Bevatel is seeking a SOC Engineer to design operate and continuously improve our Security Operations Center (SOC) capabilities. This role is technical and operational focused on real-time threat detection incident response log engineering and SIEM/SOAR operations in a high-compliance environment.
You will play a critical role in protecting Bevatels telecom cloud and platform infrastructure while ensuring alignment with Saudi cybersecurity regulations and international best practices.
Responsibilities:
Security Monitoring & Detection
Monitor security events across cloud on-prem network endpoints and applications
Analyze alerts from SIEM EDR WAF IDS/IPS and cloud-native security tools
Reduce false positives through tuning detection rules and correlation logic
Develop and maintain use cases aligned to real attack scenarios
Incident Response
Lead and execute security incident response (triage containment eradication recovery)
Perform root cause analysis (RCA) and document incidents clearly
Coordinate with IT DevOps Network and Management during incidents
Support post-incident reviews and lessons learned
SIEM & Log Engineering
Onboard and normalize logs from:
Cloud platforms
Firewalls WAF VPN
Identity systems
Applications and databases
Create and maintain dashboards alerts and reports
Ensure log retention and integrity in line with regulatory requirements
Threat Intelligence & Hunting
Conduct proactive threat hunting
Track and analyze threat intelligence feeds
Map detections to MITRE ATT&CK
Identify emerging attack patterns relevant to telecom and fin-tech environments
Compliance & Reporting
Support compliance with:
NCA Essential Cybersecurity Controls (ECC / CCC)
SAMA Cybersecurity Framework (where applicable)
CST / CITC requirements
ISO 27001
Prepare SOC reports metrics and evidence for audits and regulators
Maintain clear SOC documentation and playbooks
Continuous Improvement
Enhance SOC processes playbooks and response workflows
Participate in SOC automation (SOAR) initiatives
Improve SOC maturity metrics (MTTD MTTR) and operational efficiency
Experience with cloud environments (AWS GCP Cloudflare)
Familiarity with containers and Kubernetes security is a plus
Understanding of IAM API security and application logs
Regulatory Awareness (Highly Preferred)
Knowledge of Saudi cybersecurity regulations:
NCA ECC / CCC
SAMA CSF (for regulated environments)
CST requirements
Experience supporting regulatory audits is a strong advantage.
Qualifications
Bachelors degree in Computer Science Information Security or related field
36 years experience in SOC security operations or incident response
Certifications (preferred but not mandatory):
GCIA GCIH GCED
CEH Security
ISO 27001 or SOC-related certifications
Soft Skills
Strong analytical and problem-solving skills
Ability to stay calm under pressure during incidents
Clear documentation and communication skills
Team player with a security-first mindset
High sense of ownership and accountability
Required Skills:
Technical Skills Strong understanding of: Security Operations & Incident Response Networking (TCP/IP DNS HTTP TLS) Linux systems Hands-on experience with: SIEM platforms (Splunk Elastic Wazuh Sentinel QRadar etc.) EDR / Endpoint Security Firewalls WAFs IDS/IPS Experience analyzing: Logs network traffic alerts and system behavior Cloud & Modern Environments Experience with cloud environments (AWS GCP Cloudflare) Familiarity with containers and Kubernetes security is a plus Understanding of IAM API security and application logs Regulatory Awareness (Highly Preferred) Knowledge of Saudi cybersecurity regulations: NCA ECC / CCC SAMA CSF (for regulated environments) CST requirements Experience supporting regulatory audits is a strong advantage. Qualifications Bachelors degree in Computer Science Information Security or related field 36 years experience in SOC security operations or incident response Certifications (preferred but not mandatory): GCIA GCIH GCED CEH Security ISO 27001 or SOC-related certifications Soft Skills Strong analytical and problem-solving skills Ability to stay calm under pressure during incidents Clear documentation and communication skills Team player with a security-first mindset High sense of ownership and accountability
Bevatel is seeking a SOC Engineer to design operate and continuously improve our Security Operations Center (SOC) capabilities. This role is technical and operational focused on real-time threat detection incident response log engineering and SIEM/SOAR operations in a high-compliance environment.Yo...
