Job Specification

Join our dedicated Cyber Assurance Team within the Information Risk Management Department. Reporting to the Cyber Assurance Lead, you will play a critical role in strengthening our organization's security posture.

The Cyber Assurance team is responsible for proactively assessing and enhancing our security defenses. This involves conducting comprehensive ethical hacking activities and adversary simulations to identify potential vulnerabilities and control gaps. Your expertise will be vital in providing actionable recommendations to fortify our systems and ensure the resilience of our digital assets.

Job Purpose

• Contribute to the implementation and continuous improvement of the organization's overall cyber strategy, ensuring the protection of information systems and data against cyber threats and vulnerabilities. Support the Cyber Assurance Lead in monitoring, enhancing, and maintaining the cyber assurance program within QatarEnergy LNG's Information Security organization.

Job Context & Major Challenge(s)

• Major challenges are,
  (1) requires deep understanding of ethical hacking, penetration testing methodologies and offensive cybersecurity tactics
  (2) supporting the Information Risk Management Division Manager in dealing with an increased cybersecurity risk due to the geopolitical situation
  (3) contributing to the ongoing continuous improvement of SOC due to the current maturity level and the changing threat level
  (4) keeping up to date with IT and OT Information Security and developments.
  (5) keeping up to date with IT and OT Information Security regulatory requirements.

Key Job Accountabilities - I

• Adversary emulation: Plan and execute full-scope red team engagements that mimic real-world threat actors, including initial access, privilege escalation, and lateral movement.
• Phishing campaigns: Conduct advanced social engineering and targeted phishing campaigns that bypass modern email gateways.
• Technical assessments: Perform thorough assessments of complex production environments, including network infrastructure, cloud services, and applications.
• Malware development and EDR bypass: Develop custom malware, exploits, and post-exploitation tools designed to evade detection by Endpoint Detection and Response (EDR) and other security controls.
• C2 infrastructure management: Deploy, manage, and operate command-and-control (C2) frameworks such as Cobalt Strike, Brute Ratel C4, and Nighthawk C2.
• Operational security (OpSec): Maintain strict OpSec discipline to ensure all red team activities remain covert and undetected by defensive teams.
• Research and development (R&D): Conduct offensive security research to stay current with the latest tactics, techniques, and procedures (TTPs) and develop new tools and methodologies.

Key Job Accountabilities - II

Person Specification - Minimum Requirement

Qualifications

• Bachelor's degree level in information security, computer science or engineering.
• Professional certifications in information security management and standards (e.g., OSCP, OSCE, CRTP, CRTO, CRTL, etc.).

Knowledge and/or Experience - I

• 8+ years of experience in Offensive Security / Red Teaming
• Broad knowledge of current techniques and practices associated with development and service provision and is a recognized specialist in at least one area.
• Understands the main strategic and commercial issues facing IT and safety and availability expectations from OT and the Organization's management and a good understanding of the principles of management and control.
• Possesses good understanding of and practices according to a professional code of conduct and code of ethics.
• Possesses a good understanding of IT/OT business applications.

Technical and Business Skills - I

• Ability to assess and evaluate risk and the impact of legislation, and actively promotes compliance.
• Builds a good rapport and strategic relations with the OT OEM community and with the QatarEnergy LNG operation leads.
• Ability to deal effectively with stakeholders at all levels.
• Demonstrates integrity, objectivity and impartiality.
• Analytical skills.
• Applies pragmatic judgement in the application of rules.