Job Description

Key Responsibilities

Design & Architecture
o Develop and maintain secure architecture for network, systems, cloud (IaaS, PaaS, SaaS), and hybrid environments.

o Integrate security into system & application design (secure-by-design / DevSecOps).

o Lead security reviews for new initiatives / infrastructure / software.

Security Operations & Infrastructure Management
o Configure, deploy, and maintain security tools: firewalls, IDS/IPS, VPNs, NAC, Web Proxies, Endpoint Detection & Response (EDR).

o Oversee security infrastructure and platforms: SIEM, log management, threat detection & monitoring.

o Manage patching, vulnerability scanning / management, configuration hardening.

Incident Response & Threat Management
o Lead investigations following security incidents, coordinate response, forensics, remediation & lessons learned.

o Conduct threat modelling and threat hunting.

o Develop and maintain incident response playbooks and plans.

Governance, Risk & Compliance (GRC)
o Implement security governance framework (policies, standards, SOPs).

o Ensure compliance with local, regional, and international regulatory requirements (e.g. NESA, CITC, Data Protection laws, ISO 27001, GDPR if applicable).

o Perform risk assessments, third-party vendor risk evaluations.

Cloud Security & Emerging Technologies
o Secure cloud services (AWS, Azure, GCP) & cloud migration projects.

o Use Infrastructure as Code (IaC) tools (Terraform, AWS CloudFormation, ARM, etc.).

o Oversee container security (Kubernetes, Docker), microservices, serverless functions.

Penetration Testing & Red Teaming
o Plan and execute penetration tests / red teaming engagements.

o Assess application, network, infrastructure, and external facing systems.

Mentoring & Leadership
o Mentor junior security engineers / analysts.

o Lead or coordinate cross-functional security projects.

o Engage with stakeholders (IT, Ops, DevOps, C?level) to raise awareness and ensure security is built in.

Continuous Improvement & Research
o Monitor threat landscape and evolving vulnerabilities.

o Propose improvements, new tools, or security technologies.

o Keep up?to?date with innovations, cryptography, zero trust, identity?access trends.

Experience & Seniority

Typically 5-8+ years of total experience in cybersecurity, with at least 2-3 years in a senior / leadership / project?lead role. Strong track record of implementing complex security solutions and responding to incidents. Experience in the GCC or in environments with similar regulatory / cultural / infrastructural constraints is a strong plus. Exposure to regulated industries (banking & finance, oil & gas, energy, healthcare, government) is highly valued.
Qualifications & Certifications

Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field Master's degree is a plus but not mandatory (especially with significant experience) Required Certifications (or equivalent):
o CISSP (Certified Information Systems Security Professional)

o CISM / CISA

o Certifications in vendor?specific firewall, network, or security tools (e.g. Palo Alto, Fortinet, CheckPoint, Cisco Security)

Desirable / Bonus Certifications:
o CEH (Certified Ethical Hacker)

o OSCP (Offensive Security Certified Professional)

o CCNP Security / CCIE Security

o Cloud security certifications (e.g. AWS Certified Security Specialty, Azure Security Engineer, GCP Security)

o Certified Cloud Security Professional (CCSP)

o Certifications in forensics / threat intelligence

GCC-Specific Requirements

Knowledge/experience with local laws & regulations: Data protection & privacy laws in respective GCC countries, national cybersecurity strategies, regulatory authorities (e.g. UAE's NESA; Saudi Arabia's SAMA / NCA; Qatar's MoCI & relevant regulations; CITC in Saudi; etc.). Multilingual communication often helpful: English is primary for business; Arabic language skills are often a plus (especially for certain public sector or government agencies). Experience or familiarity with Smart Cities, Critical Infrastructure / Energy, Oil & Gas sectors - because many GCC projects involve nationally strategic infrastructure. Knowledge of OT/ICS security (Operational Technology / Industrial Control Systems), especially in energy, utilities, petrochemical industries.
Job Type: Full-time