Threat Intelligence Lead

HALA is a leading fintech player in the MENAP region that aims to redefine financial services and build the future bank of SMEs. HALA aims at empowering SMEs to start, run, and grow their businesses by providing them with cutting‑edge financial and technological tools.

HALA currently holds multiple entities in UAE, Saudi Arabia and Egypt (including HALA Payments, HALA Cashier and HALA Logistics) and offers solutions that enable merchants to digitize their payments as well as manage their sales and operations.

Founded in 2017, HALA is currently duly licensed by the Saudi Arabian Central Bank as well as the Financials Services Regulatory Authority (FSRA) in Abu Dhabi Global Market.

The Threat Intelligence Lead is responsible for building, leading, and operationalizing a proactive threat intelligence program that enables the organization to anticipate, detect, and respond to cyber threats. This role involves strategic analysis, threat hunting, intelligence dissemination, and cross‑functional collaboration to enhance the organization’s security posture. The lead will oversee the collection, analysis, and production of actionable intelligence tailored to the organization’s risk profile and ensure its integration into security operations, incident response, and business decision‑making.

Lead HALA’s Threat Intelligence program, roadmap, and operating model to support business risk reduction and regulatory alignment.

Define intelligence requirements and priorities focused on fintech/payment threats, fraud ecosystems, and emerging risks.

Collect and analyze intel from internal telemetry and external sources (commercial feeds, OSINT, dark web, sector sharing).

Produce actionable outputs: IOCs/IOAs, threat actor profiles, campaign tracking, and executive‑ready briefings.

Embed intelligence into SOC, incident response, threat hunting, vulnerability management, and detection engineering.

Drive CTI tooling and automation (TIP/SIEM/SOAR integrations) to improve speed, accuracy, and signal quality.

Coordinate secure intel sharing with regulators and trusted partners; ensure audit‑ready documentation.

Mentor CTI analysts and set standards for intel tradecraft, QA, and continuous improvement.

Bachelor’s in Cybersecurity, Computer Science, or related field (Master’s a plus).

7–10+ years in CTI / SOC / threat hunting / incident response, with 2–3+ years leading CTI programs or teams (fintech/financial sector preferred).

Strong expertise in intelligence lifecycle, threat actor/TTP analysis, MITRE ATT&CK, and campaign/malware tracking.

Hands‑on with TIP, SIEM, SOAR, OSINT/dark‑web tooling, and enrichment/automation workflows.

We believe you will love working at HALA!

• We have an inclusive and diverse culture that encourages innovation and flexibility in remote, in‑office, and hybrid work setups.
• We offer highly competitive compensation packages, including the potential for shares.
• We prioritize personal development and offer regular training and an annual learning stipend to tackle new challenges and grow your career in a hyper‑growth environment.
• Join a talented team of over 30 nationalities working in 7 countries and gain valuable experience in an exciting industry.
• We offer autonomy, mentoring, and challenging goals that create incredible opportunities for both you and the company.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a function are given the freedom to do what they think is best.

If you think you have what it takes to join a remarkable team #apply_now

Interested in building your career at HALA? Get future opportunities sent straight to your email.