198 Information Security jobs in Qatar

• Seven (7) years of relevant professional experience.
• Experience in large ICS/OT and ICT environments in the Energy sector, preferably in Oil & Gas.
• Strong, hands-on technical experience with Industrial Control System solutions (e.g., Distributed Control Systems, SCADA, etc).
• Strong, hands-on technical experience with network technologies (e.g., Cisco) and diverse Information Security technologies (e.g., firewalls, anti-malware, etc).
• Professional certifications in information security management such as CISSP, CISA, GIAC, GICSP, GRID or others.
• Excellent written and verbal business communication skills capable of interacting with various levels of business and technical leadership (English).
  
  Qualifications
  Bachelor degree in engineering, information security or computer science.

Primary responsible for planning, coordinating, and organizing Information Security activities.

Enforce and monitor the implementation and compliance with IT Information Security Policy.

Develop and manage the implementation of Information Security Policies and Procedures.

Ensure Risk Assessments are conducted on all information systems such as people, process, technology, and information processing facilities.

Ensure implementation of all Information Security controls, as set forth in the Risk Treatment Plan, to ensure adequate security for the respective system.

Conduct Information Security communications and outreach by leveraging the Information Security Management System (ISMS) committee.

Establish appropriate measures to assess operational capabilities and determine compliance and effectiveness levels with Information Security Policy.

Supervise other related assurance functions, as necessary.

Ensure the compliance of Information Security Policies in the organization.

Develop and ensure implementation of Information Security procedures.

Develop and ensure implementation of incident handling and reporting.

Follow-up, escalate, and report the resolution of Information Security issues identified during security assessments, penetration tests, and audits.

Develop, implement, and maintain Disaster Recovery (DR) procedures and infrastructure in relation to the Business Continuity Plan (BCP) / IT Service Contingency Plan.

Conduct and coordinate Information Security awareness and orientation programs.

Responsible for conducting Committee meetings.

Security Incident Management

Establish a formal procedure for internally reporting and tracking security incidents. Ensure incident response and escalation procedures are followed, and inform all employees, contractors, and third-party users of their responsibility to report security incidents.

Incident Handling :

Participate and / or oversee the investigation and management of information security events and policy violations and track them to conclusion.

Incident Notification and Reporting :

Follow policy for the notification and reporting of incidents immediately upon discovery.

Corrective / Preventive Actions :

Develop and document corrective action plans and implement preventive actions to mitigate recurrence.

Analyze a security incident to detect an underlying problem that exists or is likely to exist.

Categorize and prioritize the problem based on the frequency, severity, and impact of the incident.

Investigate and diagnose the root cause of the problem.

Test and apply temporary workarounds.

Document the known error record.

Create a formal process to address risk through the coordination and control of activities regarding each risk.

Conduct formal vulnerability assessments of the environment on a regular basis.

Create a formal process to mitigate vulnerabilities and more.

Qualifications

Experience

8+ years in IT work experience

5+ years in a similar role

Education

Bachelor of Engineering

Or Bachelor of IT

Or Bachelor of Computer Science

Certifications

CRISC - Certified in Risk and Information Systems Control

Or ISO / IEC 27001 Lead Implementer or Lead Auditor

Or CISSP - Certified Information Systems Security Professional

Required Skillset

Expertise in implementation of security frameworks such as NIST , ISO / IEC 27001 , and other local regulations and frameworks.

Expertise in compliance requirements like GDPR , HIPAA , PCI DSS , SOX , and other relevant laws and regulations.

Expertise in conducting risk assessments , identifying security risks, evaluating impact, and implementing mitigation strategies.

Expertise in developing policies , procedures , and processes .

Expertise in creating and managing security awareness and training programs to educate employees on cybersecurity threats and best practices.

Information Security Officer • Doha, ad-Dawhah, Qatar

Job Description: ICS Cybersecurity Technician

Role Summary

The ICS Cybersecurity Technician is responsible for supporting the security, monitoring, and protection of Industrial Control Systems (ICS) and Operational Technology (OT) environments. This hands-on role involves implementing security controls, troubleshooting issues, assisting in incident response, and ensuring compliance with cybersecurity standards in industrial facilities.

