364 Ethical Hackers jobs in the United Arab Emirates

The Information Security Assistant Manager will be responsible for overseeing the information security and cybersecurity program, ensuring that objectives are met and reporting to top management annually.

Key responsibilities include developing and updating cybersecurity policies, rules, processes, and procedures in line with head office regulatory frameworks, as well as monitoring network activity for malicious activity and evaluating vulnerability reports and patches.

The role also involves coordinating security projects and tasks with the head office, ensuring all aspects of information security and cybersecurity are properly monitored.

• Ensure information security and cybersecurity objectives are defined and met.
• Develop and update cybersecurity policies, rules, processes, and procedures.
• Monitor network activity for malicious activity and evaluate vulnerability reports and patches.
• Coordinate security projects and tasks with the head office.

This is a critical role that demands the ability to embed security principles and patterns into all products and platforms. Our ideal candidate will have a proven track record of conducting security assessments, gap analysis, and providing remediation to relevant squads and stakeholders.

We are seeking an experienced Information Security Specialist to join our team. As a key member of our organization, you will be responsible for handling support requests from our customers.

1. You will receive requests via email or calls and handle them according to our established support workflow.

1. Effective communication with customers on tickets, health checks, projects, and technical work is crucial.

1. You may need to work as a resident engineer at customer sites based on business requirements.

1. Proper use of tools, documentation of tickets, and follow-up on escalations meeting SLA are critical tasks.

1. Continuous learning through technical training and achieving certification is essential for career development.

1. You will also work on projects, POCs, and documentation.

1. Customer satisfaction, professionalism, accuracy, and high-quality work are our primary targets.

Job Title: Cyber Security Engineer

About the Role:

We are seeking a skilled Cyber Security Engineer to join our team. As a key member of our security team, you will be responsible for managing day-to-day security operations, including web application security, network security, vulnerability management, malware protection, and data security.

You will achieve key performance indicators (KPIs) as per your role and coordinate with vendors to resolve technical issues promptly. Your duties will also include conducting technology risk assessments, fine-tuning security solutions, and providing L2/L3 support to team members for operational security solutions.

Responsibilities:

• Manage day-to-day security operations of security solutions.
• Experience in web application security, network security, vulnerability management, malware protection, and data security.
• Achieve KPIs as per the role.
• Coordinate to meet SLA requirements.
• Manage security incidents.
• Coordinate with vendors to resolve technical issues promptly.
• Conduct technology risk assessments.
• Fine-tune security solutions.
• Knowledge of operating system security (Windows and Linux).
• Conduct security awareness training.
• Provide L2/L3 support to team members for operational security solutions.
• Follow change management processes.
• Collaborate with cross-functional teams (SOC and NOC) to improve security measures.
• Analyze and respond to security threats, vulnerabilities, and attack patterns.
• Work with SOC teams to implement proactive security measures.
• Develop incident response plans and security best practices.
• Work independently and as part of a team.

Technical Skills / Competencies:

Mandatory:

• Strong understanding of the OSI model and security techniques/technologies to protect different layers (HTTPS, web security, email security, data classification).
• Excellent troubleshooting skills for operational issues.
• Experience in conducting and coordinating penetration testing and remediation.
• Experience in certificate lifecycle management.
• Excellent analytical and problem-solving skills.
• In-depth knowledge of security protocols, tools, and technologies.
• Strong verbal and written communication skills.
• Strong sense of accountability to complete tasks.
• Willingness to learn new technologies and solutions.

Hands-on experience with at least four of the following technologies:

• F5 WAF
• Cisco WSA
• Cisco ESA
• Imperva DAM
• OPSWAT
• CyberArk
• Thales Luna HSM
• DLP
• Bolden James
• ExtraHop NDR
• Seclore DRM

The successful candidate will be responsible for the administration of user and access rights on designated systems and applications, adhering to organizational policies, standards, and procedures.

