Senior Security Officer

Skill – Senior Officer Security Operation Center

Location – Qatar

Virtusa

Perm Role

Position Summary:

We are seeking a Senior Offensive Security Consultant with a strong knowledge of offensive security practices and a proven ability to work independently. This role focuses on managing and integrating security tools across the software development lifecycle, particularly within CI/CD environments and containerized infrastructures. While hands-on offensive testing experience is not mandatory, the candidate must demonstrate a deep understanding of offensive security methodologies and tooling.

The ideal candidate will possess an awareness of the latest AI-driven security tooling and use cases for the software development lifecycle for the purpose of implementing scalable technical solutions. In addition, the candidate will be a self-starter who can operate autonomously, communicate effectively across technical and business teams, and drive security initiatives with minimal oversight.

Key Responsibilities:

Security Tool Management & Integration

• Own the deployment, configuration, and maintenance of:
• Static Application Security Testing (SAST) tools
• Dynamic Application Security Testing (DAST) tools
• Breach and Attack Simulation (BAS) tools
• Container Security Solutions (e.g., image scanning, runtime protection)
• Integrate security tools into CI/CD pipelines to enable automated and continuous security validation.
• Monitor tool performance, ensure scalability, and optimize configurations for accuracy and efficiency.

Security Strategy & Enablement

• Provide strategic guidance on offensive security practices including:
• Vulnerability identification
• Exploitation techniques
• Support red team and penetration testing efforts by enabling tooling and providing technical insights.
• Collaborate with development, DevOps, and cloud teams to embed security early in the SDLC.

Container & Cloud Security

• Evaluate and enhance the security posture of containerized environments (e.g., Docker, Kubernetes).
• Implement container image scanning, runtime protection, and orchestration security best practices.
• Work with cloud-native security tools and configurations across AWS, Azure, or GCP.

Autonomous Execution & Ownership

• Take full ownership of assigned projects and deliverables with minimal supervision.
• Proactively identify gaps in security tooling, processes, or coverage and propose solutions.
• Maintain documentation, dashboards, and reporting mechanisms for tool usage and effectiveness.

Communication & Collaboration

• Translate technical findings into clear, actionable insights for both technical and non-technical stakeholders.
• Present risk assessments, tool evaluations, and remediation strategies to leadership.
• Mentor junior team members and contribute to internal knowledge sharing and training initiatives.

Required Qualifications and Experience:

• University graduate in Computer Science subject
• Strong understanding of offensive security concepts and frameworks, including MITRE ATT&CK, vulnerability exploitation, DevSecOps and OWASP top ten projects.
• Experience managing or integrating SAST, DAST, attack simulation, and container security tools into CI/CD platforms (e.g., Jenkins, GitLab CI, Azure DevOps)
• Awareness of current breach and attack simulation platforms and AI-driven CI/CD pen testing solutions and their use cases (e.g., Cytix, SafeBreach, AttackIQ, Cymulate).
• Strong knowledge of container and kubernetes security
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Excellent verbal and written communication skills.

Preferred Qualifications and Experience:

• Certifications such as OSCP, CRTO, OSCE, or equivalent.
• Experience of streamlining SDLC processes and workflows using AI techniques and approaches
• Experience with cloud platforms (AWS, Azure, GCP) and their native security services.

Framework & Boundaries:

• Group’s overall strategic plan.
• Applicable policies and procedures.
• Delegated authorities as per the delegation of authority structure.
• Instructions of the Head of Cyber Risk Assessments and Group Chief Information Security Officer