Qualifications

Education

• Bachelor's degree in Engineering, Computer Science, IT, Electrical, Instrumentation, Automation, Mechatronics, Cybersecurity, Electronics, or a related discipline.
• Diploma in the above fields may be considered with relevant experience.
  
  

• Required: Minimum 3 years' experience in ICS/OT Cybersecurity within Oil & Gas, Petrochemical, or Chemical facilities.
• Preferred: 5+ years' experience in ICS/OT Cybersecurity in heavy industrial environments.
  
  

• CCNA / Network+
• CEH / CompTIA Security+ / CySA+
• At least one recognized Cybersecurity certification is highly desirable.
  
  

• Hands-on knowledge of ICS/OT cybersecurity technologies, standards, and practices.
• Experience in configuring, testing, and troubleshooting security tools, hardware, and software.
• Strong understanding of threat intelligence, vulnerability management, and incident response.
• Ability to manage and document system configurations, upgrades, and cybersecurity procedures.
• Familiarity with cloud, virtual, and on-premises security platforms.
• Strong communication, collaboration, and problem-solving skills.
• Ability to operate in a 24/7 industrial environment with fieldwork responsibilities.
  
  

• Configure, test, and maintain cybersecurity technologies and tools across ICS/OT environments.
• Troubleshoot and resolve cybersecurity and data-related issues.
• Perform hardware and software upgrades, and document configurations and system specifications.
• Maintain accurate records and documentation of security operations, incident response, and system changes.
• Provide technical cybersecurity support to users and teams.
• Evaluate and recommend new security tools, systems, and processes.
• Monitor external threat intelligence feeds, escalate alerts, and coordinate vulnerability patching.
• Maintain and enhance security systems, processes, and monitoring tools.
• Support the implementation of security measures across on-premises, virtual, and cloud environments.
• Promote and support a cybersecurity awareness culture within the organization.
• Assist in internal and external audits to ensure compliance with cybersecurity policies and standards.
  
  

The Information Security Officer (ISO) will be responsible for developing, implementing, and overseeing the bank's information security strategy, policies, and controls. The role ensures that the bank's data, systems, applications, and infrastructure are safeguarded against internal and external threats while meeting local regulatory requirements (QCB, QFCRA, NCSA-Q) and international standards (ISO 27001, NIST, GDPR, PCI-DSS as relevant).

Governance & Compliance

• Establish, maintain, and enforce the bank's information security framework, aligned with QCB, QFCRA, and local cybersecurity regulations.
• Ensure compliance with international standards (ISO 27001, NIST CSF, COBIT, PCI-DSS) and conduct regular gap analyses.
• Prepare and present security risk assessments and reports to senior management, regulators, and the Board Risk Committee.
• Design, implement, and enforce security policies and procedures to safeguard the bank's infrastructure and data.

Security Operations

• Oversee Security Operations Center (SOC) activities, incident response, and threat intelligence monitoring.
• Develop and maintain business continuity, disaster recovery, and incident response plans.
• Implement and monitor Data Loss Prevention (DLP), intrusion detection/prevention (IDS/IPS), endpoint protection, and other security tools.
• Lead investigations of security breaches, develop strategies for handling incidents, and ensure lessons learned are integrated into policies and processes.
• Stay current with the latest security systems, standards, and products to ensure optimal protection.
• Regularly evaluate the effectiveness of security measures and update them against emerging threats and industry best practices.
• Conduct regular staff training on security awareness, best practices, and incident procedures.
• Collaborate with IT and business management to continuously improve security controls and culture.

Risk Management

• Conduct enterprise-wide risk assessments on systems, applications, vendors, and third-party service providers.
• Identify vulnerabilities and ensure timely remediation through patch management and secure configurations.
• Work with IT and business units to integrate security into new product initiatives.