• Administers user and access rights on designated systems and applications according to organizational policies, standards, and procedures.
• Performs system security administration on designated technology platforms, including operating systems, applications, and network security devices, in accordance with defined policies, standards, and industry best practices.
• Installs and configures security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Conducts threat and vulnerability assessments, followed by remedial action, to ensure systems are protected from known and potential threats and free from known vulnerabilities.
• Applies patches as necessary and removes or mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, to harden systems in accordance with security policies and standards.
• Locates and repairs security problems and failures.

Candidates must possess a minimum of (2+) years of IT or network security experience. A Bachelor's degree in information systems, or equivalent work experience, is also required.

• Minimum (2+) years of IT or network security experience.
• Bachelor's degree in information systems, or equivalent work experience.
• Certifications from required vendor certifications and independent security organizations offering certification.
• Strong analytical and problem-solving skills for effective security incident and problem resolution.
• Ability to work under stress in emergencies and handle multiple high-pressure situations simultaneously.
• Strong team-oriented interpersonal skills and written and verbal communication skills.
• Customer/client focus with ability to manage expectations appropriately and build long-term relationships.
• Experience in developing, documenting, and maintaining security procedures.

The ideal candidate will have strong knowledge of cybersecurity principles, risk assessment, and management, as well as technical proficiency with security-related systems and applications.

• Knowledge of cybersecurity principles, risk assessment, and management.
• Technical proficiency with security-related systems and applications.
• Experience in developing, documenting, and maintaining security procedures.
• Knowledge of network infrastructure, routers, switches, firewalls, and associated protocols and concepts.
• Working technical knowledge of current systems' software, protocols, and standards.
• Strong knowledge of TCP/IP and network administration/protocols.

Information Security Specialist

We are seeking a skilled Information Security Specialist to join our team. As a key member of our security team, you will be responsible for owning the end-to-end vulnerability management lifecycle across infrastructure, endpoints, and cloud. This includes coordinating remediation with IT/GRC, governing penetration testing (internal and third-party), and continuously reducing exploitable attack surface without disrupting delivery.

The successful candidate will have 5+ years of experience in Vulnerability Management and Penetration Testing across enterprise environments (on-prem + cloud). You will have admin-level hands-on experience with ManageEngine/Tenable/Qualys/SentinelOne (or similar) and familiarity with EASM tools, practical use of EPSS, CISA KEV, SBOM/CVE workflows.

You will be proficient with common PT tooling (e.g., Burp Suite, Nmap, Responder, BloodHound, Impacket, Kali) and safe exploitation techniques. Your platforms include strong Windows/Linux, AD, network fundamentals, cloud security (Azure/AWS/GCP), containers/k8s basics. In addition, you have scripting/automation skills in Python, PowerShell, or Bash for data wrangling and workflow automation.

A certification like OSCP, eCPPT, GPEN, GXPN, PNPT, eJPT is a nice-to-have but not required. We offer a full-time position as a Mid-Senior level Information Technology role in IT System Custom Software Development, Technology, Information and Media, and Computer and Network Security industries.

• An Engineering Degree, with 5+ Years experience in local / international Data Protection in BFSI.
• Hands on experience in implementing data protection regulations.
• Expertise in data protection laws and regulations (like CBUAE Consumer Data Protection, UAE Privacy Laws and applicable global data protection requirements).
• Certification related to CIPP/E, CIPM, CIPT, CDPO, etc are preferred.
• Strong knowledge of information Security, Data Protection and IT Systems.

