65 Sr Security Consultant Identity Presales jobs in Doha

Urgent Requirement

A well-known IT Consultancy in Qatar is looking for suitable candidates to furnish the below position local with NOC,

JOB Title : Information Security (ISMS) Consultants

Nationality : Indian / Pakistan / Filipino

Notice Period : Immediately

Job Location : Qatar

Job Description

• Own and successfully drive projects for ISO 27001, ISO 22301
• Successfully handle GRC (Governance, Risk and Compliance) assignments totally independently.
• Establish risk management framework for the client to address the client specific requirements.
• Conducting risk based IS Audits
• Review and enhance project level ISMS documentation and get the client sign-off.
• Support and guide ISMS consultants
• Interaction with certification auditors and non-conformities closure within the stipulated time.
• Data privacy engagements
• Effective interaction with key stakeholders in relation to ongoing security improvements
• Keep up to date with the latest news and threats in the security industry.

Requirements

Required Qualification, Skills & Experience :

Benefits

Gross Salary : 10K – 15K (QAR)

• Perform web application, API, and mobile application penetration testing using industry-leading methodologies (OWASP, PTES, etc.).




• Conduct network penetration testing and infrastructure security assessments.




• Execute Vulnerability Assessment and Penetration Testing (VAPT) engagements, document findings, and recommend remediations.




• Integrate security into the Software Development Lifecycle (SDLC) and advise development teams on secure coding practices.




• Develop, enhance, and maintain security testing frameworks and tools .




• Review and validate security patches, mitigations, and fixes.




• Stay updated on the latest attack techniques, exploits, and threat landscapes to enhance testing methodologies.




• Collaborate with cross-functional teams to support security awareness and risk reduction efforts.

• 46 years of experience in Information Security, with a focus on application and network penetration testing .




• Hands-on experience with tools like Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, and other manual testing tools .




• Deep understanding of OWASP Top 10 , SANS Top 25 , and common exploitation techniques.




• Experience in secure SDLC practices and working with development teams to resolve findings.




• Strong knowledge of mobile application security (iOS and Android) and API testing methodologies .




• Excellent report writing and communication skills for both technical and non-technical stakeholders.

• OSCP (Offensive Security Certified Professional)




• OSWE (Offensive Security Web Expert)




• eWPT / eWPTX (eLearnSecurity Web Application Penetration Tester)




• PNPT (Practical Network Penetration Tester)




• HTB CPTS (Certified Penetration Testing Specialist)

Role Purpose

The Information Security Officer (ISO) will be responsible for developing, implementing, and overseeing the bank’s information security strategy, policies, and controls. The role ensures that the bank’s data, systems, applications, and infrastructure are safeguarded against internal and external threats while meeting local regulatory requirements (QCB, QFCRA, NCSA-Q) and international standards (ISO 27001, NIST, GDPR, PCI-DSS as relevant).

Governance & Compliance

• Establish, maintain, and enforce the bank’s information security framework, aligned with QCB, QFCRA, and local cybersecurity regulations.
• Ensure compliance with international standards (ISO 27001, NIST CSF, COBIT, PCI-DSS) and conduct regular gap analyses.
• Prepare and present security risk assessments and reports to senior management, regulators, and the Board Risk Committee.
• Design, implement, and enforce security policies and procedures to safeguard the bank’s infrastructure and data.

Security Operations

• Oversee Security Operations Center (SOC) activities, incident response, and threat intelligence monitoring.
• Develop and maintain business continuity, disaster recovery, and incident response plans.
• Implement and monitor Data Loss Prevention (DLP), intrusion detection/prevention (IDS/IPS), endpoint protection, and other security tools.
• Lead investigations of security breaches, develop strategies for handling incidents, and ensure lessons learned are integrated into policies and processes.
• Stay current with the latest security systems, standards, and products to ensure optimal protection.
• Regularly evaluate the effectiveness of security measures and update them against emerging threats and industry best practices.
• Conduct regular staff training on security awareness, best practices, and incident procedures.
• Collaborate with IT and business management to continuously improve security controls and culture.