Vendor & Technology Oversight

• Evaluate and approve technology vendors, outsourcing partners, and cloud solutions for compliance with security standards.
• Manage penetration tests, vulnerability assessments, and external audits.

Requirements

• Bachelor's degree in information security, Computer Science, or related field. Master's degree preferred.
• Professional certifications: CISSP or CISM required; CISA and ISO 27001 Lead Implementer preferred.
• Cloud security certifications (e.g., CCSP, AWS Security) are a plus.
• 8-12 years in information security, with at least 5 years in the financial-services sector.
• Strong background in banking systems, digital channels, payment systems, and regulatory environments.
• Proven experience engaging with regulators (QCB, QFCRA, CMA, or equivalent).
• Proven experience in implementing SEIM Solutions, managing SOC Team.
• Expertise in cybersecurity frameworks, network security, cryptography, and identity & access management.
• Strong risk management and analytical skills.
• Excellent communication and stakeholder-management skills, capable of engaging effectively with regulators, auditors, and the Board.
• Ability to influence across departments, build a culture of security, and lead change initiatives without direct authority

Role: Associate Security Consultant
Exp: 8 to 16 years
Notice period: Immediate to 30 days
Project Duration: Long term
Job Location: Doha, Qatar
Lateral Budget: 18-20 K QAR
Lateral Sub con Budget: 20-24K QAR

• Responsible for GRC (Governance, Risk & Compliance) operation management as per organization requirements.
• Focus on providing strategic alignment to IT and the organization's vision, mission & values and set up committees and monitoring frameworks to govern Security.
• Support the Security Governance Forums at KM for multiple security committees.
• Management and development of information security and coordinate the management of security through sharing ideas among key security players, monitoring threats, identifying opportunities for improvement, and ongoing monitoring of security activity to meet targets.
• Drive and manage the development of information security to ensure approaches, techniques and tools continue to meet needs.
• Ensure reporting to higher management for all existing and newly developed KPIs and ensure the team achieves the desired KPIs per defined timelines.
• Organize and manage internal and external information security audits and management reviews, and reporting to management.
• Provide project information security oversight; ensure teams become an active part of projects, take information security into account, carry out or oversee information security risk assessments and ensure results are acted upon.
• Promote information security awareness throughout the business and provide security-related information as required both internally and externally to the company.
• Maintain knowledge necessary to advise on all aspects of information risk management and information security by adding to and maintaining certifications; engage in continuous learning; stay up to date with threats and security information.
• Provide leadership attributes with Independent Contributor, Team Management & Mentoring, Client Communication, Presentation skills, Service/project Delivery and People Management.
• Oversee the performance and issues of the Consultants deployed.

• Professional experience as per the grade requirements mentioned under Article 4.1.2.
• Relevant experience in Information Security GRC Management.
• Sound written and verbal communication skills to communicate at all levels of the organization.
• Proficiency in project management and experience in people leadership.
• Demonstrated experience with Information Security Risk Management Programs, including defining an IS risk register with identified threats and risks.
• Experience in IT Audits, IT Governance Risk Compliance and IT Process.
• Good understanding of IT General controls for development and Technology Infra.

• Knowledge of Security frameworks like ISO 27001, NIST CSF, PCI DSS are desirable.
• Strong understanding and experience with business process controls.
• Must have knowledge of Qatar National Security Frameworks implementation and support requirements.
• Should have at least 7-8 years of implementation experience in ISO27001/PCI/Data Governance areas.

We are currently looking Senior Offensive Security Consultant for our Qatar operations with the following terms & conditions.