• Assist in implementing Bank's policies and procedures in accordance with data protection laws and regulations (like CBUAE Consumer Data Protection, UAE Privacy Laws and applicable global data protection requirements) and advising the business on data protection and privacy matters.
• Leading as required and maintaining cross-functional working groups to coordinate data protection efforts, including current projects and initiatives and regulatory awareness across the Bank.
• Executing data protection and privacy monitoring and compliance testing reviews.
• Evaluate the existing data protection framework and identify areas of non or partial compliance and rectify any issues.
• Maintain an inventory of all personal data stored and data processing activities, including how and why the company collects, shares and uses personal data.
• Work with the Contracts, Vendor Management and Compliance/Business departments to ensure that third-party suppliers contracts and operating-level agreements meet privacy requirements.
• To support and promote a culture of awareness of data security / data protection throughout the bank.
• Hold training with staff members across different business units who are involved in data handling or processing.
• Work with and manage external vendors / auditors during assessments.

Position Title:
Specialist Information Security
JOB OBJECTIVE:
This role requires a technical expert with broad experience architecting and implementing information security technology solutions in a large enterprise environment. They must be able to act as a technical leader to support talent development and the building of high-performance teams. An effective collaborator, the Cybersecurity Specialist will work closely with key stakeholders including the Sr. Network Engineer, Systems Architect, and other teams to implement effective business solutions. With deep and broad background in information security and related services, the successful candidate will also be current with emerging best practices and service trends, particularly all aspects of cloud computing.

• Security systems development, testing, analysis, and implementation
• System vulnerability assessment and management
• Response to security threats, attacks, and similar events
• Development of threat prevention strategies
• Coordinate & conduct black/white box security assessments with industry standard security tools
• Regular generation of reports for executives and administrators
• Comply with Health, Safety and Environment Policies (mandatory for all)
• Risk Management (mandatory; line manager discretion)
• Work independently on technical issues and recommend design solutions.
• Demonstrate a solid understanding of infrastructure, virtualization, cybersecurity standards, and operating procedures.
• Collaborate with other members of the cybersecurity team to develop new protocols, layers of protection, and other both proactive and defensive systems that stay one step ahead of cyber criminals.
• Maintain security guidelines, procedures, standards, and controls documentation
• Maintain a working knowledge of current cybercrime tactics.
• Lead the analysis of the current technology environment to detect critical deficiencies and recommend solutions for improvement Conduct incident response analyses; develop.
• Participate in and lead design sessions with Finning personnel as well as external parties.
• Consult on application or infrastructure development projects to harmonize systems or infrastructure.
• Assist with designing the governance activities associated with ensuring compliance with Information Security Policies.
• Monitor and ensuring compliance to standards, policies, and procedures.
• Define high-level migration plans to address the gaps between the current and future state, typically in sync with the budgeting or other planning processes.

KEY ACCOUNTABILITIES:
Description

• Develop, support, and advance strategies, policies, programs, and projects designed to continually improve and enhance cyber and information security posture and resiliency
• Oversee compliance with applicable laws, rules, and regulations related to cyber and information security
• Work with the compliance team to establish policies/standards/guidelines to ensure systems record user activities and access to sensitive data in support of insider risk management
• Develop and implement software security compliance program that takes a risk-based approach to ensure appropriate compliance to policies/standards/guidelines
• Contribute to awareness and outreach efforts both internally and externally
• Attend all regular, special, and emergency meetings regarding cyber and information security
• Regularly review the operation of security controls and recommend changes designed to improve effectiveness and/or counter emerging risks
• Make appropriate recommendations for security enhancements to the line manager or any external vendor providing services including tools, technologies, services, policies, procedures, and other areas as needed
• Lead efforts to evaluate and select vendors for security assessments, penetration testing, and other similar security services
• Direct and oversee the evaluation of security tools and make acquisition recommendations to the IT Security Manager
• Manage budgets, maintain financial forecasts, develop, and present business cases
• Establish objectives and milestones and manage activities to deliver high-quality results within budget and schedule
• Other duties and obligations as assigned by the line manager
• Work with multiple stakeholders to identify areas for cyber risk reduction on the IT Infrastructure and OT systems.
• Lead the evaluation of the potential impact of implementing difference cyber risk reduction methods (i.e., cyber security controls) with in the IT infrastructure.
• Act as the primary interface with the Tabreed stakeholders to architect the defensive model and implement cyber security controls across Tabreed IT & OT systems for desired risk reduction.

