282 Vulnerability Assessment jobs in the United Arab Emirates

Position Title:
Specialist Information Security
JOB OBJECTIVE:
This role requires a technical expert with broad experience architecting and implementing information security technology solutions in a large enterprise environment. They must be able to act as a technical leader to support talent development and the building of high-performance teams. An effective collaborator, the Cybersecurity Specialist will work closely with key stakeholders including the Sr. Network Engineer, Systems Architect, and other teams to implement effective business solutions. With deep and broad background in information security and related services, the successful candidate will also be current with emerging best practices and service trends, particularly all aspects of cloud computing.

• Security systems development, testing, analysis, and implementation
• System vulnerability assessment and management
• Response to security threats, attacks, and similar events
• Development of threat prevention strategies
• Coordinate & conduct black/white box security assessments with industry standard security tools
• Regular generation of reports for executives and administrators
• Comply with Health, Safety and Environment Policies (mandatory for all)
• Risk Management (mandatory; line manager discretion)
• Work independently on technical issues and recommend design solutions.
• Demonstrate a solid understanding of infrastructure, virtualization, cybersecurity standards, and operating procedures.
• Collaborate with other members of the cybersecurity team to develop new protocols, layers of protection, and other both proactive and defensive systems that stay one step ahead of cyber criminals.
• Maintain security guidelines, procedures, standards, and controls documentation
• Maintain a working knowledge of current cybercrime tactics.
• Lead the analysis of the current technology environment to detect critical deficiencies and recommend solutions for improvement Conduct incident response analyses; develop.
• Participate in and lead design sessions with Finning personnel as well as external parties.
• Consult on application or infrastructure development projects to harmonize systems or infrastructure.
• Assist with designing the governance activities associated with ensuring compliance with Information Security Policies.
• Monitor and ensuring compliance to standards, policies, and procedures.
• Define high-level migration plans to address the gaps between the current and future state, typically in sync with the budgeting or other planning processes.

KEY ACCOUNTABILITIES:
Description

• Develop, support, and advance strategies, policies, programs, and projects designed to continually improve and enhance cyber and information security posture and resiliency
• Oversee compliance with applicable laws, rules, and regulations related to cyber and information security
• Work with the compliance team to establish policies/standards/guidelines to ensure systems record user activities and access to sensitive data in support of insider risk management
• Develop and implement software security compliance program that takes a risk-based approach to ensure appropriate compliance to policies/standards/guidelines
• Contribute to awareness and outreach efforts both internally and externally
• Attend all regular, special, and emergency meetings regarding cyber and information security
• Regularly review the operation of security controls and recommend changes designed to improve effectiveness and/or counter emerging risks
• Make appropriate recommendations for security enhancements to the line manager or any external vendor providing services including tools, technologies, services, policies, procedures, and other areas as needed
• Lead efforts to evaluate and select vendors for security assessments, penetration testing, and other similar security services
• Direct and oversee the evaluation of security tools and make acquisition recommendations to the IT Security Manager
• Manage budgets, maintain financial forecasts, develop, and present business cases
• Establish objectives and milestones and manage activities to deliver high-quality results within budget and schedule
• Other duties and obligations as assigned by the line manager
• Work with multiple stakeholders to identify areas for cyber risk reduction on the IT Infrastructure and OT systems.
• Lead the evaluation of the potential impact of implementing difference cyber risk reduction methods (i.e., cyber security controls) with in the IT infrastructure.
• Act as the primary interface with the Tabreed stakeholders to architect the defensive model and implement cyber security controls across Tabreed IT & OT systems for desired risk reduction.

Assess Current State and Areas for Risk Reduction:

• Lead the conduct of a cyber-security self-assessment initiatives based on international standard, national standards, and state of practice.
• Assess the Tabreed's defensive strategy and the implementation of the cyber security program.
• Provide an evaluation on current milestone delivery and regulatory compliance.
• Lead the development of a corrective action plan for achieving desired risk reduction and maturing program elements.

Risk Reduction Strategy Development:

• Lead the development of a risk reduction strategy for the protection of Tabreed critical systems and associated critical digital assets (CDAs).
• Lead the development of a risk management strategy to include a cyber security control implementation strategy for effective and sustainable risk reduction.
• Assist in establishing key performance indicators to monitor changes in cyber risk.
• Communicates with senior leadership on cyber security strategic issues and current risks.
• Act as a liaison with the UAE regulatory authority, to validate cyber security performance meets or exceeds regulatory expectations for protection against the design basis threat.