• University graduate in Computer Science subject
• Strong understanding of offensive security concepts and frameworks, including MITRE ATT&CK, vulnerability exploitation, DevSecOps and OWASP top ten projects.
• Experience managing or integrating SAST, DAST, attack simulation, and container security tools into CI / CD platforms (e.g., Jenkins, GitLab CI, Azure DevOps)
• Awareness of current breach and attack simulation platforms and AI-driven CI / CD pen testing solutions and their use cases (e.g., Cytix, SafeBreach, AttackIQ, Cymulate).
• Strong knowledge of container and kubernetes security
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Excellent verbal and written communication skills.
• Proven work experience in the UK, US, or Europe

• Security Tool Management & Integration
  • Own the deployment, configuration, and maintenance of :
  • Static Application Security Testing (SAST) tools
  • Dynamic Application Security Testing (DAST) tools
  • Breach and Attack Simulation (BAS) tools
  • Container Security Solutions (e.g., image scanning, runtime protection)
  • Integrate security tools into CI / CD pipelines to enable automated and continuous security validation.
  • Monitor tool performance, ensure scalability, and optimize configurations for accuracy and efficiency.
• Security Strategy & Enablement

• Certifications such as OSCP, CRTO, OSCE, or equivalent.
• Experience of streamlining SDLC processes and workflows using AI techniques and approaches
• Experience with cloud platforms (AWS, Azure, GCP) and their native security services.

• Group's overall strategic plan.
• Applicable policies and procedures.
• Delegated authorities as per the delegation of authority structure.
• Instructions of the Head of Cyber Risk Assessments and Group Chief Information Security Officer

Joining time frame : 2 weeks (maximum 1 month)

The Security Specialist is responsible for the administration of the organization's information and data security policies and practices. The primary goal of this role is to ensure that authorized users can access information with ease while protecting its confidentiality, integrity, and availability in accordance with security best practices. The Security Specialist will manage, monitor, and respond to security incidents, ensuring the organization's information systems remain secure. This individual will play an integral part in maintaining compliance with internal security standards and external regulatory frameworks.

• Service Management and Service Operation
• Draft and maintain security policies, standards, procedures, and documentation.
• Monitor compliance with security operations procedures and assess systems for potential or actual breaches.
• Investigate security breaches and ensure thorough investigation and remediation actions.
• Implement system changes required to maintain security.
• Ensure the accuracy and completeness of security records.
• Strategy & Architecture and Information Strategy
• Assess vulnerabilities and perform security risk assessments on business applications and computer systems.
• Provide expert advice on security strategies to mitigate identified risks.
• Investigate major security breaches and recommend appropriate control improvements.
• Contribute to the development of security standards and guidelines.
• Conduct risk assessments, business impact analysis, and accreditation for all major information systems.
• Apply appropriate forensics to investigate vulnerabilities and breaches.
• Plan, Prioritize, and Solve Problems
• Develop team/unit goals, strategies, and plans aligned with organizational objectives.
• Anticipate the impact of changes (e.g., government policy, economic conditions) and adjust strategies accordingly.
• Ensure activities align with the organization's change initiatives.
• Evaluate achievements and adapt future strategies.
• Technology
• Apply a solid understanding of relevant technology and select the best tools for assigned tasks.
• Leverage a broad range of communications technologies to deliver effective security messages.
• Ensure compliance with information and communication security policies.
• Identify opportunities to use existing technologies to achieve team outcomes.
• Support compliance with the organization's records and knowledge management requirements.
• Key Accountabilities
• Monitor security alerts using Security Information and Event Management (SIEM) tools.
• Investigate and analyze security incidents, determining root causes and impacts.
• Respond to security incidents, implementing containment, eradication, and recovery measures.
• Conduct proactive threat hunting activities to identify potential vulnerabilities.
• Maintain and configure security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions.
• Collaborate with IT teams to ensure adherence to security best practices.
• Develop, maintain, and update incident response playbooks and procedures.
• Perform regular security assessments and vulnerability scans.
• Stay updated with the latest trends and technologies in cybersecurity.
• Coordinate incident response efforts in the event of a breach, ensuring compliance with national security agencies when necessary.
• Conduct internal investigations, identify root causes of incidents, and recommend corrective actions.
• Develop custom security signatures/rules for detection and prevention systems.
• Create custom scripts for analysis and automation in security tasks.
• Develop, tune, and implement threat detection analytics and security sensors.
• Additional Responsibilities
• Participate in internal cyber drills and disaster recovery exercises.
• Conduct vulnerability assessments and penetration tests to identify and address security risks.
• Collaborate with the National Cyber Security Agency during major incidents.

