×
Register Here to Apply for Jobs or Post Jobs. X

Information Security Intern

Job in Riyadh, Riyadh Region, Saudi Arabia
Listing for: تابي
Apprenticeship/Internship position
Listed on 2026-07-10
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 33480 - 55800 SAR Yearly SAR 33480.00 55800.00 YEAR
Job Description & How to Apply Below

Information Security Intern

Department: Info Sec GRC

Employment Type: Internship

Location: KSA

Description

Tabby builds financial products used by millions of users across the GCC. We work on high-load, security-critical systems with strict regulatory requirements. The Information Security function protects Tabby across mobile apps, backend services, payment integrations, and cloud infrastructure.

This internship is not educational by default. It is an engineering role with real responsibility.

Information Security at Tabby covers two complementary tracks:

  • Vulnerability Assessment & Penetration Testing (VAPT) — application security testing, security architecture reviews, threat modelling, secure code review, vulnerability triage, and incident response.
  • Governance, Risk & Compliance (GRC) — policy and control frameworks, compliance program support (PCI DSS, ISO 27001, SAMA), risk assessments, audit support, vendor security reviews, and security awareness.

The team works closely with product engineering, risk engineering, and platform / SRE.

The internship is designed for strong early-career engineers who want to grow as security practitioners. Candidates apply once — during interviews we match each candidate to the track that fits best. Interns are embedded with the security team, work on real assessments and remediation or compliance tasks under senior review, and are expected to meet engineering standards from day one.

Key Responsibilities

This is not a helper or shadow-only role. Interns work on real production tasks under senior review.

On the VAPT track
  • Triage findings from SAST, DAST, SCA, and dependency scanners across mobile and backend repos
  • Reproduce and document vulnerabilities; write clear remediation tickets for product teams
  • Contribute to secure code reviews on selected merge requests (auth, input validation, data handling)
  • Participate in threat-modelling sessions for new features and produce write-ups
  • Run scoped assessments against staging environments under senior sign-off
  • Help maintain security tooling: scanner configs, baseline rules, dashboards, false-positive triage queues
  • Help with security checks during release cycles
  • Contribute to Dev Sec Ops  – security gates in CI/CD pipelines, dependency and container image scanning
  • Exposure to logging, monitoring, and alert triage workflows alongside the SOC
  • Participate in incident response exercises and post-mortems alongside senior engineers
On the GRC track
  • Support compliance programs against frameworks like PCI DSS, ISO 27001, and SAMA – evidence collection, control mapping, gap analysis
  • Help maintain security policies, standards, and procedures across domains – access control, cryptography, asset management, change management, third-party security, vulnerability management, awareness and training – track owners and review cycles
  • Contribute to risk assessments – risk registers, control testing, treatment plans
  • Support vendor and third-party security assessments
  • Help prepare for internal and external audits – work papers, evidence packages, response coordination
  • Contribute to security awareness content, training rollouts, and metrics tracking
  • Work alongside engineering teams to translate policy requirements into concrete technical controls
On both tracks
  • Work with risk and platform engineers on PII handling, secrets management, and encryption reviews
  • Contribute to the internal security knowledge base (runbooks, playbooks, awareness content)
Skills, Knowledge & Expertise
  • Solid understanding of information security fundamentals: confidentiality, integrity, availability; common attack categories (OWASP Top 10) and common control categories
  • Understanding of HTTP, TLS, DNS, and TCP/IP fundamentals
  • Understanding of authentication and authorization patterns (sessions, cookies, OAuth 2.0, JWT)
  • Familiarity with Linux command line and POSIX-like environments
  • Ability to read technical material and explain it clearly in writing
  • Experience with Git and standard development workflows
  • Strong ethical mindset and discretion – security findings and compliance evidence are sensitive by default, non-disclosure outside the team is non-negotiable
  • Open to constructive feedback
  • English…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary