Security Operations Officer – Security Assessment & Assurance Specialist

Job Description

Black & Grey HR is recruiting for an established technology solutions and services provider in Doha, Qatar. Our client is seeking an experienced Security Operations Officer – Security Assessment & Assurance Specialist who will play a critical role in evaluating, strengthening, and assuring the security posture across IT, OT, and cloud environments. This role focuses on configuration assessments, vulnerability management, penetration testing, and security assurance programs—ensuring the organization maintains strong cyber resilience during both mega events and routine operations. Arabic proficiency is mandatory.

Key Responsibilities

Security Configuration Assessment (IT & OT)

• Conduct detailed configuration assessments of IT and OT systems based on CIS Benchmarks, NIST guidelines, and internal security standards.
• Review firewall rulesets to ensure least privilege, segmentation, and policy compliance.
• Assess network devices (routers, switches, load balancers, SASE / SSE gateways) for secure configurations.
• Validate OS hardening, patch compliance, and baseline configurations across servers and endpoints.
• Evaluate Network Access Control (NAC) deployments for coverage, enforcement, and effectiveness.
• Review SASE / SSE implementations to ensure secure access, data protection, and consistent policy application.
• Recommend hardening measures to reduce attack surface and enhance operational resilience.

Technical Risk Identification

Vulnerability Remediation Management

Security Assurance

Requirements

Qualifications & Experience

Education

Certifications (Preferred)

Required Skillset

Benefits

Requirements

Key Responsibilities Security Configuration Assessment (IT & OT) - Conduct detailed configuration assessments of IT and OT systems based on CIS Benchmarks, NIST guidelines, and internal security standards. - Review firewall rulesets to ensure least privilege, segmentation, and policy compliance. - Assess network devices (routers, switches, load balancers, SASE / SSE gateways) for secure configurations. - Validate OS hardening, patch compliance, and baseline configurations across servers and endpoints. - Evaluate Network Access Control (NAC) deployments for coverage, enforcement, and effectiveness. - Review SASE / SSE implementations to ensure secure access, data protection, and consistent policy application. - Recommend hardening measures to reduce attack surface and enhance operational resilience. Technical Risk Identification - Identify security risks across IT, OT, and cloud assets through technical assessments and analytics. - Conduct and coordinate penetration testing for cloud workloads, web applications, APIs, and internal systems. - Perform security assessments of Kubernetes and containerized environments (GKE, AKS). - Map findings from vulnerability scans, pen tests, and configuration reviews to operational and business impacts. - Execute red team and adversary simulation exercises to evaluate detection and response maturity. - Contribute to risk documentation, validation, and reporting for leadership visibility. Vulnerability Remediation Management - Track and manage vulnerabilities across IT, OT, and cloud environments. - Prioritize remediation based on risk severity, exploitability, and business impact. - Collaborate with infrastructure, application, and OT teams to ensure timely remediation and validation. - Maintain dashboards and executive reports showing vulnerability trends and remediation KPIs. Security Assurance - Develop, implement, and oversee security assurance programs across IT, OT, and cloud domains. - Track and report KPIs and KRIs to measure program maturity and effectiveness. - Conduct periodic control reviews and baseline validations to ensure adherence to risk mitigation strategies. - Identify gaps or deviations and drive corrective actions in coordination with relevant stakeholders.