21 Vulnerability Assessment jobs in Qatar

Position
: Senior Vice President, Offensive Cyber Security

Department
: Information Security

Reports to
: Chief Information Security Officer

This role is based in Qatar and will require relocation (relocation package included).

Job Purpose

Lead and manage the Offensive Cyber Security function, ensuring IT applications and infrastructure comply with security policies, regulatory requirements, and industry best practices. Oversee vulnerability scanning, penetration testing, and Red Team operations, while managing relationships with external security vendors. Combines team leadership with advanced ethical hacking expertise.

Key Responsibilities

1. Leadership & Financial:

• Set and monitor KPIs; implement best practices for the security team.
• Promote cost-efficiency and productivity, and ensure proper delegation of authority.
• Understand financial and operational drivers affecting performance.

2. Customer (Internal & External):

• Manage in-house and outsourced penetration testing teams.
• Establish and lead a Red Team; define service strategy and delivery.
• Conduct technical risk assessments and security evaluations of systems, applications, and IT infrastructure.
• Provide subject matter expertise on emerging technology risks.
• Maintain service levels and provide accurate reporting to auditors, compliance, and risk functions.

3. Internal Processes & Compliance:

• Set high-performance targets and lead improvement initiatives.
• Assess security systems, enforce policies, and build cross-department relationships.
• Encourage innovation and continuous improvement across the team.

4. Learning & Development:

• Maintain expertise in security issues, IT systems, and regulatory requirements.
• Conduct team performance reviews, coaching, and facilitate staff development.
• Keep current with evolving security trends and emerging threats.

5. Legal, Regulatory & Risk:

• Comply with internal policies, laws, and regulatory requirements (e.g., AML, Data Protection, Fraud Control).
• Operate under the Three Lines of Defence model; support risk reporting and remediation.
• Attend mandatory training and seminars to maintain competency.

6. Other Duties:

• Maintain confidentiality of sensitive information.
• Uphold professional standards and organizational reputation.
• Perform ad hoc duties as requested by management.

Special Skills & Competencies

• Advanced knowledge of penetration testing tools, network topologies, firewalls, and operating systems (Windows, Linux, Solaris).
• Experience with zero-day exploit identification and multi-forest Active Directory domains.
• Programming skills (ASP, PHP, C#) a plus.
• Excellent communication and presentation skills in English; other languages an advantage.
• Strong analytical, planning, and decision-making skills.
• Personal integrity, results orientation, and leadership capability.

Education & Experience

• Bachelor's or Master's degree in IT, Business, Finance, Economics, or related field.
• Minimum 15 years of technical security experience, including penetration testing and Red Team exercises.
• Professional certifications mandatory:
  CISSP, CISM, CISA
  .
• Experience in banking, financial services, or Big 4 consultancy preferred.

Location & Environment

• Based in Qatar, with occasional domestic and international travel as required.

Supervisory Responsibilities

• Direct Reports
  : AVP, Senior Manager, Manager, Assistant Manager, Senior Associate, Associate – Offensive Cyber Security.
• Indirect Reports
  : N/A

Primary Purpose of the Job:

Develop and implement an operational risk management program. Focus on enhancing operational risk measurement & analysis, and operational risk reporting. Guide the process of applying internal controls (mitigation). Establish security policies, procedures and standards and ensure that reviews of operational documentation is carried out at planned intervals to meet the security operational requirements. Conduct investigations of security related incidents, occurrences or events occurring within Doha commercial buildings/ facilities. Thereby to determine the work element and root causes of an incident, and to assist in providing a solution to prevent recurrence.

Required Experience and Skills:

• At least 12 years' experience in industrial or corporate security, with at least 5 years at a supervisory level.
• Proven, in-depth understanding of security risk management processes, mitigation methods and security management system programs.
• Investigative experience in an industrial or corporate security environment.
• Demonstrated leadership, problem solving and strong interpersonal skills.
• Fluency in English.
• Proven ability to organize, motivate and supervise subordinates.

Educational Qualifications:

• A recognized University Degree with a Risk/Security focus.

