What Jobs are available for Cyber Analyst in Qatar?

Job Summary

• Creation of USE cases using MITRE framework, Dashboard and Reports on Splunk SIEM
• Strong technical background on Network Security, Threat hunting and Risk based analysis
• Analyzing Network traffic for IPS, WAF, Firewall, DDOS and other perimeter device.

*Key Accountabilities *

• Continuous monitoring and review of security events, reports, alerts and CSOC dashboards to identify anomalous patterns indicative of potential security incidents
• Responsible for timely and effective response to, and management of, incidents, events, notifications, calls and other activities related to CSOC including Root Cause Analysis
• Gather relevant information and provide actionable intelligence on potential cyber security threats and incidents

Other Accountabilities

• Take direction and guidance from InfoSec Management to build, support and update the CSOC playbooks/processes
• Render support for the administration and configuration of security controls such as SIEM, Anti-virus software, network security devices, PAM, DLP, Vulnerability Management, etc.
• Prepare security awareness messages, presentations and announcements for management, IT staff, and regular users
• Participate in regular cyber drills and CSOC exercises

*Education *

• Bachelor's degree in Computer Science or equivalent

• Contribute to the effectiveness of the organization's cyber defence by identifying risks, evaluating controls, and supporting the protection of information systems and data from cyber threats and vulnerabilities. Deliver and enhance key components of the cyber assurance program within QatarEnergy LNG's Information Security organization.

• Major challenges:
  (1) requires deep understanding of ethical hacking, penetration testing methodologies and offensive cybersecurity tactics
  (2) supporting the Information Risk Management Division Manager in dealing with an increased cybersecurity risk due to the geopolitical situation
  (3) contributing to the ongoing continuous improvement of SOC due to the current maturity level and the changing threat level
  (4) keeping up to date with IT and OT Information Security and developments.
  (5) keeping up to date with IT and OT Information Security regulatory requirements.

• Develop Attack Scenarios: Based on CTI and threat actor Tactics, Techniques, and Procedures (TTPs), create realistic and impactful threat simulation scenarios.
• Configure and Deploy Security Tools: Set up, configure, and run automated security scanning tools, such as vulnerability scanners and web application security scanners.
• Analyze Scan Results: Interpret findings from automated scans to identify potential vulnerabilities and weaknesses that could be exploited in a simulation.
• Perform Phishing Simulations: Design, execute, and analyze targeted phishing campaigns to test the human element of security and measure employee awareness.
• Collaborate for Defense Improvement: Work with blue teams to share insights on attack methodologies, improve detection capabilities, and enhance overall security posture.

• Bachelor's degree level in information security, computer science or engineering.
• Professional certifications in information security management and standards (e.g., OSCP, CRTP, CRTO, OSWE, etc.)

• 5+ years of experience in Offensive Security / Red Teaming
• Broad knowledge of current techniques and practices associated with development and service provision and is a recognized specialist in at least one area.
• Understands the main strategic and commercial issues facing IT and safety and availability expectations from OT and the Organization's management and a good understanding of the principles of management and control.
• Possesses good understanding of and practices according to a professional code of conduct and code of ethics.
• Possesses a good understanding of IT/OT business applications.

• Ability to assess and evaluate risk and the impact of legislation, and actively promotes compliance.
• Builds a good rapport and strategic relations with the OT OEM community and QatarEnergy LNG Operation Leads.
• Ability to deal effectively with stakeholders at all levels.
• Demonstrates integrity, objectivity and impartiality.
• Analytical skills.
• Applies pragmatic judgement in the application of rules.

Job Posting Date: 16 Oct 2025

Work Location: Doha, QA

Company: QatarEnergy LNG

Join our dedicated Cyber Assurance Team within the Information Risk Management Department. Reporting to the Cyber Assurance Lead, you will play a critical role in strengthening our organization's security posture.

The Cyber Assurance team is responsible for proactively assessing and enhancing our security defenses. This involves conducting comprehensive ethical hacking activities and adversary simulations to identify potential vulnerabilities and control gaps. Your expertise will be vital in providing actionable recommendations to fortify our systems and ensure the resilience of our digital assets.

• Contribute to the effectiveness of the organization's cyber defence by identifying risks, evaluating controls, and supporting the protection of information systems and data from cyber threats and vulnerabilities. Deliver and enhance key components of the cyber assurance program within QatarEnergy LNG's Information Security organization.

• Major challenges:

(1) requires deep understanding of ethical hacking, penetration testing methodologies and offensive cybersecurity tactics

(2) supporting the Information Risk Management Division Manager in dealing with an increased cybersecurity risk due to the geopolitical situation

(3) contributing to the ongoing continuous improvement of SOC due to the current maturity level and the changing threat level

(4) keeping up to date with IT and OT Information Security and developments.

