Cyber Security Specialist - OSN Dubai

Role Purpose

• Security Operations & Incident Response

• Lead end-to-end security incident management: detection, triage, containment, eradication, recovery, and post-incident review.
• Operate as the primary escalation point within the SOC for Tier 2/3 security incidents and complex investigations.
• Develop and maintain incident response playbooks, runbooks, and communication frameworks aligned with NIST CSF and ISO 27035.
• Conduct forensic analysis of compromised systems, endpoints, and network activity; produce formal incident reports for technical and executive audiences.
• Coordinate with external MSSPs, threat intelligence vendors, and UAE regulatory bodies (e.g., UAE CIRT) during significant incidents.

• Threat Detection, Hunting & Analytics

• Design and implement advanced detection rules, correlation logic, and SIEM use cases to identify sophisticated threats and anomalous behaviour.
• Conduct structured threat-hunting exercises using frameworks such as MITRE ATT&CK to proactively surface hidden adversary activity.
• Analyse threat intelligence feeds and translate findings into actionable detection improvements and security control enhancements.
• Monitor OSN's attack surface continuously; track indicators of compromise (IoCs) and indicators of attack (IoAs) across all environments.
• Produce weekly threat landscape briefings for the security leadership team.

• Security Technology Administration

• Administer, tune, and optimise the security technology stack, including:
• SIEM (Microsoft Sentinel / Splunk) — rule authoring, dashboard development, log source onboarding
• DLP — policy configuration, alert triage, data classification framework integration
• WAF — ruleset management, bot mitigation, DDoS response coordination
• PAM — onboarding, policy governance, session recording review
• Vulnerability Management (Tenable / Qualys) — scan configuration, risk-based prioritisation
• Drive continuous improvement programmes across all security technologies, ensuring tools are fully utilised and aligned to current threat models.

• Cloud & Infrastructure Security

• Define and enforce security baselines, policies, and guardrails for Azure, AWS, and Microsoft 365 environments using native and third-party tooling.
• Lead cloud security posture management (CSPM) activities; identify and remediate misconfigurations and compliance gaps across IaaS, PaaS, and SaaS layers.
• Architect and implement zero-trust network access (ZTNA) controls and identity-centric security models for cloud workloads.
• Review and approve infrastructure-as-code (IaC) templates (Terraform, ARM) for security compliance before deployment.
• Partner with DevOps and platform engineering teams to embed security into CI/CD pipelines (shift-left security / DevSecOps).

• Vulnerability Management & Penetration Testing

• Own the end-to-end vulnerability management lifecycle: discovery, risk scoring (CVSS), prioritisation, remediation tracking, and reporting.
• Conduct internal penetration tests and red team exercises against web applications, APIs, cloud environments, and internal network segments.
• Manage relationships with external penetration testing vendors; review findings, validate remediations, and track exceptions.
• Maintain a formal risk register for open vulnerabilities and present quarterly status updates to IT leadership.

• Application & API Security

• Champion application security best practices aligned with OWASP Top 10, SANS CWE Top 25, and OSN's secure development lifecycle (SDL).
• Perform manual and automated security code reviews and DAST/SAST assessments for web applications, mobile apps, and internal platforms.
• Define and enforce API security standards; monitor for API abuse, injection attacks, and authentication weaknesses.
• Provide developer security training and guidance; act as a trusted security advisor embedded within product engineering squads.

• OTT, Broadcast & Content Security

• Protect OSN's OTT platforms, streaming services, and content delivery networks (CDN) against piracy, credential stuffing, account takeover, and content leakage.
• Implement and manage Digital Rights Management (DRM) technologies (Widevine, PlayReady, FairPlay) and ensure licence server integrity.
• Deploy and operate anti-piracy monitoring solutions across distribution channels; liaise with content owners on take-down procedures.
• Assess and address the unique cyber risks of broadcast infrastructure, including satellite uplink systems and contribution networks.
• Stay current with emerging threats targeting media and entertainment sector — including stream ripping, key extraction, and credential sharing.

