Security Operations Officer-Security Assessment & Assurance Specialist
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Lead security assurance activities, manage vulnerability assessments, and ensure compliance with ISO 27001 and NIST CSF while possessing expertise in application and cloud secur.
Key Skills for This Role
Full Job Posting
Overview
The Information Security Officer is responsible for leading and executing end-to-end security assurance activities across AZF’s technology landscape, including applications, cloud, infrastructure, identity, and third-party environments.
The role ensures security controls are properly designed, implemented, validated, and continuously enforced, including the definition and verification of secure configuration baselines across the enterprise, in alignment with ISMS, NCSA (Qatar NIA/QCSF), ISO 27001, and NIST CSF.
Security Assurance & Risk Management
- Lead security assessments, architecture reviews, vulnerability management, and assurance activities.
- Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.
- Manage the full security lifecycle from risk identification through remediation and validation.
- Translate technical findings into business-level risk statements and remediation plans.
Application, Cloud & Infrastructure Security
- Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.
- Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.
- Validate secure architectures, configuration baselines, and cloud-native security controls.
- Support secure SDLC and DevSecOps practices, including security testing and release controls.
Configuration Baselines & Continuous Hardening (New)
- Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools).
- Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements.
- Implement automated configuration compliance checks and continuous monitoring mechanisms.
- Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.
- Work with engineering and operations teams to enforce hardening standards and remediate deviations.
Architecture, Threat Modeling & Secure Design
- Lead security architecture and design reviews across applications, platforms, and integrations.
- Conduct threat modeling to identify attack paths, risks, and mitigation strategies.
- Ensure alignment with enterprise security architecture and Zero Trust principles.
Third-Party, Data Protection & Resilience
- Conduct security assessments of vendors, SaaS providers, and external integrations.
- Validate data protection, encryption, and privacy controls for sensitive and regulated data.
- Support cyber resilience activities, including OT/ICS security reviews, red team exercises, and incident response simulations.
Governance, Compliance & Reporting
- Ensure continuous alignment with regulatory and framework requirements (ISO 27001, NIST CSF, Qatar NIA, QCSF).
- Support internal and external audits with defensible, evidence-based controls.
- Define and report on security metrics, KPIs, and executive dashboards.
Preferred Arabic Speaking
- 8+ years of experience in information security assessments and assurance.
- Strong expertise in application, API, mobile, and cloud security.
- Hands-on experience in penetration testing, vulnerability management, and security architecture reviews.
- Practical experience in system hardening, configuration baselines, and security control validation.
- Deep understanding of modern attack techniques and identity/authentication mechanisms.
- Proven ability to communicate technical risks to business stakeholders.
• OSCP And OSEP And OSWE
- CISSP
• Cloud Security Certifications (Azure And GCP)
- IEC 62443
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at INTALEQ
Senior IT Governance Officer
Doha, QAT
Lead IT governance, risk management, and compliance initiatives while developing strategies for change management and policy management in a complex environment.
Network Security Architect
Doha, QAT
Design and develop network security architectures, optimize Zero Trust and SASE, and ensure integration of advanced security solutions and policies.
Senior SOC Engineer
Doha, QAT
Responsible for security monitoring, incident response, vulnerability management, threat hunting, and developing detection strategies using SIEM and XDR platforms.
Database Administrator
Doha, QAT
Responsible for database operations, security, and optimization across multi-cloud platforms, ensuring high availability and performance in enterprise environments.
Systems Architect (Linux & Backup Services)
Doha, QAT
Responsible for architecting and managing Red Hat Enterprise Linux and Commvault Backup solutions, ensuring compliance, security, and disaster recovery across hybrid environments.
Systems Architect Lead (Cloud & Infrastructure)
Doha, QAT
Lead multi cloud architecture and strategy, ensuring governance, security, and cost management while mentoring the cloud engineering team for operational excellence.
PMO Analyst VT
Doha, QAT
Oversee Venue Technology project management, resource management, and stakeholder communication, ensuring effective project monitoring, risk management, and vendor performance.
AV/ELV Systems Engineer
Doha, QAT
Manage AV/ELV solution design, project management, and technical support while ensuring quality control and stakeholder coordination for venue operations.
Senior IT Governance Officer
Doha, QAT
Network Security Architect
Doha, QAT
Senior SOC Engineer
Doha, QAT
Database Administrator
Doha, QAT
Systems Architect (Linux & Backup Services)
Doha, QAT
Systems Architect Lead (Cloud & Infrastructure)
Doha, QAT
PMO Analyst VT
Doha, QAT
AV/ELV Systems Engineer
Doha, QAT