(5) keeping up to date with IT and OT Information Security regulatory requirements.

• Develop Attack Scenarios: Based on CTI and threat actor Tactics, Techniques, and Procedures (TTPs), create realistic and impactful threat simulation scenarios.
• Configure and Deploy Security Tools: Set up, configure, and run automated security scanning tools, such as vulnerability scanners and web application security scanners.
• Analyze Scan Results: Interpret findings from automated scans to identify potential vulnerabilities and weaknesses that could be exploited in a simulation.
• Perform Phishing Simulations: Design, execute, and analyze targeted phishing campaigns to test the human element of security and measure employee awareness.
• Collaborate for Defense Improvement: Work with blue teams to share insights on attack methodologies, improve detection capabilities, and enhance overall security posture.

• Bachelor's degree level in information security, computer science or engineering.
• Professional certifications in information security management and standards (e.g., OSCP, CRTP, CRTO, OSWE, etc.)

• 5+ years of experience in Offensive Security / Red Teaming
• Broad knowledge of current techniques and practices associated with development and service provision and is a recognized specialist in at least one area.
• Understands the main strategic and commercial issues facing IT and safety and availability expectations from OT and the Organization's management and a good understanding of the principles of management and control.
• Possesses good understanding of and practices according to a professional code of conduct and code of ethics.
• Possesses a good understanding of IT/OT business applications.

• Ability to assess and evaluate risk and the impact of legislation, and actively promotes compliance.
• Builds a good rapport and strategic relations with the OT OEM community and QatarEnergy LNG Operation Leads.
• Ability to deal effectively with stakeholders at all levels.
• Demonstrates integrity, objectivity and impartiality.
• Analytical skills.
• Applies pragmatic judgement in the application of rules.

Job Purpose

• Responsible to support Information Security Governance, Risk and Control
• activities. Assist in all information security activities in order to protect the
• organization's information technology assets from cyber-attacks.
• Function Information Technology

Key Responsibilities

• Supporting and maintaining the required Information Security policies, procedures, guidelines, registers and relevant documentations for the GRC activities.
• Obtain, review, and prepare periodic review reports such as User
• Access Management reports for Audit, GRC and other government
• regulatory compliance activities.
• Coordinate, conduct and participate in all related Audits includingISMS, MPTO, Internal and External.
• Maintain overall ISMS related documentation with appropriate versioning and tracking changes
• Coordinate Information Security and Privacy Management related
• Meetings
• Train and support the internal teams and staffs on activities related to information security compliance and personal information and privacy management
• Ensure all approved policies related to Information Security are applied and maintained in an effective and efficient manner
• Coordinate with relevant Teams and external MSPs on incidence response activities
• Support staffs on minor troubleshooting activities related to information security Create / Translate relevant documentations and contents in Arabic for
• wider circulation Coordinate, communicate effectively and maintain cordial relationship with internal and external departments of Qatar Post with respect to information security activities

Knowledge / Skills Required

• University Degree related to Information Technology or similar

Qualification

• Good knowledge in Arabic both written and spoken
• Preferably certifications in Information Security such as CISA, CISM,
• MCSE
• Preferably certifications in ISO27001:2013 Lead Implementer
• 3+ years of experience in information security or information
• technology processing facilities

Information Security Analyst

Job Purpose

• Responsible to support Information Security Governance, Risk and Control
• activities. Assist in all information security activities in order to protect the
• organization's information technology assets from cyber-attacks.
• Function Information Technology

Key Responsibilities

• Supporting and maintaining the required Information Security policies, procedures, guidelines, registers and relevant documentations for the GRC activities.
• Obtain, review, and prepare periodic review reports such as User
• Access Management reports for Audit, GRC and other government
• regulatory compliance activities.
• Coordinate, conduct and participate in all related Audits includingISMS, MPTO, Internal and External.
• Maintain overall ISMS related documentation with appropriate versioning and tracking changes
• Coordinate Information Security and Privacy Management related
• Meetings
• Train and support the internal teams and staffs on activities related to information security compliance and personal information and privacy management
• Ensure all approved policies related to Information Security are applied and maintained in an effective and efficient manner
• Coordinate with relevant Teams and external MSPs on incidence response activities
• Support staffs on minor troubleshooting activities related to information security Create / Translate relevant documentations and contents in Arabic for
• wider circulation Coordinate, communicate effectively and maintain cordial relationship with internal and external departments of Qatar Post with respect to information security activities

Knowledge / Skills Required

• University Degree related to Information Technology or similar

Qualification

• Good knowledge in Arabic both written and spoken
• Preferably certifications in Information Security such as CISA, CISM,
• MCSE
• Preferably certifications in ISO27001:2013 Lead Implementer
• 3+ years of experience in information security or information
• technology processing facilities

Primary Purpose Of The Job
Governance and execution of the Information Security Management System (ISMS) including developing

policies,standards and procedures required for the corporate information security in both an Information

technology (IT) and Operational Technology (OT) capacity.

