{bc}
naukri

Security Operations Officer-Security Assessment & Assurance Specialist

INTALEQ
Doha, QAT
Senior
2 months ago
Information SecuritySecurity AssuranceApplication SecurityCloud SecurityVulnerability ManagementPenetration Testing
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Information SecuritySecurity AssuranceApplication Security
Smart Apply

Full Job Posting

Overview

The Information Security Officer is responsible for leading and executing end-to-end security assurance activities across AZF’s technology landscape, including applications, cloud, infrastructure, identity, and third-party environments.

The role ensures security controls are properly designed, implemented, validated, and continuously enforced, including the definition and verification of secure configuration baselines across the enterprise, in alignment with ISMS, NCSA (Qatar NIA/QCSF), ISO 27001, and NIST CSF.

Security Assurance & Risk Management

  • Lead security assessments, architecture reviews, vulnerability management, and assurance activities.
  • Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.
  • Manage the full security lifecycle from risk identification through remediation and validation.
  • Translate technical findings into business-level risk statements and remediation plans.

Application, Cloud & Infrastructure Security

  • Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.
  • Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.
  • Validate secure architectures, configuration baselines, and cloud-native security controls.
  • Support secure SDLC and DevSecOps practices, including security testing and release controls.

Configuration Baselines & Continuous Hardening (New)

  • Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools).
  • Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements.
  • Implement automated configuration compliance checks and continuous monitoring mechanisms.
  • Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.
  • Work with engineering and operations teams to enforce hardening standards and remediate deviations.

Architecture, Threat Modeling & Secure Design

  • Lead security architecture and design reviews across applications, platforms, and integrations.
  • Conduct threat modeling to identify attack paths, risks, and mitigation strategies.
  • Ensure alignment with enterprise security architecture and Zero Trust principles.

Third-Party, Data Protection & Resilience

  • Conduct security assessments of vendors, SaaS providers, and external integrations.
  • Validate data protection, encryption, and privacy controls for sensitive and regulated data.
  • Support cyber resilience activities, including OT/ICS security reviews, red team exercises, and incident response simulations.

Governance, Compliance & Reporting

  • Ensure continuous alignment with regulatory and framework requirements (ISO 27001, NIST CSF, Qatar NIA, QCSF).
  • Support internal and external audits with defensible, evidence-based controls.
  • Define and report on security metrics, KPIs, and executive dashboards.

Preferred Arabic Speaking

  • 8+ years of experience in information security assessments and assurance.
  • Strong expertise in application, API, mobile, and cloud security.
  • Hands-on experience in penetration testing, vulnerability management, and security architecture reviews.
  • Practical experience in system hardening, configuration baselines, and security control validation.
  • Deep understanding of modern attack techniques and identity/authentication mechanisms.
  • Proven ability to communicate technical risks to business stakeholders.

• OSCP And OSEP And OSWE

  • CISSP

• Cloud Security Certifications (Azure And GCP)

  • IEC 62443

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at INTALEQ