Security Operations Officer – Security Assessment & Assurance Specialist
Share
Job Location:
Monthly Salary:
Experience Required:
Posted on:
11 hours ago
Vacancies:
1 Vacancy
Job Summary
Security Configuration Assessment (IT & OT)
- Conduct detailed configuration assessments of IT and OT systems based on CIS Benchmarks NIST guidelines and internal security standards.
- Review firewall rulesets to ensure least privilege segmentation and policy compliance.
- Assess network devices (routers switches load balancers SASE/SSE gateways) for secure configurations.
- Validate OS hardening patch compliance and baseline configurations across servers and endpoints.
- Evaluate Network Access Control (NAC) deployments for coverage enforcement and effectiveness.
- Review SASE/SSE implementations to ensure secure access data protection and consistent policy application.
- Recommend hardening measures to reduce attack surface and enhance operational resilience.
- Identify security risks across IT OT and cloud assets through technical assessments and analytics.
- Conduct and coordinate penetration testing for cloud workloads web applications APIs and internal systems.
- Perform security assessments of Kubernetes and containerized environments (GKE AKS).
- Map findings from vulnerability scans pen tests and configuration reviews to operational and business impacts.
- Execute red team and adversary simulation exercises to evaluate detection and response maturity.
- Contribute to risk documentation validation and reporting for leadership visibility.
- Track and manage vulnerabilities across IT OT and cloud environments.
- Prioritize remediation based on risk severity exploitability and business impact.
- Collaborate with infrastructure application and OT teams to ensure timely remediation and validation.
- Maintain dashboards and executive reports showing vulnerability trends and remediation KPIs.
- Develop implement and oversee security assurance programs across IT OT and cloud domains.
- Track and report KPIs and KRIs to measure program maturity and effectiveness.
- Conduct periodic control reviews and baseline validations to ensure adherence to risk mitigation strategies.
- Identify gaps or deviations and drive corrective actions in coordination with relevant stakeholders.
Requirements
- 8 years of hands-on experience in security assessment penetration testing or security assurance.
- Bilingual proficiency in Arabic (Mandatory).
- Strong background in manual and automated penetration testing including red team/adversary simulations.
- Deep understanding of configuration benchmarks security hardening and risk assessment methodologies.
- Technical expertise in GCP and Azure environments.
- Experience with firewall rule auditing network device configuration assessments OS hardening and OT/ICS system assessments.
- Proficiency with industry-standard tools: Burp Suite Metasploit Nmap Nessus Qualys Wireshark.
- Experience with cloud-native security platforms (GCP Security Command Center Azure Defender Prisma Cloud/CNAPP).
- Familiar with regulatory frameworks: ISO 27001 NIST CSF IEC 62443 Qatar NIA QCSF.
- Strong analytical communication and reporting skills.
- Bachelors degree in Cybersecurity Computer Science Information Technology or a related field (or equivalent experience).
- CISSP
- OSCP OSEP OSCE
- CRISC
- CCSK
- CRTE
- Cloud Certifications (GCP Professional Cloud Security Engineer Azure Security Engineer Associate)
- GICSP (preferred for OT/ICS)
- In-depth knowledge of security assurance frameworks and vulnerability management processes.
- Expertise in firewall auditing network segmentation and Zero Trust architecture.
- Strong experience in manual/automated penetration testing and red team exercises.
- Proficiency in cloud security controls Kubernetes/container security and IaC security validation.
- Strong understanding of OT/ICS security principles and architecture.
- Experience with threat modeling control validation and risk reporting.
- Ability to translate complex technical findings into clear business risk language.
- Excellent reporting and presentation skills for both technical and executive audiences.
Benefits
Required Skills:
Key Responsibilities Security Configuration Assessment (IT & OT) - Conduct detailed configuration assessments of IT and OT systems based on CIS Benchmarks NIST guidelines and internal security standards. - Review firewall rulesets to ensure least privilege segmentation and policy compliance. - Assess network devices (routers switches load balancers SASE/SSE gateways) for secure configurations. - Validate OS hardening patch compliance and baseline configurations across servers and endpoints. - Evaluate Network Access Control (NAC) deployments for coverage enforcement and effectiveness. - Review SASE/SSE implementations to ensure secure access data protection and consistent policy application. - Recommend hardening measures to reduce attack surface and enhance operational resilience. Technical Risk Identification - Identify security risks across IT OT and cloud assets through technical assessments and analytics. - Conduct and coordinate penetration testing for cloud workloads web applications APIs and internal systems. - Perform security assessments of Kubernetes and containerized environments (GKE AKS). - Map findings from vulnerability scans pen tests and configuration reviews to operational and business impacts. - Execute red team and adversary simulation exercises to evaluate detection and response maturity. - Contribute to risk documentation validation and reporting for leadership visibility. Vulnerability Remediation Management - Track and manage vulnerabilities across IT OT and cloud environments. - Prioritize remediation based on risk severity exploitability and business impact. - Collaborate with infrastructure application and OT teams to ensure timely remediation and validation. - Maintain dashboards and executive reports showing vulnerability trends and remediation KPIs. Security Assurance - Develop implement and oversee security assurance programs across IT OT and cloud domains. - Track and report KPIs and KRIs to measure program maturity and effectiveness. - Conduct periodic control reviews and baseline validations to ensure adherence to risk mitigation strategies. - Identify gaps or deviations and drive corrective actions in coordination with relevant stakeholders.
Required Education:
Qualifications & Experience- 8 years of hands-on experience in security assessment penetration testing or security assurance.- Bilingual proficiency in Arabic (Mandatory).- Strong background in manual and automated penetration testing including red team/adversary simulations.- Deep understanding of configuration benchmarks security hardening and risk assessment methodologies.- Technical expertise in GCP and Azure environments.- Experience with firewall rule auditing network device c
Company Industry
IT Services and IT Consulting
Key Skills
- CCTV
- Low Voltage
- Network Management
- IDS
- Computer Networking
- Field Service
- ICD Coding
- Military Experience
- Security
- Security System Experience
- Information Security
- Troubleshooting
About Company
0-50 employees
Black & Grey HR is a talent acquisition company that can redefine the concept of ‘experience’ in the recruitment process & build great employer brands. We understand that technological advancements, including mobile internet, social media, automation and artificial intelligence, are ... View more