We're Hiring: IT Security Analyst (IT/OT Security & Compliance Analyst)

Location: Qatar | Industry: Oil & Gas

Contract: 3 Years (Extendable)

Salary Package: QAR 20,000 / Month (Full Package)

Key Responsibilities:

• Conduct vulnerability scans, penetration tests, and document findings with mitigation strategies.
• Configure IDS/IPS, EDR, and IAM solutions.
• Support teams in applying patches, anti-malware strategies, and security safeguards.
• Implement security controls, frameworks, and compliance programs aligned with Qatar's CSF and NIA policies.
• Evaluate risks, manage incidents, vulnerability assessments, and penetration testing.
• Define and document security process responsibilities in GRC tools.

Qualifications & Experience:

• Bachelor's in IT/Computer Science or related field.
• Certifications: OSCP, OSCE, CompTIA Security+, Blue Team, ISO 27001 ISMS, ISA 62443.
• Minimum 5 years' cybersecurity experience (Oil & Gas preferred).
• Strong knowledge of IT/OT systems, networks, cloud security, auditing, compliance, and incident response.
• Excellent problem-solving, communication, and analytical skills.

Job Type: Full-time

Pay: QAR19, QAR20,000.00 per month

Application Question(s):

• Do you hold any relevant cybersecurity certifications (e.g., OSCP, OSCE, CompTIA Security+, ISO 27001 ISMS, ISA 62443)? Please specify.
• How many years of professional experience do you have in cybersecurity?
• Do you have experience in the Oil & Gas sector?
• What is your notice period/availability to join?
• What is your expected monthly salary in QAR (full package)?
• Do you have experience with IT/OT security compliance frameworks such as Qatar's CSF or NIA Policy?

**This is an onsite opening for Doha, Qatar location**

Key Responsibilities:

• Monitor and respond to security incidents using SIEM and EDR tools.
• Manage vulnerability assessments, patching, and system hardening.
• Review and secure firewalls, VPNs, and network configurations.
• Ensure compliance with ISO 27001, NIST, and IEC 62443 frameworks.
• Support OT/ICS cybersecurity and secure ITOT network segmentation.

Qualifications:

• Bachelors in Computer Science, IT, or related field (Master's preferred).
• 6–10 years of experience in IT Security (industrial or critical infrastructure preferred).
• Certifications: CompTIA Security+, CEH, SSCP (Preferred: CISSP, CISM, GICSP, IEC

Key Skills:

Security Monitoring & Incident Response | Vulnerability & Risk Management | Network & Infrastructure Security | Cybersecurity Governance & Compliance | OT/ICS Security

Location

Doha, Qatar

Experience

10

Job Type

Outsourcing

Job Description

Job Objectives

The Information Security Application Consultants develops, operates, and manages the application security frameworks to continuously monitor and improve organization's security posture to build secure applications and reduce threat footprint. The role also provides subject matter expertise and operational direction on application security governance, application security control and risk analysis, security assessment automation, secure development practices and incident response.

Description

1. Establish and manage industry-leading application security processes and practices at each phase of the software development lifecycle and implement operational roadmap for assessment, penetration testing and source code reviews.

2. Ensure acquired and developed applications are consistent with secure software development lifecycle and security architecture guidelines.

3. Conduct regular manual and automated application security testing, assessments, review results, track issues and follow up to ensure remediation in line with secure software development lifecycle.

4. Coordinate and scope Third party penetration testing and application assessments activities including configuration reviews for compliance and additional assurance of secured implementation and operation of solutions.

5. Design, develop and implement the integration and automation of threat modelling, security assessments and testing tools with DevOps, application development and QA tools to improve detection and prevention capabilities.

6. Recommend improvements to the secure reference architecture through continuous review and assessment of the application security requirements, policies, and procedures.

7. Ensure secure coding practices and Software Development Life Cycle (SDLC) are followed by providing training and awareness to the internal stakeholders.

8. Ensure Data Protection, privacy concerns and regulations are in place and addressed in Policies and procedures.

9. Help support and enhance existing cloud security model, ensuring adherence to best practice in alignment with industry standards at technology, operational, legal measures.

10. Define the high-level requirements for preserving the confidentiality, integrity, and availability of information and assets, protecting assets from threats based on an assessment of risks to the organization, and supporting the fulfillment of relevant legal, regulatory, operational, and contractual requirements.

11. Provide regular updates to management on application security and vulnerability management posture by defining operational KPIs and metrics, build dashboard and reports.

12. Manage follow up, close and report upon all department's information security regulatory requirements, audits, inconformity reports, compliance issues and observations that arise during conducted internal and external assurance engagements.

