Security Tech Lead

Responsibilities:

Design, implement, and manage security controls, policies, and procedures for the cloud environment to safeguard against unauthorized access, data breaches, and other security risks.
Conduct regular security assessments and audits of the security environment infrastructure, identifying vulnerabilities and areas for improvement, and recommending solutions to mitigate risks.
Develop and enforce cloud security best practices and policies across the organization.
Collaborate with development and operations teams to ensure secure deployment and operation of cloud applications.
Implement native cloud security controls, such as IAM, VM, EDR, cloud security posture management to ensure appropriate access to cloud resources.
Stay current with emerging cloud security threats, technologies, and best practices.
Provide security training and guidance to team members and stakeholders on cloud security measures.
Work with regulatory bodies to ensure compliance with industry standards and Middle East regulations related to cloud security.
Manage and configure security tools and software, such as firewalls, intrusion detection systems, and encryption technologies, within cloud environments.

Connect to your skills and professional experience

In order to succeed in this role, you will need to match the following criteria:
Bachelor’s degree in computer science, Information Security, or a related field.
Minimum of Seven years of related experience.

Preferred Certifications:
Cloud Certifications by AWS/GCP/OCI/Azure.
Kubernetes Certifications
Relevant certifications such as CISSP, CCSP, AWS Certified Security – Specialty, or equivalent are highly desirable.

Strong hands-on experience on three of the below five domains:

Cloud and Container Security:

Experience with AWS, Azure, GCP or OCI and demonstrable affinity with Cloud technology.
Experience with containerization: Kubernetes, Docker. Practical experience with serverless and secure development environments, infrastructure-as-code is a plus.
Knowledge of information security principles and guidelines (including CIS, MITRE ATT&CK frameworks) is an advantage.
Governance and Risk Assessment:

Experience with security frameworks such as ISO, CSA and PCI.
Experience with the implementation of cloud risk frameworks and optimization of controls (in CI/CD pipelines).
Architecture and Design:

Experience with Secure Cloud Architecture Design and Implementation; Design solutions for improving Cloud Security by enforcement of cloud security guardrails and standards.
Experience with architecture and security reviews, threat modelling applications, and identifying areas of risk.
Experience with encryption in-flight and at-rest practices, as well as certificate and secrets
Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS).
Experience with security solutions such as WAF, IPS, and anti-DDOS systems.
Experience with network / perimeter security platforms and routing protocols, OSI layers etc.
Experience implementing strategies to support secure and compliant architectures.
DevOps & Engineering:

Good knowledge of application architecture (Microservices, API gateway, service mesh, message queues etc.) and technical expertise in designing controls to secure each layer within the application architecture (web layer, integration layer, backend).
Strong understanding of authentication and authorization patterns and their applicability within the development context (knowledge of Authentication / Authorization protocols and patterns, Authentication and Authorization within microservices).
Experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting/dashboarding, and continuous delivery technologies.
Application Security & DevSecOps:

Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications. Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
Experience with continuous security practices, including threat modelling, threat and vulnerability management, secure coding practices, and automated penetration testing.
Understanding of the OWASP Top 10 application security risks and how to address them.
Working knowledge of the Security Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
Understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA.
Understanding of service-oriented architecture, building internet-scale, distributed, and critical services.
Experience on integration & automation of various security technologies.

The following attributes are essential:

A willingness to work as part of a diverse team.
A commitment to continuous improvement and lifelong learning.
A passion for technology and a drive to deliver secure, high-quality solutions.
An ability to remain calm under pressure whilst continuing to pay attention to detail.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal abilities.
Ability to work effectively in a fast-paced and dynamic environment.
Proactive and self-motivated with a keen attention to detail.