About the job
Primary purpose of job
Lead Threat Detection & Response responsible for early detection, and rapid response in order for mitigating the cyber risks for QP’s IT and OT information systems. Lead Threat Detection & Response build, train and lead the 24/7 Cyber Detection and engineering team for IT and OT cyber security. As technical lead and incident responder for QatarEnergy Security Operations Centre’s Cyber Detection he/she will be leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. He/she will act as front-line point of escalation and serves as a technical escalation resource for other security analysts and engineers and provide mentoring for skill development. He/she partner with Information Security leads to implement and improve technology and process to enhance Cyber Security monitoring, detection, investigation, and response. Lead Threat Detection & Response supervises and coordinates engineers and external consultants who are responsible for the design, build and ongoing management of the QatarEnergy Detection platforms and ultimately support QatarEnergy’s IT and OT cyber security 7×24 mission critical operational expansion.
Experience & Skills
- 10 years of technical experience in Information Security, System Administration, or Network Engineering with at least 5 years of experience in Information Security.
- Preferably experience with large ICS & ICT environments in the Energy sector.
- Malware analysis, Vulnerability assessment & Forensic & memory analysis, and Data analytics.
- Ability to communicate between staff from analyst to managerial level, as well as maintain positive working relationships across the business. Focused “can-do” positive attitude to deliver excellent service excellent written and verbal business communication skills.
- Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
- Advanced knowledge of penetration techniques and forensic techniques.
- Moderate knowledge and experience with Cloud technologies.
- Moderate protocol analysis experience (Wireshark, Netwitness, etc.)
- Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux, Solaris, Unix).
- Solid knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
- Strong understanding of security incident management, malware management and vulnerability management processes.
- Experience with web content filtering technology – policy engineering and troubleshooting.
- Good awareness of IT Support processes, such as ITIL.
- Must maintain a professional demeanor in stressful situations.
- Bachelor’s degree in information security, computer science, or systems engineering.
- Possession of Industry Certifications (Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT), OSCE/ CHFI/ SANS Cyber Threat Hunting/ SANS GREM or equivalent SIEM/ security technologies technical certification (Advanced Level).
- Good awareness of IT Support processes, and frameworks such as ITIL, MITRE ATT@CK, OWASP10.