Job Title : LEAD, THREAT DETECTION & RESPONSE (SOC Manager)

Reference Code : OG-7004329

Company

QatarEnergy is a state-owned public corporation established byEmiri Decree No. 10 in 1974. It is responsible for all phases of the oiland gas industry in the State of Qatar.The principal activities of QatarEnergy, its subsidiaries and jointventures are the exploration, production, local and international saleof crude oil,natural gas and gas liquids, refined products, syntheticfuels,petrochemicals, fuel additives, fertilizers, liquefied natural gas(LNG), steel and aluminium.Qatar Energy's strategy of conducting hydrocarbon exploration anddevelopment is through Exploration and Production Sharing Agreements(EPSA) and Development and Production Sharing Agreements (DPSA)concluded with major international oil and gas companies.The operations and activities of QatarEnergy and its affiliates areconducted atvarious onshore locations, including Doha, Dukhan and the Mesaieed andRas Laffan Industrial Cities, as well as offshore areas, including HalulIsland, offshore production stations, drilling platforms and the NorthField.Thriving on a spirit of enterprise, each of our joint ventures isunderpinned by transparency, innovation and high standards of qualityand service. At QatarEnergy, we are committed to one thing aboveall: Excellence.

Department

CYBERSECURITY

Primary Purpose Of Job

Lead Threat Detection & Response responsible for early detection, and rapid response in order to mitigate the cybersecurity risks for QatarEnergy. Lead Threat Detection & Response build, train and lead the 24/7 Cybersecurity Detection and engineering team for IT and OT cybersecurity. As technical lead and incident responder for QatarEnergy Security Operations Centre’s Cybersecurity Detection he/she will be leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. He/she will act as front-line point of escalation and serves as a technical escalation resource for other security analysts and engineers and provide mentoring for skill development. He/she will partner with Information Security leads to implement and improve technology and processes to enhance Cybersecurity monitoring, detection, investigation, and response. Lead Threat Detection & Response supervises and coordinates engineers and external consultants who are responsible for the design, build and ongoing management of the QatarEnergy Detection platforms and ultimately support QatarEnergy’s IT and OT cybersecurity 24/7 mission critical operations.

Experience & Skills

• 10 years of technical experience in Information Security.
• Preferably experience with large ICS & ICT environments in the Energy sector.
• An understanding of Memory, Host, Network Forensics Analysis and Malware Analysis is required.
• Ability to communicate between staff at all level, as well as maintain positive working relationships across the business.
• Excellent written and verbal business communication skills.
• Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
• Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
• Advanced knowledge of penetration techniques and forensic techniques.
• Moderate knowledge and experience with Cloud technologies
• Moderate protocol analysis experience (Wireshark, Netwitness, etc.)
• Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux, Solaris, Unix).
• Solid knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.
• Strong understanding of security incident management, malware management and vulnerability management processes.
• Experience with web content filtering technology - policy engineering and troubleshooting.
• Good awareness of IT Support processes, such as ITIL.
  
  
  

Education

• Bachelor’s degree in information security, computer science, or systems engineering.
• Possession of Industry Certifications such as but not limited to Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT), OSCE/ CHFI/ SANS Cyber Threat Hunting/ SANS GREM or equivalent SIEM/ security technologies technical certification (Advanced Level).
• Good awareness of IT Support processes, and frameworks such as ITIL, MITRE ATT&CK, OWASP10