muvi Cinemas تعلن عن وظيفة مهندس أمن سيبراني في الرياض

Job Title: Cybersecurity Engineer

Location: Riyadh, Saudi Arabia

Company: Muvi Cinemas

Role Overview:

We are seeking a highly skilled and proactive Cybersecurity Engineer to join the IT Department at Muvi Cinemas and protect the organization's networks, systems, applications, and data from cyber threats. Reporting to the Director of TechOps, the role is responsible for designing, implementing, and maintaining security infrastructure, identifying vulnerabilities, responding to security incidents, implementing security controls, and ensuring compliance with cybersecurity frameworks and regulatory requirements. This position plays a critical role in safeguarding Muvi Cinemas' digital assets, customer data, point-of-sale systems, and entertainment technology platforms while ensuring adherence to Saudi National Cybersecurity Authority (NCA) regulations and international security standards.

Key Responsibilities:

Security Infrastructure & Architecture

• Design, implement, and manage cybersecurity infrastructure including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, endpoint protection, and network security solutions.
• Develop and maintain security architecture aligned with Muvi Cinemas' business requirements, industry best practices, and regulatory standards.
• Deploy and configure security tools across on-premises, cloud, and hybrid environments supporting cinema operations, ticketing systems, and corporate infrastructure.
• Implement network segmentation, zero-trust architecture, and defense-in-depth strategies to protect critical assets including POS systems, customer databases, and entertainment platforms.
• Evaluate and recommend new security technologies, tools, and solutions to enhance the organization's security posture.
• Manage and optimize security information and event management (SIEM) platforms for real-time monitoring and threat detection.

Vulnerability Management & Penetration Testing

• Conduct regular vulnerability assessments and penetration testing across networks, systems, applications, and infrastructure.
• Identify, classify, and prioritize security vulnerabilities based on risk severity and business impact.
• Develop and track remediation plans with system owners and IT teams to address identified vulnerabilities.
• Perform security code reviews and application security assessments for web applications, mobile apps, and customer-facing platforms.
• Manage vulnerability scanning tools and maintain vulnerability databases and tracking reports.
• Conduct red team/blue team exercises and adversary simulations to test organizational defenses.

Security Operations & Incident Response

• Monitor security events, alerts, and logs using SIEM and security monitoring tools to detect and respond to threats in real-time.
• Lead incident response activities including identification, containment, eradication, recovery, and post-incident analysis.
• Develop and maintain incident response plans, playbooks, and escalation procedures.
• Conduct forensic investigations and root cause analysis for security incidents and breaches.
• Coordinate with internal teams and external partners during security incidents.
• Prepare incident reports and present findings and recommendations to management.

Data Protection & Privacy

• Implement data protection controls to safeguard customer personal data, payment card information, and business-sensitive data.
• Ensure compliance with PCI DSS (Payment Card Industry Data Security Standard) requirements for payment processing and point-of-sale systems.
• Support data classification, data loss prevention (DLP), and encryption strategies.
• Monitor and enforce data handling policies across all business units and technology platforms.
• Ensure compliance with Saudi Personal Data Protection Law (PDPL) and related regulations.

Network & Endpoint Security

• Manage and maintain network security devices including firewalls, VPNs, WAFs, and proxy servers.
• Implement and manage endpoint detection and response (EDR) solutions across all corporate and operational endpoints.
• Monitor network traffic for anomalies, unauthorized access, and potential security threats.
• Secure wireless networks, IoT devices, and operational technology (OT) systems across cinema locations.
• Manage access control systems, identity management, and multi-factor authentication (MFA) implementations.

Cloud Security

• Implement and manage security controls for cloud environments (AWS, Azure, GCP, or similar).
• Conduct cloud security assessments and ensure proper configuration of cloud services.
• Monitor cloud workloads, storage, and applications for security threats and compliance.
• Develop and enforce cloud security policies and governance frameworks.

Compliance & Regulatory Adherence

• Ensure compliance with Saudi National Cybersecurity Authority (NCA) regulations, Essential Cybersecurity Controls (ECC), and related frameworks.
• Support compliance with PCI DSS, ISO 27001, NIST, and other applicable security standards.
• Prepare and maintain documentation for security audits, certifications, and regulatory assessments.
• Conduct security risk assessments and maintain risk registers.
• Stay updated on evolving cybersecurity regulations, threats, and industry trends.

Security Awareness & Training

• Develop and deliver cybersecurity awareness training programs for employees across all Muvi Cinemas locations.
• Conduct phishing simulations and social engineering exercises to assess and improve organizational security awareness.
• Create security guidelines, best practices, and communication materials for staff education.
• Foster a culture of security awareness and responsibility across the organization.

Documentation & Reporting

• Maintain comprehensive security documentation including policies, procedures, standards, and guidelines.
• Prepare regular security reports, dashboards, and metrics for the Director of TechOps and CIO.
• Document security architectures, configurations, and operational procedures.
• Track and report on security KPIs, incident trends, and compliance status.

Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Network Engineering, or a related field.
• Fluency in English (written and spoken) is mandatory.
• Proficiency in Arabic is preferred.
• Minimum 3-5 years of experience in cybersecurity engineering, security operations, or information security roles.
• Professional cybersecurity certifications are mandatory (one or more of the following): CEH, CompTIA Security+, CCNA Security, OSCP, GIAC, or equivalent.
• Advanced certifications such as CISSP, CISM, or CCSP are a strong advantage.
• Strong hands-on experience with security tools including firewalls (Palo Alto, Fortinet, Cisco ASA), SIEM platforms (Splunk, QRadar, Sentinel), IDS/IPS, EDR, and vulnerability scanners.
• Experience with cloud security (AWS, Azure, or GCP).
• Knowledge of PCI DSS compliance requirements for payment and retail environments.
• Familiarity with Saudi NCA Essential Cybersecurity Controls (ECC) and regulatory frameworks.
• Experience with ISO 27001, NIST Cybersecurity Framework, or similar standards.
• Strong understanding of networking protocols, operating systems (Windows, Linux), and scripting (Python, Bash, PowerShell).

Key Competencies:

• Strong technical knowledge of cybersecurity infrastructure and security operations.
• Excellent analytical, problem-solving, and critical thinking abilities.
• Proactive threat detection and incident response capabilities.
• Strong understanding of network security, endpoint security, and cloud security.
• Data protection and privacy compliance expertise.
• Excellent communication and documentation skills.
• Ability to work under pressure and respond to security incidents effectively.
• Continuous learning mindset and passion for cybersecurity.
• Team collaboration and cross-functional coordination skills.
• Professionalism, integrity, and confidentiality.