Cyber Security Specialist

About us 

Tamara is the leading fintech platform in Saudi Arabia and the wider GCC region with a mission to help people make their dreams come true by building the most customer-centric financial super-app on earth. The company serves millions of users in the region and partners with leading global and regional brands such as SHEIN, Jarir, noon, IKEA and Amazon, as well as small and medium businesses.

Tamara is Saudi Arabia’s first fintech unicorn and is backed by Sanabil Investments, a wholly owned company by the Public Investment Fund (PIF), SNB Capital, Checkout.com, amongst others. The company operates from its headquarters in Riyadh, with additional regional and global support offices.

Your role

Tamara is seeking a Cyber Security Specialist to join our growing Cyber Security team. In this role, you will take ownership of designing, implementing, and maintaining secure infrastructure and systems to protect Tamara’s platform and customers. You will drive initiatives that ensure best practices in cloud security, application security, and secure software development are embedded into our systems from the ground up.

This role requires a solid understanding of threat modeling, vulnerability management, and secure architecture principles. You will collaborate with engineering, DevOps, and product teams to enforce security-by-design and address evolving security risks. As a mid-level Lead/engineer, you are expected to proactively lead improvements, mentor junior team members, and contribute to the maturity of Tamara’s security operations.

Your responsibilities

• Act as the primary contact in UAE for Cybersecurity Group, assisting with the management of the Cybersecurity Program in UAE, covering policies, procedures,frameworks, tools and systems. 
• Assist with infrastructure enhancement exercises in alignment with Tamara’s Cyber Security Strategy.
• Act as the Cybersecurity Point of Contact for any CBUAE regulatory visit and reporting. 
• Support secure code reviews and enforce security controls within the CI/CD pipeline and development lifecycle.
• Support in conducting security assessments, penetration testing, and threat modeling for Tamara’s services, identifying vulnerabilities and recommending remediation.
• Monitor and respond to security events in coordination with the SOC and incident response teams.
• Assist in the full Cyber Security Risk Management Lifecycle, including alignment with CBUAE regulatory requirements. 
• Collaborate with Cybersecurity Group in managing the Cybersecurity Framework in UAE, including management of policies, procedures and frameworks. 
• Collaborate with internal stakeholders to ensure adherence to applicable cyber security regulations, standards, and frameworks (e.g. UAE IA, other CBUAE regulations, PCI DSS, etc), including support in audits, evidence collection, and regulatory reporting. 
• Collaborate with the other GRC teams in relevant regulatory exercises. 
• Mentor junior team members and contribute to continuous learning across the security team.

Your expertise

• 2–4 years of experience in Cyber Security, preferably in application security, infrastructure security, or DevSecOps.
• Proficiency in secure coding practices, code reviews, and common vulnerability mitigation techniques (OWASP Top 10, SAST/DAST).
• Hands-on experience with cloud environments (GCP, OCI or AWS), especially with security hardening and compliance enforcement.
• Relevant work experience within UAE Financial Sector working for CBUAE regulated entities. 
• Familiarity with container security (e.g., Docker, Kubernetes) and cloud-native security tooling.
• Must have demonstrated experience and knowledge of UAE IA standards, experience with SAMA CSF, NCA, ISO 27001 and NIST is strongly preferred.
• Experience with scripting or automation (Python, Bash, or similar) to streamline security operations.
• Strong problem-solving and communication skills, with a proactive and collaborative mindset.

To learn more about how we protect your privacy, please visit our Candidate privacy notice.