13. Conduct Risk Assessments on the required Applications to identify applicable risk scenarios and mitigating controls as per Qatargas Information security risk management practices.

14. Perform other related duties or assignments as directed.

Requirements

Minimum Qualifications:

Bachelor's degree in Computer Engineering/Science, Electronics Engineering, or any other appropriately relevant field.

Minimum Experience:

10 years of progressive experience in a directly related field.

7 years of professional experience in ICT information, application security in an enterprise level environment.

3 years in similarly relevant Application security role with around the same team capacity and complexity of assigned tasks.

Job Specific Skills:

Certifications in industry relative standards, frameworks, and schools of practice, such as CSSLP, GWAPT, OSCP, etc.

Excellent knowledge in maintaining effective working relationships with staff and clients; excellent people management skills.

Excellent written and verbal communication skills.

Strong analytical and problem-solving skills.

Proven success in working in a similarly complex ICT information security within same industry.

Professional experience in conducting manual and automated application assessments (DAST, SAST & RAST), penetration testing and configuration review.

Excellent understanding of modern development approaches and environments, secure Software Development Life Cycle (SDLC), secure coding practices and DevSecOps.

Good understanding of cryptography, web service frameworks, mobile application architectures, and service architectures (such as event-driven, service-oriented, or serverless architectures)

Good understanding of implementing enterprise information security architectures and frameworks.

Strong understanding of project management principles and requirements.

Excellent knowledge and understanding of Information Technology industry, trends, architectures, integrations, operational security, and process computing.

Excellent knowledge and understanding of leading industry standards, frameworks, methodologies, and best practices.

Excellent knowledge and understanding of information security governance, compliance, architecture components, technical solutions, and operational services.

Understanding of SAP products, Applications development concepts, change management and landscape

Propose security guidelines for new SAP systems ensuring critical design and implementation elements are captured addressed.

Excellent knowledge and understanding of SAP cloud platform Application services, types of deployments and security requirements to ensuring secure operations and data integrity.

Skills

Information Technology, Risk Assessment, Css, Verbal Communication Skill, Devops, Information Security, Verbal Communication Skills, Sdlc, Management Skill, Analytical And Problem-solving Skill, Application Security, Compliance, Aris, Change Management, Application Development, Web Service, Problem-solving Skill, Methodologies, Excel, People Management, Communication Skill, Written And Verbal Communication, Strong Understanding, Trends, Project Management, Strong Analytical, Software Development

Location

Doha, Qatar

Experience

5-15

Job Type

Recruitment

Job Description

JOB PURPOSE/ OBJECTIVE

Ensure protection of company's assets by identify, analyse and mitigate security threats and vulnerabilities. Plays a crucial role in developing and enforcing security policies and procedures to promote a culture of security. Responsible to implement the cyber security controls mandated by National Cyber Security Agency (NCSA) as part of the on-going audits. handling resources in Information security to manage the peak loads during cyber-attacks and handle incident responses and other aspects of cyber security. Manage the peak loads during cyber-attacks and handle incident responses and other aspects of cyber security. responsible for implementing the technical controls that will be provided to company in the Roadmap by NCSA.

REQUIREMENTS

• Bachelor's/Master's degree in IT/Computer Science or any related discipline.
• Experience in Petrochemicals/oil & gas is prefered.
• Good understanding of the OT Security and IS 62443
• CCNA, OSCP, CompTia Security Plus, Sans Incident Handling Certifications/ GCIH, Blue Team security trainings preferred.

KEY ACCOUNTABILITIES

Routine Duties

• Plan for disaster recovery and create contingency plans in the event of security breaches.
• Keep up to date with latest technology and research emerging cyber security threats and ways to manage them.
• Liaise with the NCSA and other stakeholders in relation to cyber security issues roadmap and provide solutions and implement and lead the initiatives.
• Lead all technical audits conducted by the internal and external auditors.

IT Operations and Technical Support

• Handle security alerts and incidents that are reported.
• Investigate and follow the Incident Response procedure for handling all types of incidents.
• Monitor for attacks, intrusions and unusual, unauthorized, or illegal activity.

Developing organization wide security protocols

• Test and evaluate security products, design new systems, and manage their upgrade, use tools to identify potential weakness and threat patterns and vulnerabilities in our systems.
• Identify security products and implement measures like security devices and controls like encryption.
• Monitor the Identity and access management, including monitoring for abuse of permissions.

