Role Summary
Reponsibilities:
Security Configuration Assessment (IT & OT)
• Perform detailed configuration assessments of IT and OT environments against CIS Benchmarks, NIST guidelines, and internal standards.
• Review firewall rulesets ensuring least privilege, network segmentation, and policy compliance.
Assess network devices (routers, switches, load balancers, SSE/SASE gateways) for secure configurations.
• Validate OS hardening, patch compliance, and configuration baselines.
• Evaluate Network Access Control (NAC) configurations for effective coverage and policy enforcement.
• Recommend configuration hardening measures to reduce attack surface and improve resilience.
• Review SASE/SSE deployments to ensure secure access, data protection, and consistent policy enforcement.
Technical Risk Identification
• Identify and assess technical security risks across IT, OT, and cloud assets.
• Conduct or coordinate penetration testing of cloud workloads, web applications, APIs, and internal infrastructure.
• Perform container and Kubernetes security assessments (GKE, AKS).
• Map findings from vulnerability scans, pen tests, and configuration reviews to operational and business impacts.
• Conduct red team and adversary simulation exercises to validate detection and response capabilities.
• Contribute to risk documentation, validation, and reporting for management visibility.
Vulnerability Remediation Management
• Track, monitor, and manage vulnerabilities across IT and OT environments.
• Prioritize vulnerabilities based on risk, exploitability, and business impact.
• Coordinate with infrastructure, application, and OT teams to ensure timely remediation and validation of fixes.
• Maintain dashboards and executive summaries showing vulnerability trends and remediation metrics.
Security Assurance
• Develop and manage security assurance programs across IT, OT, and cloud domains.
• Track and report Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure program effectiveness.
• Conduct periodic control and compliance reviews to validate adherence to baselines and risk mitigation plans.
• Identify and document gaps or deviations and drive remediation through collaboration with responsible teams.
Qualification
8+ years of hands-on experience of experience in security assessment, penetration testing, and security assurance.
• Demonstrated experience in both manual and automated penetration testing, including red team/adversary simulation exercises.
• Deep understanding of security configuration benchmarks and risk assessment methodologies.
• Strong technical expertise in GCP and Azure cloud environments.
• Hands-on experience with: Firewall rule reviews and network device configuration assessments, OS and application hardening and OT/ICS security assessments.
• Proficiency in tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, Wireshark.
• Experience with cloud-native security services (GCP Security Command Center, Azure Defender, Prisma Cloud CNAPP).
• Familiarity with regulatory frameworks such as ISO 27001, NIST CSF, IEC 62443, Qatar NIA, QCSF.
• Strong analytical, problem-solving, and communication skills.
Education:
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
Certifications:
• CISSP, OSCP, OSEP, CRISC, OSCE, CCSK, CRTE.
• Cloud Specific Certifications (GCP Professional Cloud Security Engineer, Azure Security Engineer Associate), GICSP - preferred
Required Skillsets:
• In-depth knowledge of security assurance frameworks and vulnerability management processes.
• Expertise in firewall configuration auditing, network segmentation, and zero trust architecture.
• Proficiency in conducting manual and automated penetration testing and red teaming assessments.
• Proficiency in cloud security controls, Kubernetes/container security, and IaC security validation.
• Strong understanding of OT and ICS security principles.
• Familiarity with threat modeling, control validation, and risk reporting.
• Ability to translate complex technical findings into business risk context and provide actionable recommendations.
• Excellent report writing and presentation skills for both technical and executive stakeholders
Apply now by emailing your CV to