Senior Cyber Security Analyst (Tools & Platforms) - Qatar Airways

lxbfYeaa - Qatar - Qatar
Employment: Full Time
About The Role

Qatar Airways is looking for Senior Cyber Security analyst with in-depth technical experience and expertise on Network and Endpoint security technologies and digital certificate life cycle management. You will be responsible for ensuring the protection and integrity of our systems, networks, and data by leveraging your expertise in security products and solutions, especially those in network DDOS protection; Intrusion Prevention Systems, Web Application Firewalls, Internet security & proxy servers, Email security appliances, Network and endpoint DLP, Application whitelisting technologies, Antivirus / Antimalware / EDR technologies, digital certificates, encryption keys, and cryptographic operations. You will play a crucial role in implementing, and maintaining robust security products and solutions, analyzing potential threats and implementing solutions accordingly.

Responsibilities

  • Implement, maintain and update cyber security systems at the network or endpoint to defend against cyber threats.
  • Manage all aspects of X.509 certificate lifecycle including creation, issuance, installation and revocation
  • Maintain inventory of certificates, usage within applications with the relevant formats such as PEM, PKCS12, PKCS8
  • Manage external public certificate authority issuance processes including CAB forum prerequisites for DV, OV and EV processes
  • Maintaining & implementation of the standard operating procedures in compliance with ISO27001:2022, PCI-DSS ver4.0, SOCII Type2, NIST requirements, for Network security and endpoint security.
  • Support the SOC team with in-depth L3 technical expertise on Network and Endpoint security products.
  • Maintain certificate chain mapping for externally trusted certificates and co-ordinate deployment of relevant intermediate and root certificates to enterprise stores.
  • Propose and direct the implementation of certificate usage best practices within enterprise systems such as Active Directory, Application Middleware(IIS, JBOSS, Tomcat, Kubernetes, OpenShift), Network Systems (Cisco ASA, F5 LTM, Citrix), CI/CD pipelines and Cloud environments(Azure, Google)
  • Manage the Microsoft ADCS-based Enterprise PKI infrastructure including certificate issuance processes, key recovery processes, associated templates, application integrations using DCOM and other components such as AIA, CDP, CRLs, OCSP, CTL
  • Ensure PKI environment's availability, security and reliability for enterprise applications
  • Implement best practices related to management of smartcards, HSMs and other certificate management hardware components
  • Collaborate with cross-functional IT teams, to integrate security controls and ensure a secure infrastructure.
  • Stay up to date with the latest cyber security trends, emerging threats, and industry best practices.
  • Stay up-to-date with emerging cyber threats and security best practices in the field of PKI CLM, and HSM.
  • Provide guidance and training to internal teams on Network Security, Endpoint security, PKI and HSM usage and best practices.

Be part of an extraordinary story

Your skills. Your imagination. Your ambition. Here, there are no boundaries to your potential and the impact you can make. You’ll find infinite opportunities to grow and work on the biggest, most rewarding challenges that will build your skills and experience. You have the chance to be a part of our future, and build the life you want while being part of an international community.

Our best is here and still to come. To us, impossible is only a challenge. Join us as we dare to achieve what’s never been done before. Together, everything is possible.

Qualifications

 Requirements

  • Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CISM, CEH) are highly desirable.
  • Minimum of 4 years of experience in cyber security tools and products including managing digital certificates.
  • Extensive technical knowledge of security solutions (antivirus, firewalls, WAF/ IPS / DLP/ Application Whitelisting) and any other security networking hardware or software tools.
  • Knowledge of Cisco ASA Firewall and strong routing & switching experience is an added advantage.
  • Excellent hands-on experience and knowledge implementing, configuring, integrating and supporting the network security with Checkpoint, F5 ASM, BigIP LTM, GTM, Tipping Point IPS, Arbors DDOS appliances, Cisco ISE, Palo Alto, Juniper, BlueCoat security solutions, Fortinet, Forcepoint DLP, Carbon Black Appcontrol, Crowdstrike EDR, Cisco Email Security (Not all are needed but the more you have, the more advantages)
  • Knowledge of networking concepts such as WAN connectivity, transport types and protocols, and experience with wireless technology and Wireless deployment for a user base over 500 users per site.
  • Previous experience working with Digicert, Sectigo or Entrust certificate management portals for various types of certificates including TLS(single domain/multidomain/wildcard), Code Signing, Document Signing, Client Signing, S/MIME, Verified Mark Certificates (VMC).
  • Previous experience with certificate related security features - CAA, HSTS, CT, Certificate Pinning.
  • Previous experience with certificate provisioning and deployment protocols - ACME, EST, SCEP, NDES
  • Knowledge of Certificate Lifecycle Management(CLM) systems and methods of integration with applications and network devices
  • Previous experience managing Hardware Security Modules (HSM) for keys protection incorporating standards such as FIPS 140-2 Level 3
  • Familiarity with aspects such as KMIP, JCE, CNG, PKCS#11, Remote Key Attestation, TPM
  • Familiarity and knowledge of PKI systems such as Keyfactor/EJBCA, Digicert ManagedPKI, Entrust ManagedPKI is a plus
  • Knowledge of PKI Assurance Levels and ability to map certificate requirements to assurance levels
  • Support enterprise wide security posture enhancements such as 802.1X deployment using EAP-TLS, TLS1.3 deployment, SSL Offloading and inspection within security equipment
  • Strong knowledge of cryptographic constructs such as Asymmetric/Symmetric Crypto(RSA/ECC/AES), hashing, keys(KEK,BYOK), certificates, ciphers, protocols(TLS/HTTPS), timestamping, encryption and data security(TDE, Bitlocker,PGP)
  • Experience working with stakeholders at an Operational Level
  • Good team player, Self-confident, motivated, and independent
  • Excellent communication skills
  • Ability to remain calm while multi-tasking and working under pressure in a fast-paced environment
  • Attention to details and good problem-solving skills.

About Qatar Airways Group

Our story started with four aircraft. Today, we deliver excellence across 12 different businesses coming together as one. We’ve grown fast, broken records and set trends that others follow. We don’t slow down by the fear of failure. Instead, we dare to achieve what’s never been done before.

So whether you’re creating a unique experience for our customers or innovating behind the scenes, every person contributes to our proud story. A story of spectacular growth and determination. Now is the time to bring your best ideas and passion to a place where your ambition will know no boundaries, and be part of a truly global community.

How To Apply

If you’re ready to join a progressive team and have a challenging and rewarding career, then apply now by uploading your CV and completing our quick application form
Apply on the Job Website
Post date: Today
Publisher: LinkedIn
Post date: Today
Publisher: LinkedIn