About the job
Primary purpose of job
Responsible for QatarEnergy’ s vulnerability lifecycle management activities for QatarEnergy IT and OT / Industrial systems. As an SME plan, lead, execute, report QatarEnergy’ s penetration assessments to identify security risks within applications, security controls and network infrastructure. Lead the vulnerability lifecycle management efforts, conduct hands-on technical assessment to detect potential security threats as well as anomalies by testing IT and OT systems and determine if a system or data set has been impacted and communicate and report the findings to QatarEnergy stakeholders.
Experience & Skills
- 8+ years of experience working in a large-scale IT environment with focus on Information Security, and knowledge of Operational Technology.
- 4+ years’ experience in industry conducting technical security assessment, penetration testing as well as vulnerability and penetration life cycle management activities.
- Proven track record in conducting security analysis and testing independently, demonstrating vulnerabilities and documenting the results. Track record showing ability to independently lead and perform technical security assessments, execute penetration tests from the scoping until reporting.
- Strong understanding of server, endpoint, networking, wireless hacking principles and commonly used Internet protocols.
- Extensive knowledge of security best practices and concepts Vulnerability Assessment & Penetration Testing.
- Demonstrate knowledge of Cyber Security principles, techniques and technologies such as SANS Critical Security Controls and OWASP.
- Good knowledge of IT including multiple operating systems and system skills (Windows, Unix) Good knowledge of client-server applications, multi-tier web applications, relational databases, security appliances, sandboxing. Good Knowledge of OT systems and their potential risks and threats.
- Security Operations Centre Experience in conducting security investigations is a plus.
- Solid experience in scripting (e.g. Python, Perl, and PowerShell).
- Possession of Industry Certifications (SANS, GCIA, ICS2, ISACA, EC Council (OSCP, OCSE, GPEN, GWAPT, GXPN, GAWN, GCIH, (C|EH), CHFI, GREM, GMOB) equivalent technical certification.
- Bachelor’s degree in information security, computer science, or systems engineering.