Cybersecurity Manager

Soar Software Development Company

Key Responsibilities:

1. Secure Software Development Life Cycle (SSDLC)

Shift Left Security: Champion the integration of security early in the development phase. Lead Threat Modeling sessions during the design phase of new features to identify risks before code is written. CI/CD Pipeline Security: Automate security gates within our deployment pipelines. Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools. Secure Coding Standards: Establish and enforce secure coding guidelines (OWASP Top 10, SANS 25) for our engineering team. Conduct regular code reviews and security training for developers.

2. AI & Automation Integration

AI-Enhanced AppSec: Utilize AI-powered code analysis tools to reduce false positives in vulnerability scanning and provide auto-remediation suggestions to developers. Automated SOAR: Build and maintain a Security Orchestration, Automation, and Response (SOAR) framework. Create playbooks that automatically isolate compromised assets or block malicious IPs without human intervention. Predictive Defense: Deploy AI-driven network monitoring to detect behavioral anomalies in our self-hosted infrastructure (e.g., zero-day attacks or lateral movement) that traditional rules might miss.

3. Infrastructure & Network Security (Self-Hosted)

Hardening: Oversee the security hardening of our self-hosted environments (Kubernetes clusters, Docker containers, and Linux servers). Traffic Analysis: Manage WAF (Web Application Firewall) rules and DDoS protection layers, ensuring high availability for our customers. Secrets Management: Enforce strict secrets management (e.g., Vault) to ensure no credentials are hardcoded in the application.

4. GRC (Governance, Risk & Compliance)

Regulatory Adherence: Ensure our SSDLC and operations strictly adhere to SAMA s Cybersecurity Framework and NCA s Essential Cybersecurity Controls (ECC). Audit Readiness: Automate evidence collection for compliance audits to minimize manual overhead. Data Residency: Ensure all AI processing and data storage complies with the Personal Data Protection Law (PDPL), keeping critical data within KSA.

Qualifications

Technical Skills:

SSDLC Mastery: Expert knowledge of integrating security tools (SonarQube, Checkmarx, Burp Suite, etc.) into a pipeline.

AI/Automation: Experience implementing AI-based security tools (e.g., Darktrace, Vectra, or AI-enabled SIEMs) and writing automation scripts.

Regulatory Knowledge: Strong understanding of SAMA regulations regarding application security and data protection.

Nice to have skills (Certifications):

CSSLP (Certified Secure Software Lifecycle Professional) - Highly Preferred

CISSP (Certified Information Systems Security Professional)

OSCP (Offensive Security Certified Professional)