Location: Cairo, Egypt (100% On-Premise)
Contract Duration: 6 Months (Extendable)
Employment Type: Contract
About us:
Where elite tech talent meets world-class opportunities!
At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today’s most complex challenges.
Join one of Egypt’s premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery.
This role covers highly technical disciplines within InfoSec: security architecture, engineering review, and the maturation of vulnerability and patch management systems. The specialist works closely with internal Security Architecture managers and the Security Operations Center (SOC) team to strengthen the bank's detection and defensive posture, ensure new infrastructure designs are secure by design, and fully operationalize the vulnerability management lifecycle.
A. Security Architecture & Engineering Assessment
• Review new and changed system designs, network architectures, and digital platform builds from an
information security perspective, prior to build or procurement approval.
• Produce Security Architecture Review Reports with risk-rated findings, threat model summaries, and
design recommendations aligned to security standards and CBE requirements.
• Assess security of APIs, cloud components, integration layers, and digital banking platforms (mobile,
internet banking, payment processing) against OWASP, NIST, and CBE guidelines.
• Maintain an architecture review register tracking all submitted designs, decisions, and open risk items.
• Contribute to the InfoSec reference architecture and security design patterns library.
B. Tenable SC — Vulnerability & Patch Management
• Take ownership of Tenable Security Center (SC) and other vulnerability solutions configuration, scan
policy design, and coverage assurance across full asset inventory.
• Design and implement a structured vulnerability management workflow — scan, triage, risk-rate, assign,
track, and verify remediation — integrated with IT's patch management process.
• Produce weekly and monthly vulnerability dashboards for IT and InfoSec leadership showing patch SLA
compliance, critical exposure trends, and remediation velocity.
• Define and enforce scan coverage SLAs: all in-scope assets scanned at appropriate frequency per asset
criticality tier.
• Identify and escalate monitoring blind spots — unscanned, uncredentialed, or unreachable assets — and
drive resolution with IT.
• Enable Tenable SC reporting to feed directly into KRI metrics for board-level visibility on patch SLA
breach rate and vulnerability exposure.
Requirements
• Minimum 8 years in information security with strong hands-on technical depth across at least two of the
three disciplines in this role.
• Proven Tenable SC (or Tenable.io) administration and workflow design experience — must be able to
demonstrate scan configuration, policy tuning, and dashboard creation.
• Experience conducting security architecture reviews for banking or financial sector projects.
• Practical threat hunting experience using SIEM and EDR platforms with documented hunt outputs.
• Familiarity with MITRE ATT&CK framework and its application to threat hunting and detection
engineering.
Preferred Certifications
• Tenable Certified Security Engineer (TCSE) or Tenable.sc Specialist
• GIAC Certified Enterprise Defender (GCED) or GIAC Certified Threat Intelligence Analyst (GCTI)
• CISSP — Certified Information Systems Security Professional
• SABSA Chartered Security Architect (SCF or SCP)
Preferred Experience
• Experience in Egyptian banking or financial institution regulated by CBE.
• Hands-on with F5 AWAF, Palo Alto, or equivalent network/application security controls from an
assessment perspective.
• Familiarity with NIST CSF 2.0 and CBE Cybersecurity Framework control domains.
Benefits
Xenon7 delivers specialized AI operations, AI products and services. Our innovation practice helps you separate initiatives warranting business investment from hype. We operate free from the bloat, weight and pyramidal structure of legacy consulting firms. Xenon7 enables our clients to make better human and technology decisions, and ethically achieve more with less.