Essential Qualifications :

• Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Certifications:
  • Certified SOC Analyst (CSA), Certified Ethical Hacker (CEH), Microsoft Security Operations Analyst-SE 200 professional certification is mandatory.
  • Relevant certifications (e.g., CompTIA Security+, CISSP, GIAC Security Essentials (GSEC), GCIH) are preferred.

• Experience :
• Minimum 5-6 years of experience in cybersecurity, ideally in a SOC (Security Operations Center) environment.
• Hands-on experience with SIEM tools such as Azure Sentinel is a must.
• Experience in incident response, threat hunting, and vulnerability management.
• Familiarity with Microsoft Defender, Microsoft Cloud Defender, Microsoft Purview, Microsoft Insider Risk Management, and vulnerability scanning tools (e.g., Tenable, Burp Suite).
• Experience with regulatory and compliance frameworks like GDPR, HIPAA, ISO 27001, Qatar 2022 CSF is a plus.

• Mid-Senior level

• Full-time

• Information Technology

• Outsourcing and Offshoring Consulting

• Creation of USE cases using MITRE framework, Dashboard and Reports on Splunk SIEM
• Strong technical background on Network Security, Threat hunting and Risk based analysis
• Analyzing Network traffic for IPS, WAF, Firewall, DDOS and other perimeter device.

• Continuous monitoring and review of security events, reports, alerts and CSOC dashboards to identify anomalous patterns indicative of potential security incidents
• Responsible for timely and effective response to, and management of, incidents, events, notifications, calls and other activities related to CSOC including Root Cause Analysis
• Gather relevant information and provide actionable intelligence on potential cyber security threats and incidents

• Take direction and guidance from InfoSec Management to build, support and update the CSOC playbooks / processes
• Render support for the administration and configuration of security controls such as SIEM, Anti-virus software, network security devices, PAM, DLP, Vulnerability Management, etc.
• Prepare security awareness messages, presentations and announcements for management, IT staff, and regular users
• Participate in regular cyber drills and CSOC exercises

• Adaptability / Flexibility
• Computer Skills
• Creativity / Innovation
• Decision Making / Judgment
• Dependability
• Initiative
• Integrity / Ethics
• Internet Savvy
• Managing Technology
• Personal Organization
• Planning
• Problem Solving / Analysis
• Process PRIME postings manually
• Process transaction vouchers received from various Departments (internal)
• Productivity
• Quality
• Receipt and verify the posting and payroll documents received
• Results Focus
• Self Development
• Sense of Urgency
• Strategic Thinking / Management
• Summary
• Technical Skills
• Vision and Values

• Anomaly Detection
• Authentication
• Cryptography
• Cyber Crime Trend Analysis
• Cyber Security Administration
• Cyber Security Analysis
• Cyber Security Architecture
• Cyber Security Audits
• Cyber Security Best Practices
• Cyber Security Compliance
• Cyber Security Design
• Cyber Security Governance
• Cyber Security Monitoring
• Cyber Security Planning
• Cyber Security Policy Management
• Cyber Security Regulations
• Cyber Security Risk Management
• Cyber Security Standards and Procedures
• Cyber Security Testing
• Cyber Security Threat Monitoring
• Cyber Security Tools / Products
• Cyber Threats and Attacks
• Data Analysis
• Disaster Recovery
• Encryption and Authentication
• Encryption / Decryption
• Event Monitoring / Log Analysis
• Fault Diagnosis / Isolation / Detection
• Firewall Management
• Hacking Countermeasures
• Incident Response
• Incidents Reporting
• Intrusion Detection
• Intrusion Detection Systems
• Malware Analysis
• Network Forensics
• Network Protocols
• Network Topologies
• Penetration Testing
• Threat Containment
• Vulnerability Assessments

• Bachelor's degree in Computer Science or equivalent