Risk Management

• Conduct enterprise-wide risk assessments on systems, applications, vendors, and third-party service providers.
• Identify vulnerabilities and ensure timely remediation through patch management and secure configurations.
• Work with IT and business units to integrate security into new product initiatives.

Vendor & Technology Oversight

• Evaluate and approve technology vendors, outsourcing partners, and cloud solutions for compliance with security standards.
• Manage penetration tests, vulnerability assessments, and external audits.

Requirements

• Bachelor’s degree in information security, Computer Science, or related field. Master’s degree preferred.
• Professional certifications: CISSP or CISM required; CISA and ISO 27001 Lead Implementer preferred.
• Cloud security certifications (e.g., CCSP, AWS Security) are a plus.
• 8–12 years in information security, with at least 5 years in the financial-services sector.
• Strong background in banking systems, digital channels, payment systems, and regulatory environments.
• Proven experience engaging with regulators (QCB, QFCRA, CMA, or equivalent).
• Proven experience in implementing SEIM Solutions, managing SOC Team.
• Expertise in cybersecurity frameworks, network security, cryptography, and identity & access management.
• Strong risk management and analytical skills.
• Excellent communication and stakeholder-management skills, capable of engaging effectively with regulators, auditors, and the Board.
• Ability to influence across departments, build a culture of security, and lead change initiatives without direct authority

Service Design Architect – Information Security

• Design and develop complex service design security solutions, ensuring they align with client requirements, business objectives, and industry best practices.
• Collaborate with cross-functional teams to define and implement service design methodologies, frameworks, and standards.
• Conduct in-depth analysis of client needs, business processes, and technical requirements to design innovative and efficient service solutions.
• Conduct user research, interviews, surveys, and analyze data to identify opportunities that can improve the services provided.
• Contribute to maintaining quality standards for the services provided by MEEZA by following metrics and KPIs for measuring service performance, participating in audits and reviews, and implementing corrective actions to improve service quality.
• Provide technical expertise and guidance to service design teams, ensuring the successful execution and delivery of service design projects.
• Stay abreast of emerging technologies and industry trends, incorporating them into service design strategies to drive innovation and enhance service offerings.
• Support the implementation of tools that allow for effective monitoring and trending of IT infrastructure, software and IT components performance and resource utilization.
• Establish and maintain comprehensive capacity management planning processes at the enterprise, system, and IT component level.
• Collaborate closely with Security Operations and Compliance to ensure that security reviews regarding information security technologies provide feasible requirements and are consistent with contracts and regulations.

Academic & Professional Qualifications:

• Bachelor’s degree in computer science, Information Systems, Engineering, or Equivalent.

Experience:

• 5-6 years of experience in technology services or a similar field.

Skills and Requirements:

• Expertise in service design principles, methodologies, and tools to lead the design and development of complex information security solutions.
• Familiar with technologies like DLP, PAM, IAM, MDM, DNS security, FIM, deception solutions, NGFW, XDR, SIEM tools, SOAR tools, Email security, proxy, and WAF technologies.
• Strong leadership and collaboration skills to effectively work with cross-functional teams, stakeholders, and clients, ensuring the successful execution of service design projects.
• Proficient in conducting thorough analysis, translating client requirements into innovative and efficient service design architectures that align with business objectives and deliver exceptional user experiences.
• Understanding of enterprise technologies including data centers (Tier-III), WAN/MAN/LAN networks, enterprise storage, server technologies, enterprise applications (e.g., ERP, BI, CRM, CMS etc.), security and enterprise management systems.
• Understanding and application of Architecture Framework for service design, definitions, and documentation.
• Strong knowledge of systems coding, security analysis, data modeling and database management.
• Strong experience with designing modern information security solutions and services; preferably in MSSP and cloud environments.

• Seniority level : Associate
• Employment type : Full-time
• Job function : Information Technology
• Industries : IT Services and IT Consulting and IT System Data Services