Assess Current State and Areas for Risk Reduction:

• Lead the conduct of a cyber-security self-assessment initiatives based on international standard, national standards, and state of practice.
• Assess the Tabreed's defensive strategy and the implementation of the cyber security program.
• Provide an evaluation on current milestone delivery and regulatory compliance.
• Lead the development of a corrective action plan for achieving desired risk reduction and maturing program elements.

Risk Reduction Strategy Development:

• Lead the development of a risk reduction strategy for the protection of Tabreed critical systems and associated critical digital assets (CDAs).
• Lead the development of a risk management strategy to include a cyber security control implementation strategy for effective and sustainable risk reduction.
• Assist in establishing key performance indicators to monitor changes in cyber risk.
• Communicates with senior leadership on cyber security strategic issues and current risks.
• Act as a liaison with the UAE regulatory authority, to validate cyber security performance meets or exceeds regulatory expectations for protection against the design basis threat.

Leading Solutions Design:

• Leads the creation of deliverables related to design and analysis of technology solution to ensure that solution meet business and operation needs.
• Design, Build, Implement and support an Enterprise-class security systems.
• Design security architecture elements to mitigate threats as they emerge.
• Create solutions that balance business requirements with information and cybersecurity requirements

Risk Management:

• Analyse current risks and identify potential risks in responsibility
• Report the risk tailored to the relevant audience
• Build risk awareness amongst team by providing support and training

Framework:

• Follow the international framework designed to standardize the selection, planning, delivery, and maintenance of IT services within a business

Technology Research:

• Strategic planning (medium and long term) based on company objectives to keep in line with new developments in IT
• Research new technology to determine what would best support their organization in the future

JOB REQUIREMENTS:
Minimum Qualifications:

• Bachelor's degree holder in Computer Science/Engineering or equivalent Knowledge
• Broad knowledge across all areas of the Technology Architecture domain including Cloud Computing (IaaS, PaaS, AWS, Azure etc.) Data Center, Data Storage Technologies, Virtualization, server platforms (Windows and Linux), Desktop, mobility solutions, systems monitoring/management, data protection, high availability/clustering, network (WAN/LAN/WLAN etc.), Security (Firewall, IDS/IPS, VPN etc.)
• Strong proficiency in Incident Management and Response.
• Experience in security device management and SIEM.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management and threat intelligence.
• Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
• Ability to develop a comprehensive understanding of Finning's business, market and industry and relate that knowledge to identified operations and IT-related risks
• Familiar with the basic principles of organizational change management, and understanding of how to apply these principles
• Ability to understand the long-term ("big picture") and short-term perspectives of situations
• Ability to estimate the financial impact of risk mitigation alternatives
• Ability to quickly comprehend the functions and capabilities of new technologies
• Knowledge of many, if not most, aspects of information security architecture Understanding of network and enterprise architecture Certifications: CISSP or CISM , Network and security , Microsoft Azure Administrator Certification and Industrial Cybersecurity

Minimum Experience:

• Minimum 5 years' experience in Information Technology (IT) & Operational Technology (OT) Cyber security
• Hands-on experience running mission-critical cybersecurity operations
• Proven experience building a service-oriented organization and driving or promoting a service delivery model
• Exhibit excellent analytical skills and the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Project management skills: financial/budget management, scheduling, and resource management
• Experience with contract and vendor negotiations, and expertise in negotiating complex contracts and managing vendors, including design, and tracking of Service Level Agreements (SLAs)
• High level of personal integrity as well as the ability to professionally handle confidential matters and to show an appropriate level of judgment and maturity
• Self-starter, accountability, and the ability to work with little supervision
• Limited travel to project sites
• Due to nature of 24/7 operation may be required to work after hours or on weekend
• Flexibility to work in shifts as required

We seek a cybersecurity professional to support our cybersecurity initiatives in the MENAT region.