents.
• Maintain and support the latest versions of cybersecurity systems and technologies.
• Collect and analyze logs/events from firewalls, network devices, servers, databases, antivirus systems, and endpoints.
• Collaborate with cybersecurity teams to improve monitoring capabilities and incident response efficiency.

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Proven experience in Security Operations Center (SOC) or cybersecurity operations environments.
• Hands-on experience with SIEM, Firewall, WAF, EDR/XDR, IPS/IDS, and endpoint security solutions.
• Strong understanding of incident response, threat monitoring, and log analysis.
• Knowledge of cybersecurity frameworks, standards, and best practices.
• Experience in healthcare or enterprise-level environments is preferred.
• Relevant cybersecurity certifications such as CEH, Security+, CySA+, SC-200, CCNA Security, or equivalent will be an advantage.
• Strong analytical, communication, and documentation skills.

Preferred Skills:

• Experience with enterprise security monitoring and incident management.
• Ability to work under pressure and handle critical incidents effectively.
• Strong troubleshooting and coordination skills.
• Familiarity with compliance and governance requirements within regulated environments.