Cyber Security Engineer

Dear All, NextEra looking for an experienced Cyber Defense professional to strengthen our enterprise detection, response, and hardening capabilities. You will lead hands‑on threat detection and incident response, mature SIEM/EDR/SOAR use‑cases, and drive proactive hardening across endpoints, networks, and cloud workloads. The ideal hire has deep blue‑team expertise, can hunt across complex environments, and is comfortable engaging with stakeholders—from sysadmins to business leaders.

• Threat Detection & Response: Triage alerts, investigate incidents end‑to‑end, contain/eradicate threats, and lead technical post‑incident reviews. Develop and maintain playbooks aligned to MITRE ATT&CK.
• Threat Hunting: Perform hypothesis‑driven hunts using SIEM, EDR telemetry, and network data; convert findings into new detections/use‑cases.
• Engineering & Hardening: Own security configuration baselines (CIS/benchmarks), harden Windows/Linux/AD/O365/Azure, and validate controls via purple‑team exercises.
• Vulnerability & Exposure Management: Coordinate scan cycles, validate exploitable risk, track remediation with owners, and verify closure against SLAs.
• Security Tools Management: Operate and tune SIEM/EDR/SOAR/IDS/IPS, email security, WAF, and cloud‑security tooling; optimize log sources and parsers for coverage and fidelity.
• Policy, Audit & Compliance Support: Provide technical evidence for audits; map controls and incidents to frameworks (e.g., NIST CSF, ISO 27001) and KSA‑specific requirements (e.g., NCA ECC).
• Awareness & Enablement: Deliver targeted guidance to IT/DevOps and conduct lessons‑learned sessions after incidents to drive secure behaviors.
• Documentation & Reporting: Maintain runbooks, detections catalog, IR timelines, and dashboards; publish weekly metrics (MTTD, MTTR, recurring root causes).

These responsibilities explicitly cover monitoring & incident response, system management, vulnerability management, policy & compliance, user awareness, documentation/reporting, and threat intelligence.

• Experience: ~7 years in security operations / incident response / blue‑team engineering, including on‑call participation.
• Detection & IR: Strong SIEM content creation (KQL/SPL), endpoint forensics (Windows artifacts, memory, triage), network analysis (PCAP, IDS), and incident handling.
• Platforms & Tools (hands‑on):
• SIEM/SOAR: Microsoft Sentinel / Splunk + SOAR (playbooks/automations)
• EDR/XDR: Microsoft Defender for Endpoint, CrowdStrike, or similar
• Network/Perimeter: Palo Alto / Fortinet firewalls, IDS/IPS, WAF
• Cloud: Azure (Defender for Cloud, Entra ID, Defender for Identity), O365 security controls
• Frameworks & Methods: MITRE ATT&CK, NIST CSF/800‑61, ISO 27001; exposure to purple‑team/ATT&CK emulations.
• Scripting: One of KQL, PowerShell, Python for automation/content.
• Communication: Clear incident reporting and executive‑level summaries; ability to influence remediation owners.
• Language: English; Arabic is a plus for KSA stakeholder engagement.

• Experience operating to KSA sectoral expectations (e.g., NCA ECC; SAMA CSF if BFSI).
• Exposure to zero‑trust principles, identity threat detection (ITDR), and SaaS security (CASB/DLP).
• Experience integrating detections with ticketing/ITSM and CMDB for ownership and SLAs.

• Bachelor’s in Computer Science, Information Security, or equivalent experience.

One or more relevant certifications: GCIA/GCIH/GCED/GCFA, SC‑200 / AZ‑500, CISSP, CompTIA CySA+ / Security+