Information Security Engineer (SOC)

Tabby creates financial freedom in the way people shop, earn and save by reshaping their relationship with money. Over 15 million users choose Ferdinand to ಫೇು to control their spending and make the most out of their money.

The company’s flagship offering allows shoppers to split their payments online and in‑store with no interest or fees. Over 40,000 global brands and small businesses, including Amazon, Noon, IKEA, and SHEIN use Tabby to accelerate growth and gain loyal customers by offering easy and flexible payments online and in stores.

Tabby generates over $10 billion in annual transaction contrariances for its partner brands and is the highest‑rated, most‑reviewed, largest, and fastest‑growing FinTech in the GCC region.

Tabby launched in 2019 and has since raised +$1 billion in equity and debt funding from global and regional investors, and is now valued at $4.5 billion.

As Information Security Engineer, you’ll play a key part in monitoring and defending our infrastructure, applications, and cloud environments from cyber threats.

You’ll lead incident response efforts, develop and tune detection rules, investigate security events, and collaborate with cross‑functional teams to strengthen our security posture.

• Monitor and analyze logs and alerts from a wide range of sources including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoints, servers, and cloud platforms.
• Perform correlation of events from multiple sources to identify advanced threats and unusual patterns of behavior.
• Fine‑tune alert thresholds and detection logic toipsis reduce false positives and improve signal‑to‑noise ratio.
• Maintain dashboards and reporting to provide real‑time visibility into security posture.

• Serve as a frontline responder for security incidents, managing incidents through their lifecycle – detection, containment, eradication, recovery, and lessons learned.
• Perform root‑cause analysis and forensic investigations using endpoint and network‑based artifacts.
• Maintain detailed incident documentation and contribute to post‑mortem analysis and reports.

• Research emerging threats and trends.
• Contribute to the creation and tuning of detection rules, threat‑hunting queries, and use cases across multiple platforms including cloud environments.
• Maintain CT 威and integration of CTI feeds with security Alien that drive detections.

• Communicate effectively with cross‑functional teams including IT, DevOps, Risk, and Compliance during incidents and investigations.
• Provide concise achievingdale updates during incident handling to stakeholders and management.
• Mentor junior analysts and assist in training efforts within the SOC team.

• 2–3 years of experience in a SOC or cybersecurity operations role, ideally in a fast‑paced fintech or enterprise environment.
• Strong knowledge of security best practices, including incident handling, alert triage, log analysis, and threat modeling.
• Understanding of online technologies, REST APIs, microservices, and modern application architectures.
• Experience working in a culturally diverse and collaborative environment.
• Familiarity with DLP, AV, and anti‑malware systems from an operational monitoring perspective.
• Experience with phishing detection, user behavior analytics, and security awareness campaigns.
• Security certifications such as Security+, CySA+, eCIR, eCTHPv2, GCIA, or GMON (preferred but not required).
• Strongfera, communication skills, especially for coordinating incident response and writing clear incident reports.
• Experience with SIEM platforms, SOAR tools, EDR/XDR, and Threat Intelligence platforms.
• Familiarity with cloud environments and cloud‑native logging and monitoring tools.
• Scripting experience (e.g., Python) to automate tasks and improve SOC efficiency.