Security Engineer - Cloud & Operations

About noon

We’re building an ecosystem of digital products and services that power everyday life across the Middle East—fast, scalable, and deeply customer-centric. Our mission is to deliver to every door every day. We want to redefine what technology can do in this region, and we’re looking for a (add title) who can help us move even faster.

noon’s mission: Every door, every day.

What you'll do:

Team noon has some of the fastest, smartest, and hardest-working people we've encountered. With a young, aggressive, and talented team, we're driving major missions forward.

Noon's Group Cybersecurity is looking for a Security Engineer, Cloud & Operations to join our Cloud Security team. This is a hands-on engineering role, you will build cloud-native detections that catch real attacker behavior in GCP, deploy preventive controls at org scale, and investigate the SOC alerts your own detections generate. You write the detection rule, you investigate the alert it fires, and you convert findings into durable controls or tooling that prevents recurrence. We hire engineers who build, not analysts who configure.

• Build and maintain cloud detection rules in SIEM and EDR including GCP-specific attack paths, and managing them through sandbox validation, retro hunts, false-positive elimination, and risk-scoring alignment.
• Design and deploy preventive WAF and cloud security controls
• Investigate security alerts and incidents from the SOC, determine root cause, support remediation with engineering teams, and reduce noise through systematic detection tuning and exemption strategies.
• Build and maintain internal cloud security tooling, security scanning pipelines, shipping cross-project services that scale across the group.
• Triage and tune EDR alerts, including detection policy adjustments, response workflow automation, playbook contributions, and endpoint investigation support.
• Build incident response automations based on established playbooks, including containment workflows, IR actions and isolation responses.
• Surface cloud security misconfiguration and work with engineering teams on IAM to right-size access without disruption.
• Partner with DevOps, IT, Product Security, and Offensive Security teams to operationalize cloud restrictions, onboard new environments, validate security controls, and provide evidence for compliance and audit requirements.

What you'll need:

• 2 to 4 years of experience in cloud security, detection engineering, security operations, or software engineering with a security focus.
• Hands-on experience with GCP security fundamentals: IAM, org policies, service accounts, Cloud Storage, Cloud Build, Cloud Run, or equivalent depth on another major cloud provider.
• Practical experience writing or maintaining detection rules in a SIEM platform (Splunk, Google SecOps, or similar), including rule authoring, testing, and false-positive management.
• Ability to investigate security alerts end-to-end: from initial triage through root-cause analysis, evidence collection, and supporting remediation efforts with relevant teams.
• Familiarity with at least one EDR platform (CrowdStrike Falcon or similar), including alert triage and basic detection tuning.
• Clear communication skills with the ability to document findings, write incident reports, and coordinate with cross-functional teams without requiring executive escalation.
• Comfortable working across multiple environments (production, staging, sandbox) and geographies with structured processes and attention to operational impact.
• Software engineering background preferred - production-quality coding capability in Python, Go, or similar. We want someone who builds tools and services.
• Experience in product-first, consumer internet, e-commerce, fintech, or marketplace environments preferred

Who will excel?

• We’re looking for people with high standards, who understand that hard work matters.
• You need to be relentlessly resourceful and operate with a deep bias for action.
• We need people with the courage to be fiercely original.
• noon is not for everyone; readiness to adapt, pivot, and learn is essential.