Security Operations Officer – Security Assessment & Assurance Specialist

About This Role

Black & Grey HR is recruiting for an established technology solutions and services provider in Doha, Qatar. Our client is seeking an experienced Security Operations Officer – Security Assessment & Assurance Specialist who will play a critical role in evaluating, strengthening, and assuring the security posture across IT, OT, and cloud environments. This role focuses on configuration assessments, vulnerability management, penetration testing, and security assurance programs—ensuring the organization maintains strong cyber resilience during both mega events and routine operations. Arabic proficiency is mandatory.

Key Responsibilities

Security Configuration Assessment (IT & OT)

• Conduct detailed configuration assessments of IT and OT systems based on CIS Benchmarks, NIST guidelines, and internal security standards.
• Review firewall rulesets to ensure least privilege, segmentation, and policy compliance.
• Assess network devices (routers, switches, load balancers, SASE/SSE gateways) for secure configurations.
• Validate OS hardening, patch compliance, and baseline configurations across servers and endpoints.
• Evaluate Network Access Control (NAC) deployments for coverage, enforcement, and effectiveness.
• Review SASE/SSE implementations to ensure secure access, data protection, and consistent policy application.
• Recommend hardening measures to reduce attack surface and enhance operational resilience.

Technical Risk Identification

• Identify security risks across IT, OT, and cloud assets through technical assessments and analytics.
• Conduct and coordinate penetration testing for cloud workloads, web applications, APIs, and internal systems.
• Perform security assessments of Kubernetes and containerized environments (GKE, AKS).
• Map findings from vulnerability scans, pen tests, and configuration reviews to operational and business impacts.
• Execute red team and adversary simulation exercises to evaluate detection and response maturity.
• Contribute to risk documentation, validation, and reporting for leadership visibility.

Vulnerability Remediation Management

• Track and manage vulnerabilities across IT, OT, and cloud environments.
• Prioritize remediation based on risk severity, exploitability, and business impact.
• Collaborate with infrastructure, application, and OT teams to ensure timely remediation and validation.
• Maintain dashboards and executive reports showing vulnerability trends and remediation KPIs.

Security Assurance

• Develop, implement, and oversee security assurance programs across IT, OT, and cloud domains.
• Track and report KPIs and KRIs to measure program maturity and effectiveness.
• Conduct periodic control reviews and baseline validations to ensure adherence to risk mitigation strategies.
• Identify gaps or deviations and drive corrective actions in coordination with relevant stakeholders.

Requirements

Qualifications & Experience

• 8+ years of hands-on experience in security assessment, penetration testing, or security assurance.
• Bilingual proficiency in Arabic (Mandatory).
• Strong background in manual and automated penetration testing, including red team/adversary simulations.
• Deep understanding of configuration benchmarks, security hardening, and risk assessment methodologies.
• Technical expertise in GCP and Azure environments.
• Experience with firewall rule auditing, network device configuration assessments, OS hardening, and OT/ICS system assessments.
• Proficiency with industry-standard tools: Burp Suite, Metasploit, Nmap, Nessus, Qualys, Wireshark.
• Experience with cloud-native security platforms (GCP Security Command Center, Azure Defender, Prisma Cloud/CNAPP).
• Familiar with regulatory frameworks: ISO 27001, NIST CSF, IEC 62443, Qatar NIA, QCSF.
• Strong analytical, communication, and reporting skills.

Education

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).

Certifications (Preferred)

• CISSP
• OSCP, OSEP, OSCE
• CRISC
• CCSK
• CRTE
• Cloud Certifications (GCP Professional Cloud Security Engineer, Azure Security Engineer Associate)
• - GICSP (preferred for OT/ICS)

Required Skillset

• In-depth knowledge of security assurance frameworks and vulnerability management processes.
• Expertise in firewall auditing, network segmentation, and Zero Trust architecture.
• Strong experience in manual/automated penetration testing and red team exercises.
• Proficiency in cloud security controls, Kubernetes/container security, and IaC security validation.
• Strong understanding of OT/ICS security principles and architecture.
• Experience with threat modeling, control validation, and risk reporting.
• Ability to translate complex technical findings into clear business risk language.
• Excellent reporting and presentation skills for both technical and executive audiences.