Cybersecurity Engineer — NCA-ECC

Join our regulated-sector cybersecurity practice and deliver NCA Essential Cybersecurity Controls implementations for Saudi government and Tier-1 enterprise clients. You will work in 4–8 week engagements alongside our compliance and architecture teams, owning the controls implementation, evidence pack, and audit handover.

The role is a mix of technical implementation and stakeholder-facing compliance work. You'll spend most of your time embedded with client security teams in Riyadh.

• Implement NCA-ECC controls across the 5 ECC domains for client engagements
• Produce regulator-ready evidence packs (control mapping, test results, runbooks)
• Lead client workshops on threat modeling and defense-in-depth design
• Review and harden cloud and on-prem environments to meet ECC baselines
• Support audit cycles — answer regulator queries, remediate findings
• Contribute to NAS internal frameworks and reusable assessment tooling

• 5+ years in cybersecurity engineering, with 2+ on regulated frameworks
• Hands-on NCA-ECC, ISO 27001, or NIST CSF implementation experience
• Proficient with at least one major SIEM (Splunk, QRadar, Sentinel)
• Understanding of Saudi PDPL and SAMA cybersecurity frameworks
• Available to be on-site with clients across Riyadh several days a week
• Arabic fluency strongly preferred for regulator-facing work