Role Purpose
The Cyber Security Specialist is a highly technical individual contributor responsible for protecting OSN's digital assets, content delivery infrastructure, cloud platforms, and enterprise systems against cyber threats. Operating across AWS, Microsoft Azure, Microsoft 365, and on-premises environments, the role combines proactive security engineering with real-time threat detection, incident response, cloud security, vulnerability management, and DevSecOps to ensure resilient and secure operations across all business units.
This role is intended for an experienced cybersecurity professional who can independently investigate complex security incidents, engineer security controls, secure cloud environments, and solve advanced technical security challenges with minimal supervision while partnering closely with infrastructure, cloud, engineering, and business teams.
Key Responsibilities
- Security Operations & Incident Response
Lead end-to-end security incident management, including detection, triage, containment, eradication, recovery, and post-incident reviews.
Act as the primary escalation point within the SOC for Tier 2/3 security incidents and complex investigations.
Develop and maintain incident response playbooks, runbooks, and communication frameworks aligned with NIST CSF and ISO 27035.
Conduct forensic investigations across endpoints, servers, cloud workloads, and network infrastructure, producing technical and executive incident reports.
Coordinate with external MSSPs, threat intelligence providers, and UAE regulatory bodies during significant security incidents.
- Threat Detection, Hunting & Analytics
Design, implement, and continuously improve SIEM detection rules, correlation logic, dashboards, and automation.
Conduct proactive threat hunting using MITRE ATT&CK and threat intelligence to identify hidden adversary activity.
Analyse threat intelligence feeds and translate findings into actionable detection use cases and security improvements.
Monitor OSN's attack surface and investigate Indicators of Compromise (IoCs) and Indicators of Attack (IoAs).
Produce regular threat intelligence and threat landscape reports for security leadership.
- Security Technology Administration
Administer, tune, and optimise enterprise security technologies including: Microsoft Sentinel / Splunk
Microsoft Defender XDR
DLP, PAM, WAF, Vulnerability Management platforms
Develop detection content, dashboards, and automation to improve operational efficiency.
Ensure security technologies remain aligned with evolving threat landscapes and business requirements.
- Cloud & Infrastructure Security
Define and enforce security baselines across AWS, Microsoft Azure, and Microsoft 365.
Lead Cloud Security Posture Management (CSPM) initiatives across IaaS, PaaS, and SaaS environments.
Implement Zero Trust security controls and identity-centric security architectures.
Review Infrastructure as Code (Terraform, ARM) for security compliance before deployment.
Partner with DevOps teams to embed security controls into CI/CD pipelines.
- Vulnerability Management & Penetration Testing
Own the end-to-end vulnerability management lifecycle including discovery, prioritisation, remediation tracking, and reporting.
Perform internal penetration testing and security assessments across infrastructure, cloud environments, web applications, APIs, and internal networks.
Coordinate external penetration testing engagements and validate remediation activities.
Maintain the enterprise cyber risk register for identified vulnerabilities.
- Application & API Security
Promote secure development practices aligned with OWASP Top 10, SANS CWE Top 25, and Secure SDLC principles.
Perform SAST, DAST, and manual application security assessments.
Define API security standards and monitor for API abuse and authentication weaknesses.
Provide secure coding guidance and security training to development teams.
- OTT, Broadcast & Content Security
Protect OTT platforms, streaming services, and CDNs against piracy, credential stuffing, account takeover, and content leakage.
Administer DRM technologies including Widevine, PlayReady, and FairPlay.
Manage anti-piracy monitoring and collaborate with content owners on takedown activities.
Assess cyber risks across broadcast infrastructure, contribution networks, and satellite environments.
Monitor emerging threats targeting the media and entertainment sector.
- Compliance, Risk & Governance
Ensure compliance with UAE PDPL, NESA, ISO 27001, SOC 2, and other applicable security frameworks.
Conduct internal security audits, risk assessments, and control reviews.