Bevatel is seeking a SOC Engineer to design operate and continuously improve our Security Operations Center (SOC) capabilities. This role is technical and operational focused on real-time threat detection incident response log engineering and SIEM/SOAR operations in a high-compliance environment.
You will play a critical role in protecting Bevatels telecom cloud and platform infrastructure while ensuring alignment with Saudi cybersecurity regulations and international best practices.
Responsibilities:
Security Monitoring & Detection
Monitor security events across cloud on-prem network endpoints and applications
Analyze alerts from SIEM EDR WAF IDS/IPS and cloud-native security tools
Reduce false positives through tuning detection rules and correlation logic
Develop and maintain use cases aligned to real attack scenarios
Incident Response
Lead and execute security incident response (triage containment eradication recovery)
Perform root cause analysis (RCA) and document incidents clearly
Coordinate with IT DevOps Network and Management during incidents
Support post-incident reviews and lessons learned
SIEM & Log Engineering
Onboard and normalize logs from:
Cloud platforms
Firewalls WAF VPN
Identity systems
Applications and databases
Create and maintain dashboards alerts and reports
Ensure log retention and integrity in line with regulatory requirements
Threat Intelligence & Hunting
Conduct proactive threat hunting
Track and analyze threat intelligence feeds
Map detections to MITRE ATT&CK
Identify emerging attack patterns relevant to telecom and fin-tech environments
Compliance & Reporting
Support compliance with:
NCA Essential Cybersecurity Controls (ECC / CCC)
SAMA Cybersecurity Framework (where applicable)
CST / CITC requirements
ISO 27001
Prepare SOC reports metrics and evidence for audits and regulators
Maintain clear SOC documentation and playbooks
Continuous Improvement
Enhance SOC processes playbooks and response workflows
Participate in SOC automation (SOAR) initiatives
Improve SOC maturity metrics (MTTD MTTR) and operational efficiency
Experience with cloud environments (AWS GCP Cloudflare)
Familiarity with containers and Kubernetes security is a plus
Understanding of IAM API security and application logs
Regulatory Awareness (Highly Preferred)
Knowledge of Saudi cybersecurity regulations:
NCA ECC / CCC
SAMA CSF (for regulated environments)
CST requirements
Experience supporting regulatory audits is a strong advantage.
Qualifications
Bachelors degree in Computer Science Information Security or related field
36 years experience in SOC security operations or incident response
Certifications (preferred but not mandatory):
GCIA GCIH GCED
CEH Security
ISO 27001 or SOC-related certifications
Soft Skills
Strong analytical and problem-solving skills
Ability to stay calm under pressure during incidents
Clear documentation and communication skills
Team player with a security-first mindset
High sense of ownership and accountability
Required Skills:
Technical Skills Strong understanding of: Security Operations & Incident Response Networking (TCP/IP DNS HTTP TLS) Linux systems Hands-on experience with: SIEM platforms (Splunk Elastic Wazuh Sentinel QRadar etc.) EDR / Endpoint Security Firewalls WAFs IDS/IPS Experience analyzing: Logs network traffic alerts and system behavior Cloud & Modern Environments Experience with cloud environments (AWS GCP Cloudflare) Familiarity with containers and Kubernetes security is a plus Understanding of IAM API security and application logs Regulatory Awareness (Highly Preferred) Knowledge of Saudi cybersecurity regulations: NCA ECC / CCC SAMA CSF (for regulated environments) CST requirements Experience supporting regulatory audits is a strong advantage. Qualifications Bachelors degree in Computer Science Information Security or related field 36 years experience in SOC security operations or incident response Certifications (preferred but not mandatory): GCIA GCIH GCED CEH Security ISO 27001 or SOC-related certifications Soft Skills Strong analytical and problem-solving skills Ability to stay calm under pressure during incidents Clear documentation and communication skills Team player with a security-first mindset High sense of ownership and accountability