Security Operations Officer (Security Assessment and Assurance Specialist)

We’re Hiring | Security Operations Officer – Security Assessment & Assurance (Arabic Speaking)

We are seeking an experienced Security Operations Officer / Security Assessment & Assurance Specialist with strong expertise in security configuration assessments, penetration testing, and risk assurance across IT, OT, and cloud environments.

🔹 Arabic speaking is mandatory.

Key Responsibilities

Security Configuration Assessment (IT & OT)

• Perform detailed configuration assessments against CIS Benchmarks, NIST guidelines, and internal standards
• Review firewall rulesets to ensure least privilege, segmentation, and policy compliance
• Assess network devices (routers, switches, load balancers, SASE/SSE gateways) for secure configurations
• Validate OS hardening, patch compliance, and baseline configurations
• Evaluate NAC configurations for coverage and policy enforcement
• Review SASE/SSE implementations for secure access and consistent policy enforcement
• Recommend configuration hardening to reduce attack surface and improve resilience

Technical Risk Identification

• Identify and assess security risks across IT, OT, and cloud assets
• Conduct or coordinate penetration testing for cloud workloads, web apps, APIs, and internal infrastructure
• Perform container and Kubernetes security assessments (GKE, AKS)
• Correlate findings from vulnerability scans, pen tests, and configuration reviews to business impact
• Support red team and adversary simulation exercises
• Contribute to risk documentation, validation, and management reporting

Vulnerability Remediation Management

• Track and manage vulnerabilities across IT and OT environments
• Prioritize remediation based on risk, exploitability, and business impact
• Coordinate with infrastructure, application, and OT teams to validate fixes
• Maintain dashboards and executive summaries on vulnerability trends and KPIs

Security Assurance

• Develop and manage security assurance programs across IT, OT, and cloud
• Define and report KPIs and KRIs to measure control effectiveness
• Conduct periodic control and compliance reviews
• Identify gaps, document deviations, and drive remediation with stakeholders

Required Experience & Skills

• 8+ years of hands-on experience in security assessment, penetration testing, and assurance
• Arabic speaking – mandatory
• Experience in manual and automated penetration testing, red teaming, and adversary simulations
• Strong knowledge of security configuration benchmarks and risk assessment methodologies
• Hands-on expertise in GCP and Azure
• Experience with firewall rule reviews, network device assessments, OS/app hardening, and OT/ICS security
• Proficiency with tools: Burp Suite, Metasploit, Nmap, Nessus, Qualys, Wireshark
• Experience with cloud-native security platforms (GCP Security Command Center, Azure Defender, Prisma Cloud CNAPP)
• Familiarity with ISO 27001, NIST CSF, IEC 62443, Qatar NIA, QCSF
• Strong analytical, communication, and stakeholder management skills

Education & Certifications

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field (or equivalent experience)
• Certifications such as CISSP, OSCP, OSEP, OSCE, CRISC, CCSK, CRTE
• Cloud certifications (GCP Professional Cloud Security Engineer, Azure Security Engineer Associate) and GICSP preferred