Define required information security policies, standards and procedures related to their areas of operation as well as

raising awareness of those polices, standards and procedures.

Ensure adequate an effective IT controls exist to meet applicable current and future security compliance requirements.

Conduct compliance and operational maturity assessments to ensure optimal operation of the information and

operational technology environments under the guidelines of the ISMS.

Develop reporting Metrics, dashboards and evidences of compliance activities.

Coordinate with IT stakeholders, project managers, and business owners to facilitate vendor risk assessments, due

diligence review and security requirements definition. Maintain third-party assessment documentation.

Stay updated on the latest security trends, emerging threats and best practices to continuously improve the overall

security posture.

Coordinate and align activities between Information Security and Business Continuity, and liaise within IT Department

to ensure business continuity and disaster recovery plans are in place, tested, and report regularly.

Carry out other Security related activities as assigned by team Lead.

Required Experience And Skills
10+ years of relevant professional experience.

• Experience with large ICS & ICT environments in the Energy sector, preferably in Oil & Gas.
• Experience with and understanding of customized information security management systems.
• Experience in defining Governance, Risk, and Compliance (GRC) processes and leveraging industry-standard GRC

tools and products.

• Knowledge of information security capabilities and requirements analysis.
• Knowledge of relevant state laws, industry regulations, and security standards.
• Excellent written, verbal and presentation communication skills.

Educational Qualifications
Bachelor degree in information security, computer science, or engineering.

• Professional certifications in information security management and standards compliance (e.g., CISSP, CISM,

CRISC, GIAC, ISO27001, etc.) and experience with control frameworks (e.g., NIST Cybersecurity Control Framework).

About
ANA
B
ION

We are
ANA
B
ION
, an international biotech company dedicated to helping people live longer and healthier lives. Our strong portfolio spans effective, safe, and affordable solutions in Life Sciences, including innovative treatments, biosimilars, and gene therapies for oncology, autoimmune disorders, and rare diseases such as SMA and hemophilia.

About the Role

We are seeking an
Information Security Engineer
to join our growing team at
ANA
B
ION
. In this role, you will monitor and maintain our information protection systems, respond to security incidents, support users with access and data security, and contribute to projects that strengthen our detection and prevention capabilities. Success in this position requires strong analytical skills, attention to detail, and the ability to balance day-to-day operational responsibilities with proactive security improvements. We are looking for someone who goes beyond routine monitoring — bringing initiative, insight, and a strong security mindset to protect our company's data and support the efficiency of our global operations.

Responsibilities:

1. Maintain continuous monitoring and oversight of information protection tools (EDR, SIEM, DLP, vulnerability scanner) as part of daily security operations.
2. Respond to information security incidents within established timeframes, participate in their investigation and remediation, develop risk mitigation plans, document them, and track all activities in the Jira task management system.
3. Administer and maintain the performance of information security systems, including their configuration, monitoring and troubleshooting.
4. Regularly assess company services and information systems for compliance with legal and regulatory requirements in personal data protection, and address tasks aimed at raising information security awareness, including corporate newsletters and meetups.
5. Develop and timely update internal regulatory documents in the field of personal data protection and ensuring commercial secrecy regime.
6. Provide daily user support on information security matters, including secure data sharing, access rights management, and handling blocked resources.
7. Contribute to project initiatives such as implementing new protection tools, improving detection logic, and other development tasks in the field of information security.

Professional Knowledge & Skills:

• Comprehensive understanding of computer science and information systems.
• Hands-on experience with network defense technologies, firewalls, intrusion detection, and vulnerability assessment.
• Familiarity with programming/scripting languages, penetration testing, cloud security, risk analysis, and forensics.
• Up-to-date knowledge on emerging attack vectors and security solutions.
• Advanced English is required; Arabic or Russian is desirable but not mandatory.

Competencies & Soft Skills:

• Strong problem-solving, critical thinking, teamwork, time management, and the ability to remain effective under pressure.
• High ethical standards and discretion regarding sensitive data.
• Willingness to pursue continual professional development due to the evolving nature of cyber threats.

What We Offer:

• Be part of a fast-growing biotech company with access to global innovation and strategic support.
• Exposure to international cross-functional teams and career development opportunities across the ANABION global network.
• A collaborative, science-driven, and entrepreneurial work culture.
• A smart, competitive package, with bonus incentives aligned to performance.

