CYBER SECURITY

Key Responsibilities

• Design & Architecture

o Develop and maintain secure architecture for network, systems, cloud (IaaS, PaaS, SaaS), and hybrid environments.

o Integrate security into system & application design (secure-by-design / DevSecOps).

o Lead security reviews for new initiatives / infrastructure / software.

• Security Operations & Infrastructure Management

o Configure, deploy, and maintain security tools: firewalls, IDS/IPS, VPNs, NAC, Web Proxies, Endpoint Detection & Response (EDR).

o Oversee security infrastructure and platforms: SIEM, log management, threat detection & monitoring.

o Manage patching, vulnerability scanning / management, configuration hardening.

• Incident Response & Threat Management

o Lead investigations following security incidents, coordinate response, forensics, remediation & lessons learned.

o Conduct threat modelling and threat hunting.

o Develop and maintain incident response playbooks and plans.

• Governance, Risk & Compliance (GRC)

o Implement security governance framework (policies, standards, SOPs).

o Ensure compliance with local, regional, and international regulatory requirements (e.g. NESA, CITC, Data Protection laws, ISO 27001, GDPR if applicable).

o Perform risk assessments, third-party vendor risk evaluations.

• Cloud Security & Emerging Technologies

o Secure cloud services (AWS, Azure, GCP) & cloud migration projects.

o Use Infrastructure as Code (IaC) tools (Terraform, AWS CloudFormation, ARM, etc.).

o Oversee container security (Kubernetes, Docker), microservices, serverless functions.

• Penetration Testing & Red Teaming

o Plan and execute penetration tests / red teaming engagements.

o Assess application, network, infrastructure, and external facing systems.

• Mentoring & Leadership

o Mentor junior security engineers / analysts.

o Lead or coordinate cross-functional security projects.

o Engage with stakeholders (IT, Ops, DevOps, C‐level) to raise awareness and ensure security is built in.

• Continuous Improvement & Research

o Monitor threat landscape and evolving vulnerabilities.

o Propose improvements, new tools, or security technologies.

o Keep up‐to‐date with innovations, cryptography, zero trust, identity‐access trends.

Experience & Seniority

• Typically 5-8+ years of total experience in cybersecurity, with at least 2-3 years in a senior / leadership / project‐lead role.
• Strong track record of implementing complex security solutions and responding to incidents.
• Experience in the GCC or in environments with similar regulatory / cultural / infrastructural constraints is a strong plus.
• Exposure to regulated industries (banking & finance, oil & gas, energy, healthcare, government) is highly valued.

Qualifications & Certifications

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field
• Master’s degree is a plus but not mandatory (especially with significant experience)
• Required Certifications (or equivalent):

o CISSP (Certified Information Systems Security Professional)

o CISM / CISA

o Certifications in vendor‐specific firewall, network, or security tools (e.g. Palo Alto, Fortinet, CheckPoint, Cisco Security)

• Desirable / Bonus Certifications:

o CEH (Certified Ethical Hacker)

o OSCP (Offensive Security Certified Professional)

o CCNP Security / CCIE Security

o Cloud security certifications (e.g. AWS Certified Security Specialty, Azure Security Engineer, GCP Security)

o Certified Cloud Security Professional (CCSP)

o Certifications in forensics / threat intelligence

GCC-Specific Requirements

• Knowledge/experience with local laws & regulations: Data protection & privacy laws in respective GCC countries, national cybersecurity strategies, regulatory authorities (e.g. UAE’s NESA; Saudi Arabia’s SAMA / NCA; Qatar's MoCI & relevant regulations; CITC in Saudi; etc.).
• Multilingual communication often helpful: English is primary for business; Arabic language skills are often a plus (especially for certain public sector or government agencies).
• Experience or familiarity with Smart Cities, Critical Infrastructure / Energy, Oil & Gas sectors – because many GCC projects involve nationally strategic infrastructure.
• Knowledge of OT/ICS security (Operational Technology / Industrial Control Systems), especially in energy, utilities, petrochemical industries.

Job Type: Full-time