Vulnerability Management

• Work with the teams to perform tests and uncover security vulnerabilities in the systems and network.
• Fix detected vulnerabilities to maintain a high security posture.
• Perform vulnerability analysis and penetration testing.

Liaise with ICS Security

• Co-ordinate with the various ICS Security teams at the plants to identify any risks related to IT/OT Convergence, participate in architecting new solutions and identifying risks for new deployments in the ICS and plant systems.
• Provide guidance by following the international standards like ISA 62443.
• Design security controls to protect the IT and OT systems and networks in scope.

Job Summary
Job Role : GRC Cosultant Location : Qatar Exp : 5+ Years Budget : 16K NP: Immediate to 30 days Note : Bilingual ( English+Arabic) And QID Transfer resources Qatar location Job Description: We are seeking a highly skilled and experienced GRC (Governance, Risk, and Compliance) Expert to join our team. The ideal candidate will be responsible for ensuring compliance with legal standards, identifying and mitigating risks, and overseeing data privacy practices. The GRC Expert will play a crucial role in developing and implementing governance frameworks, promoting ethical behavior, and monitoring regulatory changes. This role requires a deep understanding of industry best practices, including ISO 27001, SOC 2, PCI, SOX, and specific frameworks such as the Qatar Cyber Security framework and the National Information Assurance (NIA) framework. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance programs in line with industry best practices and regulatory requirements. Conduct risk assessments to evaluate the effectiveness of GRC programs and identify potential risks. Ensure compliance with the Qatar Cyber Security framework and the National Information Assurance (NIA) framework. Collaborate with process owners, auditors, and stakeholders to analyze, monitor, and address risk management and compliance issues. Administer ISO 27001 and SOC 2 compliance programs, assisting with assessments and ensuring adherence to standards. Oversee data privacy practices and ensure the protection of information assets from cyber threats. Conduct regular audits and assessments to identify gaps and enhance governance, risk management, and compliance processes. Provide legal guidance and support compliance initiatives within the organization. Promote ethical behavior and foster a culture of integrity within the organization. Monitor regulatory changes and ensure the organization remains compliant with all relevant laws and regulations. Develop and deliver training programs to enhance awareness of GRC practices and policies. Qualifications: Bachelor's degree in Information Security, Risk Management, or a related field. Professional certifications such as CISSP, CISM, CRISC, or equivalent. Extensive experience in governance, risk, and compliance roles, preferably within the information security domain. In-depth knowledge of industry standards and frameworks, including ISO 27001, SOC 2, PCI, SOX, Qatar Cyber Security framework, and NIA framework. Strong analytical and problem-solving skills with the ability to identify and mitigate risks effectively. Excellent communication and interpersonal skills, with the ability to collaborate with stakeholders at all levels. Proven track record of successfully implementing and managing GRC programs. Ability to work independently and as part of a team in a fast-paced environment

Job Purpose

• Responsible to support Information Security Governance, Risk and Control
• activities. Assist in all information security activities in order to protect the
• organization's information technology assets from cyber-attacks.
• Function Information Technology

Key Responsibilities

• Supporting and maintaining the required Information Security policies, procedures, guidelines, registers and relevant documentations for the GRC activities.
• Obtain, review, and prepare periodic review reports such as User
• Access Management reports for Audit, GRC and other government
• regulatory compliance activities.
• Coordinate, conduct and participate in all related Audits includingISMS, MPTO, Internal and External.
• Maintain overall ISMS related documentation with appropriate versioning and tracking changes
• Coordinate Information Security and Privacy Management related
• Meetings
• Train and support the internal teams and staffs on activities related to information security compliance and personal information and privacy management
• Ensure all approved policies related to Information Security are applied and maintained in an effective and efficient manner
• Coordinate with relevant Teams and external MSPs on incidence response activities
• Support staffs on minor troubleshooting activities related to information security Create / Translate relevant documentations and contents in Arabic for
• wider circulation Coordinate, communicate effectively and maintain cordial relationship with internal and external departments of Qatar Post with respect to information security activities

Knowledge / Skills Required

• University Degree related to Information Technology or similar

Qualification

• Good knowledge in Arabic both written and spoken
• Preferably certifications in Information Security such as CISA, CISM,
• MCSE
• Preferably certifications in ISO27001:2013 Lead Implementer
• 3+ years of experience in information security or information
• technology processing facilities