Security Operations Senior Specialist JOB

Job Title: Security Operations Senior Specialist

Sector: Support Services

Department: Technology

Section: Technology Infrastructure

Unit: Infrastructure & Network

Direct Manager: Infrastructure & Network Unit Head

Role purpose:

Contribute to the development of an information and corporate security strategy aligned with DCT's business priorities to achieve objectives and Evaluate and develop secure solutions based on approved security architectures, analyzing business impact and exposure to emerging security threats, vulnerabilities, and risks in line with DCT strategic objectives.

Key responsibilities:

Security Operations

• Plan and implement security assessments of internal systems, applications, and IT infrastructure, collaborating with relevant stakeholders to address identified issues.


• Audit security data in liaison with internal sections and external parties, ensuring compliance with relevant standards.


• Provide expertise and recommendations in application development, database design, network, and platform efforts to ensure compliance with enterprise security policies, regulations, and best practices.


• Research, design, and advocate for new technologies and security products supporting DCT's security requirements.


• Prepare system security reports by collecting, analyzing, and summarizing data and trends.


• Develop, implement, and monitor a comprehensive information security program to safeguard DCT's information assets.


• Lead the implementation of computer system security plans in alignment with DCT's objectives.


• Conduct incident response exercises and forensic analysis of security-related incidents, incorporating lessons learned into security practices.


• Liaise with business continuity management to validate security practices for disaster recovery and business continuity operations.


• Integrate security into the software development life cycle (SDLC) by collaborating with development and operations teams to implement security controls and best practices.


• Develop and maintain automated security testing and monitoring tools to identify vulnerabilities and security flaws in code repositories, build pipelines, and production environments.


• Implement security-as-code practices to automate security configurations, policy enforcement, and compliance checks across infrastructure and application stacks.


• Conduct security reviews and threat modeling sessions for new and existing applications, providing recommendations to improve security posture and resilience against cyber threats.


• Collaborate with development teams to prioritize and remediate security findings identified through static code analysis, dynamic application security testing (DAST), and penetration testing.

Shared Activity  

• Ensure effective cascading of the functional strategy into business plans to ensure vertical alignment and horizontal integration with other interfacing sectional strategies.


• Lead the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction.


• Carry out any other duties and responsibilities related to the role at the request of the direct manager.


• Manage and ensure effective implementation of functional policies, procedures and controls covering all areas of assigned section activity so that all relevant procedural/legislative requirements are fulfilled while delivering a quality, cost-effective service.


• Follow all relevant departmental policies, processes, standard operating procedures, and instructions so that work is carried out in a controlled and consistent manner.


• Demonstrate compliance to organization’s values and ethics at all times to support the establishment of a value drive culture within the organization


• Contribute to the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction.

Communication and Business Relationships

Internal

• Technology Internal Sections


• DCT Relevant Sectors / Departments

External

• Key vendors & supplies


• Government entities


• Service Provider & Consulting firms

Qualifications and experience

• Bachelor’s Degree (Master Degree Preferred)  in Computer Science, Information Security or equivalent.


• Certifications in IT CISSP, CISM or others is highly preferred


• Proven 4-7 years of experience with:
  
  
  
  • Various security solutions such as firewalls, proxies, WAFs, DLP, and malware detection/EDR.
  
  
  • Extensive experience with security logging, event correlation, and SIEM technologies.
  
  
  • configuring and managing virtual and cloud-based environments.
  
  
  • In perimeter security, API security, penetration testing, threat modeling, security testing, and auditing.
  
  
  • Optimization of security controls for cloud-based applications and infrastructure.
  
  
  • Security Information and Event Management (SIEM) for threat detection and response.
  
  
  • Handling SAST and DAST tools for vulnerability assessment and secure software development life cycle solutions
  
  
  
  


• Knowledge of OS baselining for vulnerability assessment and patching using industry best practices and tools.

Skills

• Language: full professional English and Arabic proficiency both in speaking and writing


• Skilled in MS Office (PowerPoint, Word and Excel)


• Proficient in setting up and deploying WAFs and Network Firewalls within network infrastructure, understanding their roles in protecting web applications and securing the network perimeter


• Proficient in security policy management and rule configurations


•  Familiarity with OWASP Testing Guide and TOP 10, securing APIs, web and mobile applications, microservices, and common vulnerabilities


• Familiarity with Jira, Confluence, or similar tools


• Understanding of NIST, CIS frameworks, and UAE Cybersecurity controls


• Self-motivated with a proven ability to complete work in a timely manner


• Excellent written and verbal communication skill - including appropriate stakeholder alignment


• Ability to multi-task and to prioritize work effectively


• Ability to work under own direction and high degree of initiative