Maintain and update cybersecurity policies, standards, and procedures.
Support external audits and regulatory assessments.
Contribute to the enterprise cyber risk register and report material risks to the Head of Cyber Security.
Technical Skills & Competencies
Security Operations & Tooling
- Advanced expertise with Microsoft Sentinel (preferred) and/or Splunk, including KQL/SPL query development, detection engineering, dashboards, and automation.
- Hands-on experience with Microsoft Defender XDR, CrowdStrike, SentinelOne, or equivalent EDR/XDR platforms.
- Experience administering DLP, PAM (CyberArk, BeyondTrust), WAF (AWS WAF, Azure Front Door, Cloudflare, F5), email security gateways, and enterprise security technologies.
- Strong experience with vulnerability management platforms including Tenable, Qualys, or Rapid7.
Cloud & Infrastructure
- Strong hands-on experience securing both AWS and Microsoft Azure cloud environments is mandatory.
- Deep understanding of AWS security services including IAM, GuardDuty, Security Hub, CloudTrail, Config, Inspector, KMS, AWS WAF, VPC security, and logging.
- Strong expertise with Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Entra ID, Azure Firewall, Key Vault, and Azure networking.
- Experience implementing Zero Trust architectures, identity security, CSPM, workload protection, and cloud governance.
- Experience securing Infrastructure as Code, CI/CD pipelines, Docker, Kubernetes, and serverless workloads.
- Strong networking knowledge including TCP/IP, DNS, HTTP/S, TLS, VPNs, BGP, firewalls, IDS/IPS, and load balancing.
Application Security & DevSecOps
- Strong understanding of OWASP Top 10, OWASP ASVS, Secure SDLC, API security, and common web application vulnerabilities.
- Experience with SAST, DAST, and software composition analysis tools such as Checkmarx, Veracode, Burp Suite Pro, or equivalent.
- Proficiency in Python, PowerShell, or Bash for automation, scripting, and security integrations.
Security Frameworks
- Strong working knowledge of MITRE ATT&CK, NIST CSF, ISO 27001/27002, CIS Controls v8, and Zero Trust principles.
- Familiarity with UAE PDPL, NESA, SOC 2, GDPR, and other relevant regulatory frameworks.
Experience
5–8 years of dedicated hands-on cybersecurity experience in security operations, security engineering, incident response, or offensive security.
Proven experience operating as an independent
Individual Contributor (IC) capable of solving complex technical cybersecurity challenges with minimal supervision.
Demonstrated expertise administering and tuning enterprise SIEM platforms within medium-to-large enterprise environments (500+ employees or equivalent).
Proven experience leading security incidents from detection through recovery, including root cause analysis and post-incident reporting.
Strong hands-on experience securing both
AWS and Microsoft Azure cloud environments is required. Candidates with experience in only one cloud platform will not be considered.
Experience implementing cloud security controls, CSPM, IAM, threat detection, and monitoring across hybrid cloud environments.
Practical experience conducting penetration testing, vulnerability assessments, threat hunting, or red team activities.
Experience working within regulated environments governed by frameworks such as ISO 27001, SOC 2, UAE PDPL, NESA, GDPR, or equivalent.
Qualifications
- Bachelor's degree in Computer Science, Cyber Security, Information Security, Electrical Engineering, or a related technical discipline.
- Equivalent combinations of education, industry certifications, and relevant professional experience will be considered.
Professional Certifications
Required (Minimum One)
CISSP – Certified Information Systems Security Professional
CISM – Certified Information Security Manager
CISA – Certified Information Systems Auditor
GCIH – GIAC Certified Incident Handler
Preferred
Microsoft Certified: Security Operations Analyst Associate (SC-200)
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
AWS Certified Security – Specialty
OSCP – Offensive Security Certified Professional
CEH – Certified Ethical Hacker
GCFA / GCFE – GIAC Certified Forensic Analyst / Examiner
CompTIA CySA+, Security+, or Cloud+