Security Engineer-L3

The L3 Email Security Engineer is responsible for the advanced design tuning and operation of the banks secure email gateway and email threat protection stack. This role focuses on preventing phishing business email compromise malware and data loss via email. It also owns the integration of email gateways with DLP classification and SIEM.

Primary technology scope is:

• Cisco Secure Email or ESA or IronPort
• FireEye or Trellix Email Security appliance EX
• Forcepoint Email Security Gateway
• Trend Micro ScanMail for Exchange or equivalent

The engineer acts as the final escalation point for email security incidents leads incident response and drives continuous improvement in detection efficacy and false positive control. Email is currently the top attack vector in most organizations. which is supported by vendors such as Trellix and Forcepoint that highlight email as a primary entry point for ransomware and targeted attacks.

Key Responsibilities

1. Advanced Support and Escalation Management

• Serve as the ultimate escalation point for incidents involving spam phishing malware malicious URLs or attachments spoofing and BEC style attacks.
• Lead investigations where malicious or suspicious email has reached users. including message tracking header analysis sandbox results and coordination with SOC.
• Coordinate rapid containment actions. such as mail claw back quarantine tuning or temporary blocks on senders and domains.

2. Policy Design Configuration and Tuning

• Design and maintain email security policies on Cisco ESA. Forcepoint Email Security. Trellix or FireEye EX. and Trend Micro ScanMail to balance security with user experience.
• Configure anti spam reputation filters outbreak filters sandboxing URL rewriting or filtering and attachment scanning or blocking policies.
• Tune policies based on false positive or false negative feedback threat intel and SOC data. with clear approval workflows.
• Maintain TLS encryption policies for inbound and outbound email and coordinate certificate management with PKI and messaging teams.

3. Email Authentication and Trust Controls

• Implement and maintain SPF DKIM and DMARC policies in collaboration with DNS and messaging teams to reduce spoofing and domain abuse.
• Review authentication failures and adjust alignment policies while protecting legitimate business flows.

4. Email DLP and Data Protection Integration

• Work closely with Data Protection and DLP engineers to integrate Forcepoint DLP and classification or DRM policies on email channels. ensuring sensitive data is detected and controlled.
• Support design and tuning of DLP policies for PII financial data and other regulated data types in line with SAMA CSF and NCA ECC requirements.
• Manage workflows for DLP incidents exceptions and business approvals.

5. Incident Response Threat Hunting and Reporting

• Lead response during major email-based incidents such as large phishing campaigns or malware outbreaks.
• Run targeted searches or threat hunting across email logs to identify additional impacted users or campaigns.
• Produce detailed RCAs and management reports for high impact email incidents.
• Provide regular metrics. spam or phishing blocks malware detections BEC attempts and false positive rates.

6. Governance Compliance and ITIL

• Execute changes through change management with impact assessment back out plans and testing.
• Ensure email security configurations and monitoring comply with SAMA CSF NCA ECC and internal policies for secure communications data protection and logging.
• Maintain audit ready evidence. policy exports configuration baselines test results incident records and approvals.

7. Collaboration and Stakeholder Engagement

• Work with messaging and collaboration teams for routing hybrid cloud mail and migration projects.
• Coordinate with L3 Network Security Engineer when issues cross layers such as TLS handshakes DNS or connectivity.
• Align with SOC SIEM and threat intel teams to improve detection logic and response playbooks.
• Engage with the Security Compliance Officer to produce evidence for audits and regulatory reviews.

Tooling Scope

Must have deep hands on experience in at least two and working knowledge of all

• Cisco Secure Email or ESA or IronPort. secure email gateway and advanced threat protection.
• Forcepoint Email Security Gateway. including anti phishing sandboxing and DLP capabilities.
• Trellix or FireEye Email Security EX or Email MPS. advanced sandboxing URL and attachment analysis.
• Trend Micro ScanMail for Exchange.

Good to have

• Integration experience with Forcepoint DLP Fortra Titus Seclore and SIEM platforms.

Qualifications :

Required Qualifications

• Bachelors degree in computer science Information Security or related field.
• Minimum 7 years in cybersecurity or messaging security with at least 4 years dedicated to secure email gateway and email threat protection platforms in large enterprises.
• Strong understanding of SMTP MIME TLS for email DNS authentication standards such as SPF DKIM DMARC and common email attack techniques.

Desired Skills and Certifications

• Vendor certifications for at least one secure email platform. for example Cisco Email Security Forcepoint Email Security Trellix or FireEye Email Security Trend Micro ScanMail or similar.
• ITIL Foundation or practical experience with Change or Incident Management.
• CISSP CCSP or similar certifications are a plus.

Additional Information :

Job Location:KSA

Remote Work :

No

Employment Type :

Full-time