• Compliance, Risk & Governance

• Ensure ongoing compliance with applicable regulations and frameworks, including UAE Personal Data Protection Law (PDPL), NESA, ISO 27001, and SOC 2.
• Conduct regular internal security audits, control assessments, and gap analyses; develop remediation roadmaps.
• Maintain, review, and update cyber security policies, standards, and procedures on an annual basis or following material incidents.
• Support external audits and regulatory inspections; act as a technical liaison for auditors and assessors.
• Contribute to the security risk register and report material risks to the Head of Cyber Security on a monthly cadence.

Education

• Bachelor’s degree (or higher) in Computer Science, Information Security, Electrical Engineering, or a closely related technical discipline.
• Equivalent combination of professional certifications and demonstrated experience will be considered.

Professional Certifications (Required — At Least One)

• CISSP — Certified Information Systems Security Professional
• CISM — Certified Information Security Manager
• CISA — Certified Information Systems Auditor
• GCIH — GIAC Certified Incident Handler

Professional Certifications (Preferred — Additional Value)

• Microsoft Certified: Security Operations Analyst Associate (SC-200) or Azure Security Engineer Associate (AZ-500)
• AWS Certified Security – Specialty
• CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)
• GCFE / GCFA (GIAC Forensic Examiner / Analyst)
• CompTIA Cloud+, Security+, or CySA+

Experience

• Minimum 3–5 years of progressive experience in cyber security operations, engineering, or consulting roles.
• Demonstrable hands-on experience operating and tuning a SIEM in a medium-to-large enterprise environment (500+ employees or equivalent asset volume).
• Proven track record managing security incidents end-to-end, including formal post-incident reporting and process improvement.
• Solid experience securing cloud environments — Azure and/or AWS — including native security services (Microsoft Defender for Cloud, AWS Security Hub, GuardDuty).
• Practical experience in penetration testing or red team activities (internal or external scope).
• Experience working within a regulated environment subject to data protection law (UAE, GDPR, or equivalent) is advantageous.

Security Operations & Tooling

• Advanced proficiency in SIEM platforms (Microsoft Sentinel preferred; Splunk advantageous) — KQL / SPL query authoring, alert engineering, dashboarding.
• Hands-on expertise with endpoint detection and response (EDR/XDR) tools — Microsoft Defender XDR, CrowdStrike, or SentinelOne.
• Working knowledge of DLP, PAM (CyberArk, BeyondTrust), WAF (Azure Front Door, Cloudflare, F5), and email security gateways.
• Experience with vulnerability scanning and management platforms (Tenable Nessus, Qualys, Rapid7).

Cloud & Infrastructure

• Deep understanding of cloud security architecture principles: identity and access management, network segmentation, encryption, and monitoring.
• Proficiency with Azure Security Centre / Defender for Cloud, AWS Security Hub, and Microsoft 365 Defender.
• Familiarity with container security (Docker, Kubernetes) and serverless security patterns.
• Understanding of network fundamentals: TCP/IP, DNS, HTTP/S, TLS, BGP, and firewall / IDS-IPS technologies.

Application & Devsecops

• Solid understanding of OWASP Top 10, secure SDLC, and common vulnerability classes (SQLi, XSS, SSRF, authentication flaws).
• Experience with SAST/DAST tools (e.g., Checkmarx, Veracode, Burp Suite Pro) and integrating security scanning into CI/CD pipelines.
• Scripting ability in Python, PowerShell, or Bash for automation of security tasks, log analysis, and tool integration.

Frameworks & Standards

• Practical working knowledge of NIST CSF, ISO 27001/27002, CIS Controls v8, MITRE ATT&CK, and OWASP.
• Awareness of UAE NESA, UAE PDPL, and relevant MENA regulatory requirements.