Cybersecurity Assurance Manager

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting-edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financial Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

This role is responsible for leading, maturing, and executing the organization's offensive security and proactive defense programs, primarily encompassing Penetration Testing, Red Teaming, Vulnerability Management, and Secure Software Development Lifecycle (S‑SDLC). The successful candidate will be the subject matter expert in securing applications, infrastructure, and cloud environments, acting as a crucial bridge between security, development, and IT operations to implement a DevSecOps model.

• Program Leadership: Develop and execute the organization's penetration testing and red teaming exercises across all critical assets.
• Vulnerability Management: Own the full vulnerability lifecycle, prioritizing remediation based on business risk and impact.
• Application Security (AppSec): Define and implement secure code review (SAST/DAST) processes and integrate security into the CI/CD pipeline.
• Architecture & Design: Provide expert security assurance on new system designs, ensuring adherence to secure architecture patterns (e.g., Zero Trust).

• Proven experience in developing, managing, and executing a formal Penetration Testing and Red Teaming program. Extensive hands‑on experience in conducting advanced, targeted penetration tests against various environments (web, mobile, cloud, API).
• Demonstrated expertise in operating and optimizing Vulnerability Management tools (e.g., Qualys, Nessus) and implementing a risk‑based prioritization approach.
• Strong background in Secure Software Development Lifecycle (S‑SDLC) implementation and integrating security practices into CI/CD pipelines (DevSecOps).

• Experience with managing and configuring Static/Dynamic Application Security Testing (SAST/DAST) tools.
• Experience with Threat Modeling methodologies for new applications and features.
• Deep understanding of security frameworks such as OWASP Top 10, MITRE ATT&CK, and SAMA CSF (or similar financial/regulatory frameworks).
• Knowledge of Zero Trust architecture, defense‑in‑depth principles, and cloud security best practices (OCI/Azure/GCP).

• DevSecOps integration for security automation and speed.
• Penetration testing expertise to validate defenses.
• Security architecture design for resilient systems.
• Threat Modeling, S‑SDLC Implementation, Zero Trust, Security Standards Development.

We believe you will love working at HALA!

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in‑office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper‑growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.