Security Operations Officer – Security Assessment & Assurance Specialist

Job Title: Security Operations Officer Security Assessment & Assurance Specialist

Language Requirement: Arabic Speaking (Preferred)

Experience: 8+ Years

Domain: Cybersecurity | Security Operations | Risk & Assurance

Job Summary

The Security Operations Officer Security Assessment & Assurance Specialist is responsible for assessing, validating, and assuring the effectiveness of security controls across IT, OT, and cloud environments. The role focuses on configuration assessments, penetration testing, vulnerability remediation oversight, and continuous security assurance aligned with international standards and regional regulatory frameworks.

Arabic language capability is preferred.

Key Responsibilities

Security Configuration Assessment (IT & OT)

• Conduct detailed security configuration assessments of IT and OT environments against CIS Benchmarks, NIST guidelines, and internal security standards.
• Review firewall rulesets to ensure least privilege, network segmentation, and policy compliance.
• Assess secure configurations of network devices, including routers, switches, load balancers, and SSE/SASE gateways.
• Validate operating system hardening, patch levels, and configuration baselines.
• Evaluate Network Access Control (NAC) configurations for policy enforcement and coverage.
• Review SASE/SSE deployments to ensure secure access, data protection, and consistent policy enforcement.
• Recommend configuration hardening measures to reduce attack surface and improve resilience.

Technical Risk Identification & Testing

• Identify and assess technical security risks across IT, OT, and cloud assets.
• Conduct or coordinate penetration testing for cloud workloads, web applications, APIs, and internal infrastructure.
• Perform container and Kubernetes security assessments (GKE, AKS).
• Correlate findings from vulnerability scans, penetration tests, and configuration reviews to business and operational impacts.
• Execute or support red team and adversary simulation exercises to validate detection and response capabilities.
• Contribute to risk documentation, validation, and executive-level reporting.

Vulnerability Remediation Management

• Track, monitor, and manage vulnerabilities across IT and OT environments.
• Prioritize remediation actions based on risk severity, exploitability, and business impact.
• Coordinate with infrastructure, application, cloud, and OT teams to ensure timely remediation and validation.
• Maintain dashboards and executive summaries showing vulnerability trends, risk exposure, and remediation performance.

Security Assurance & Governance

• Design and manage security assurance programs across IT, OT, and cloud domains.
• Define, track, and report Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).
• Conduct periodic control effectiveness reviews and compliance assessments.
• Identify control gaps or deviations and drive remediation through collaboration with accountable teams.
• Support alignment with ISO 27001, NIST CSF, IEC 62443, Qatar NIA, and QCSF frameworks.

Required Qualifications & Experience

• 8+ years of hands-on experience in security assessment, penetration testing, vulnerability management, and security assurance.
• Proven experience in manual and automated penetration testing, including red team and adversary simulation exercises.
• Deep understanding of , and risk assessment methodologies.
• Strong technical expertise in GCP and Azure cloud security.
• Hands-on experience with:
• Firewall rule reviews and network device security assessments
• OS and application hardening
• OT / ICS security assessments
• Proficiency with security tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, and Wireshark.
• Experience with cloud-native security platforms such as GCP Security Command Center, Azure Defender, and Prisma Cloud (CNAPP).
• Arabic speaking ability is preferred.
• Strong analytical, communication, and stakeholder engagement skills.

Education

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field
• (or equivalent professional experience)

Certifications (Preferred)

• CISSP
• OSCP / OSEP / OSCE
• CRISC
• CRTE
• CCSK
• GCP Professional Cloud Security Engineer
• Azure Security Engineer Associate
• GICSP (Industrial / OT Security)

Key Skills

• Security Assurance & Control Validation
• Penetration Testing & Red Teaming
• Firewall & Network Configuration Auditing
• Zero Trust & Network Segmentation
• Cloud Security (Azure & GCP)
• Kubernetes & Container Security
• OT / ICS Security
• Vulnerability & Risk Management
• Threat Modeling & Risk Reporting
• Executive & Technical Reporting

Interested one share your resume to [Confidential Information]