Bevatel is seeking a
SOC Engineer to design, operate, and continuously improve our Security Operations Center (SOC) capabilities.
This role is technical and operational, focused on real-time threat detection, incident response, log engineering, and SIEM/SOAR operations in a high-compliance environment.
You will play a critical role in protecting Bevatel's telecom, cloud, and platform infrastructure, while ensuring alignment with Saudi cybersecurity regulations and international best practices.
Responsibilities:
Security Monitoring & Detection
- Monitor security events across cloud, on-prem, network, endpoints, and applications
- Analyze alerts from SIEM, EDR, WAF, IDS/IPS, and cloud-native security tools
- Reduce false positives through tuning detection rules and correlation logic
- Develop and maintain use cases aligned to real attack scenarios
Incident Response
- Lead and execute security incident response (triage, containment, eradication, recovery)
- Perform root cause analysis (RCA) and document incidents clearly
- Coordinate with IT, DevOps, Network, and Management during incidents
- Support post-incident reviews and lessons learned
SIEM & Log Engineering
- Onboard and normalize logs from:
Cloud platforms
Firewalls, WAF, VPN
Identity systems
Applications and databases
- Create and maintain dashboards, alerts, and reports
- Ensure log retention and integrity in line with regulatory requirements
Threat Intelligence & Hunting
- Conduct proactive threat hunting
- Track and analyze threat intelligence feeds
- Map detections to MITRE ATT&CK
- Identify emerging attack patterns relevant to telecom and fin-tech environments
Compliance & Reporting
NCA Essential Cybersecurity Controls (ECC / CCC)
SAMA Cybersecurity Framework (where applicable)
CST / CITC requirements
ISO 27001
- Prepare SOC reports, metrics, and evidence for audits and regulators
- Maintain clear SOC documentation and playbooks
Continuous Improvement
- Enhance SOC processes, playbooks, and response workflows
- Participate in SOC automation (SOAR) initiatives
- Improve SOC maturity, metrics (MTTD, MTTR), and operational efficiency
Requirements
Technical Skills
Security Operations & Incident Response
Networking (TCP/IP, DNS, HTTP, TLS)
Linux systems
- Hands-on experience with:
SIEM platforms (Splunk, Elastic, Wazuh, Sentinel, QRadar, etc.)
EDR / Endpoint Security
Firewalls, WAFs, IDS/IPS
Logs, network traffic, alerts, and system behavior
Cloud & Modern Environments
- Experience with cloud environments (AWS, GCP, Cloudflare)
- Familiarity with containers and Kubernetes security is a plus
- Understanding of IAM, API security, and application logs
Regulatory Awareness (Highly Preferred)
- Knowledge of Saudi cybersecurity regulations:
NCA ECC / CCC
SAMA CSF (for regulated environments)
CST requirements
- Experience supporting regulatory audits is a strong advantage.
Qualifications
- Bachelor's degree in Computer Science, Information Security, or related field
- 3–6 years experience in SOC, security operations, or incident response
- Certifications (preferred but not mandatory):
GCIA, GCIH, GCED
CEH, Security+
ISO 27001 or SOC-related certifications
Soft Skills
- Strong analytical and problem-solving skills
- Ability to stay calm under pressure during incidents
- Clear documentation and communication skills
- Team player with a security-first mindset
- High sense of ownership and accountability