Lesha Bank is searching for the greatest talent and brightest minds to contribute to the current growth phase at our bank. We are looking for top-tier individuals who are passionate and hungry to add value from day one. Every day at Lesha is different, presenting a new challenge with the opportunity to contribute and grow. We are looking for an Information Security Officer (ISO).

Role Purpose

The Information Security Officer (ISO) will be responsible for developing, implementing, and overseeing the bank's information security strategy, policies, and controls. The role ensures that the bank's data, systems, applications, and infrastructure are safeguarded against internal and external threats while meeting local regulatory requirements (QCB, QFCRA, NCSA-Q) and international standards (ISO 27001, NIST, GDPR, PCI-DSS as relevant).

Key Responsibilities

Governance & Compliance

• Establish, maintain, and enforce the bank's information security framework, aligned with QCB, QFCRA, and local cybersecurity regulations.
• Ensure compliance with international standards (ISO 27001, NIST CSF, COBIT, PCI-DSS) and conduct regular gap analyses.
• Prepare and present security risk assessments and reports to senior management, regulators, and the Board Risk Committee.
• Design, implement, and enforce security policies and procedures to safeguard the bank's infrastructure and data.

Security Operations

• Oversee Security Operations Center (SOC) activities, incident response, and threat intelligence monitoring.
• Develop and maintain business continuity, disaster recovery, and incident response plans.
• Implement and monitor Data Loss Prevention (DLP), intrusion detection/prevention (IDS/IPS), endpoint protection, and other security tools.
• Lead investigations of security breaches, develop strategies for handling incidents, and ensure lessons learned are integrated into policies and processes.
• Stay current with the latest security systems, standards, and products to ensure optimal protection.
• Regularly evaluate the effectiveness of security measures and update them against emerging threats and industry best practices.
• Conduct regular staff training on security awareness, best practices, and incident procedures.
• Collaborate with IT and business management to continuously improve security controls and culture.

Risk Management

• Conduct enterprise-wide risk assessments on systems, applications, vendors, and third-party service providers.
• Identify vulnerabilities and ensure timely remediation through patch management and secure configurations.
• Work with IT and business units to integrate security into new product initiatives.

Vendor & Technology Oversight

• Evaluate and approve technology vendors, outsourcing partners, and cloud solutions for compliance with security standards.
• Manage penetration tests, vulnerability assessments, and external audits.

Requirements:

• Bachelor's degree in information security, Computer Science, or related field. Master's degree preferred.
• Professional certifications: CISSP or CISM required; CISA and ISO 27001 Lead Implementer preferred.
• Cloud security certifications (e.g., CCSP, AWS Security) are a plus.
• 8–12 years in information security, with at least 5 years in the financial-services sector.
• Strong background in banking systems, digital channels, payment systems, and regulatory environments.
• Proven experience engaging with regulators (QCB, QFCRA, CMA, or equivalent).
• Proven experience in implementing SEIM Solutions, managing SOC Team.
• Expertise in cybersecurity frameworks, network security, cryptography, and identity & access management.
• Strong risk management and analytical skills.
• Excellent communication and stakeholder-management skills, capable of engaging effectively with regulators, auditors, and the Board.
• Ability to influence across departments, build a culture of security, and lead change initiatives without direct authority

The Information Security Engineer will focus on ensuring the organization's applications and data is secure and built according to best security standards. This role will be the subject matter expert on building secure code, application security, vulnerability testing, and providing security validation to the organization's environments.
Key Roles & Responsibilities

• Perform scheduled penetration testing of the company's applications
• Perform white, gray and black box security assessments.
• Support the organization, JVs and Subsidiaries in implementing Secure Software development lifecycle.
• Perform Mobile Services security Assessments.
• Support the organizations' environment monitoring by using available tools or help build internal tools to enable advanced threat detection and response.
• Conduct Security Vulnerability Assessments and impact assessment on company's electronic assets.
• Perform Security Assessments on ERP and other on-premise solutions.

Requirements
Skills, Knowledge and Behaviors:

• Ability to lead direct and indirect resources
• Ability to communicate technical challenges to non-technical audiences
• Ability to quantify risk and impact vectors
• Certified Ethical Hacker
• OCSP level of technical expertise
• Strong Scripting capability
• Strong ISO 27000 understanding
• Strong Application security background
• Strong Infrastructure security Background
• Strong experience in open source security tools

Qualifications & Experience

• Security Certification focusing on offensive or defensive practices
• Bachelor's degree in Information Security or Computer Engineering
• 10 + years in cybersecurity field
• System, network and/or application background

Preferred Experience

• Product development experience