Lead Threat Detection & Response

Primary purpose of jobLead Threat Detection & Response responsible for early detection, and rapid response in order to mitigate the cybersecurity risks for QatarEnergy. Lead Threat Detection & Response build, train and lead the 24/7 Cybersecurity Detection and engineering team for IT and OT cybersecurity. As technical lead and incident responder for QatarEnergy Security Operations Centre’s Cybersecurity Detection he/she will be leading technical investigations for security incidents, overseeing process improvements, and driving implementation of new capabilities. He/she will act as front-line point of escalation and serves as a technical escalation resource for other security analysts and engineers and provide mentoring for skill development. He/she will partner with Information Security leads to implement and improve technology and processes to enhance Cybersecurity monitoring, detection, investigation, and response. Lead Threat Detection & Response supervises and coordinates engineers and external consultants who are responsible for the design, build and ongoing management of the QatarEnergy Detection platforms and ultimately support QatarEnergy’s IT and OT cybersecurity 24/7 mission critical operations. Experience & Skills10 years of technical experience in Information Security.Preferably experience with large ICS & ICT environments in the Energy sector. An understanding of Memory, Host, Network Forensics Analysis and Malware Analysis is required. Ability to communicate between staff at all level, as well as maintain positive working relationships across the business.Excellent written and verbal business communication skills.Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)Advanced knowledge of penetration techniques and forensic techniques.Moderate knowledge and experience with Cloud technologiesModerate protocol analysis experience (Wireshark, Netwitness, etc.)Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux, Solaris, Unix). Solid knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products. Strong understanding of security incident management, malware management and vulnerability management processes. Experience with web content filtering technology - policy engineering and troubleshooting. Good awareness of IT Support processes, such as ITIL. EducationBachelor’s degree in information security, computer science, or systems engineering. Possession of Industry Certifications such as but not limited to Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC), Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT), OSCE/ CHFI/ SANS Cyber Threat Hunting/ SANS GREM or equivalent SIEM/ security technologies technical certification (Advanced Level). Good awareness of IT Support processes, and frameworks such as ITIL, MITRE ATT&CK, OWASP10.