Job Specification

Join our dedicated Cyber Assurance Team within the Information Risk Management Department. Reporting to the Cyber Assurance Lead, you will play a critical role in strengthening our organization's security posture.

The Cyber Assurance team is responsible for proactively assessing and enhancing our security defenses. This involves conducting comprehensive ethical hacking activities and adversary simulations to identify potential vulnerabilities and control gaps. Your expertise will be vital in providing actionable recommendations to fortify our systems and ensure the resilience of our digital assets.

Job Purpose

• Contribute to the effectiveness of the organization's cyber defence by identifying risks, evaluating controls, and supporting the protection of information systems and data from cyber threats and vulnerabilities. Deliver and enhance key components of the cyber assurance program within QatarEnergy LNG's Information Security organization.

Job Context & Major Challenge(s) - I

• Major challenges:
  (1) requires deep understanding of ethical hacking, penetration testing methodologies and offensive cybersecurity tactics
  (2) supporting the Information Risk Management Division Manager in dealing with an increased cybersecurity risk due to the geopolitical situation
  (3) contributing to the ongoing continuous improvement of SOC due to the current maturity level and the changing threat level
  (4) keeping up to date with IT and OT Information Security and developments.
  (5) keeping up to date with IT and OT Information Security regulatory requirements.

Key Job Accountabilities - I

• Develop Attack Scenarios: Based on CTI and threat actor Tactics, Techniques, and Procedures (TTPs), create realistic and impactful threat simulation scenarios.
• Configure and Deploy Security Tools: Set up, configure, and run automated security scanning tools, such as vulnerability scanners and web application security scanners.
• Analyze Scan Results: Interpret findings from automated scans to identify potential vulnerabilities and weaknesses that could be exploited in a simulation.
• Perform Phishing Simulations: Design, execute, and analyze targeted phishing campaigns to test the human element of security and measure employee awareness.
• Collaborate for Defense Improvement: Work with blue teams to share insights on attack methodologies, improve detection capabilities, and enhance overall security posture.

Person Specification - Minimum Requirement

Qualifications

• Bachelor's degree level in information security, computer science or engineering.
• Professional certifications in information security management and standards (e.g., OSCP, CRTP, CRTO, OSWE, etc.)

Knowledge and/or Experience - I

• 5+ years of experience in Offensive Security / Red Teaming
• Broad knowledge of current techniques and practices associated with development and service provision and is a recognized specialist in at least one area.
• Understands the main strategic and commercial issues facing IT and safety and availability expectations from OT and the Organization's management and a good understanding of the principles of management and control.
• Possesses good understanding of and practices according to a professional code of conduct and code of ethics.
• Possesses a good understanding of IT/OT business applications.

Technical and Business Skills - I

• Ability to assess and evaluate risk and the impact of legislation, and actively promotes compliance.
• Builds a good rapport and strategic relations with the OT OEM community and QatarEnergy LNG Operation Leads.
• Ability to deal effectively with stakeholders at all levels.
• Demonstrates integrity, objectivity and impartiality.
• Analytical skills.
• Applies pragmatic judgement in the application of rules.