Security Operations Officer(Security Assessment & Assurance Specialist) - Qatar

Hiring for the post of Security Operations Officer(Security Assessment & Assurance Specialist) - Qatar for a Semi_Govt Co.

Key Responsibilities

Security Assurance & Risk Management

• Lead security assessments, architecture reviews, vulnerability management, and assurance activities.

• Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.

• Manage the full security lifecycle from risk identification through remediation and validation.

• Translate technical findings into business-level risk statements and remediation plans.

Application, Cloud & Infrastructure Security

• Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.

• Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.

• Validate secure architectures, configuration baselines, and cloud-native security controls.

• Support secure SDLC and DevSecOps practices, including security testing and release controls.

Configuration Baselines & Continuous Hardening (New)

• Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools).

• Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements.

• Implement automated configuration compliance checks and continuous monitoring mechanisms.

• Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.

• Work with engineering and operations teams to enforce hardening standards and remediate deviations.

Architecture, Threat Modeling & Secure Design

• Lead security architecture and design reviews across applications, platforms, and integrations.

• Conduct threat modeling to identify attack paths, risks, and mitigation strategies.

• Ensure alignment with enterprise security architecture and Zero Trust principles.

Third-Party, Data Protection & Resilience

• Conduct security assessments of vendors, SaaS providers, and external integrations.

• Validate data protection, encryption, and privacy controls for sensitive and regulated data.

• Support cyber resilience activities, including OT/ICS security reviews, red team exercises, and incident response simulations.

Governance, Compliance & Reporting

• Ensure continuous alignment with regulatory and framework requirements (ISO 27001, NIST CSF, Qatar NIA, QCSF).

• Support internal and external audits with defensible, evidence-based controls.

• Define and report on security metrics, KPIs, and executive dashboards.

Required Experience & Skills

• 8+ years of experience in information security assessments and assurance.

• Strong expertise in application, API, mobile, and cloud security.

• Hands-on experience in penetration testing, vulnerability management, and security architecture reviews.

• Practical experience in system hardening, configuration baselines, and security control validation.

• Deep understanding of modern attack techniques and identity/authentication mechanisms.

• Proven ability to communicate technical risks to business stakeholders.

Preferred Certifications

• OSCP / OSEP / OSWE

• CISSP

• Cloud Security Certifications (Azure / GCP)

• IEC 62443

If interested please do share the updated CV to [Confidential Information] also share the below details:-

Total Exp-

Security Operations Exp-

Security Assessment Exp-

Security Assurance Exp-

Vulnerability Exp-

Education Qualification(Mention with graduated year)-

Age-

Nationality -

Current CTC-

Expected CTC-

Notice Period-

Current Location-

Thanks & Regards,

Shirol