Leading Solutions Design:

• Leads the creation of deliverables related to design and analysis of technology solution to ensure that solution meet business and operation needs.
• Design, Build, Implement and support an Enterprise-class security systems.
• Design security architecture elements to mitigate threats as they emerge.
• Create solutions that balance business requirements with information and cybersecurity requirements

Risk Management:

• Analyse current risks and identify potential risks in responsibility
• Report the risk tailored to the relevant audience
• Build risk awareness amongst team by providing support and training

Framework:

• Follow the international framework designed to standardize the selection, planning, delivery, and maintenance of IT services within a business

Technology Research:

• Strategic planning (medium and long term) based on company objectives to keep in line with new developments in IT
• Research new technology to determine what would best support their organization in the future

JOB REQUIREMENTS:
Minimum Qualifications:

• Bachelor's degree holder in Computer Science/Engineering or equivalent Knowledge
• Broad knowledge across all areas of the Technology Architecture domain including Cloud Computing (IaaS, PaaS, AWS, Azure etc.) Data Center, Data Storage Technologies, Virtualization, server platforms (Windows and Linux), Desktop, mobility solutions, systems monitoring/management, data protection, high availability/clustering, network (WAN/LAN/WLAN etc.), Security (Firewall, IDS/IPS, VPN etc.)
• Strong proficiency in Incident Management and Response.
• Experience in security device management and SIEM.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management and threat intelligence.
• Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring.
• Ability to develop a comprehensive understanding of Finning's business, market and industry and relate that knowledge to identified operations and IT-related risks
• Familiar with the basic principles of organizational change management, and understanding of how to apply these principles
• Ability to understand the long-term ("big picture") and short-term perspectives of situations
• Ability to estimate the financial impact of risk mitigation alternatives
• Ability to quickly comprehend the functions and capabilities of new technologies
• Knowledge of many, if not most, aspects of information security architecture Understanding of network and enterprise architecture Certifications: CISSP or CISM , Network and security , Microsoft Azure Administrator Certification and Industrial Cybersecurity

Minimum Experience:

• Minimum 5 years' experience in Information Technology (IT) & Operational Technology (OT) Cyber security
• Hands-on experience running mission-critical cybersecurity operations
• Proven experience building a service-oriented organization and driving or promoting a service delivery model
• Exhibit excellent analytical skills and the ability to manage multiple projects under strict timelines as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Project management skills: financial/budget management, scheduling, and resource management
• Experience with contract and vendor negotiations, and expertise in negotiating complex contracts and managing vendors, including design, and tracking of Service Level Agreements (SLAs)
• High level of personal integrity as well as the ability to professionally handle confidential matters and to show an appropriate level of judgment and maturity
• Self-starter, accountability, and the ability to work with little supervision
• Limited travel to project sites
• Due to nature of 24/7 operation may be required to work after hours or on weekend
• Flexibility to work in shifts as required

Full job description

The Information Security Officer is responsible for developing and maintaining the hospital's information security framework. The role involves overseeing security operations, ensuring compliance with Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS), and contributing to key projects such as SOC (Security Operations Center) implementation, SIEM, and Data Loss Prevention (DLP) systems.

Essential Job Functions and Key Accountabilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Execute periodic and ad-hoc compliance checks and cyber risk assessments in alignment with mandated cybersecurity policies and guidelines.
• Recommend and implement remedial actions for non-compliance issues.
• Contribute to Risk Management Framework documentation and activities (e.g., system life-cycle support plans, operational procedures, maintenance training materials).
• Participate in risk governance processes to evaluate and address security risks.
• Lead and Monitor the implementation of SOC and SIEM solutions.
• Oversee DLP strategies and governance.
• Perform regular audits, security scans, and risk assessments.
• Define and enforce security protocols, policies, and procedures.
• Ensure compliance with UAE regulations and international standards.
• Conduct cybersecurity awareness training for staff.
• Collaborate with IT and clinical departments to integrate security into all systems and workflows.
• Investigate and respond to security incidents and breaches.

Competency Standards

Clinical/Technical Competencies:

• Cyber security and privacy principles (confidentiality, integrity, availability).
• Networking protocols and network security threats.
• Laws, regulations, and ethics related to cyber security.
• Information classification and compromise procedures.
• Security scanning, vulnerability assessments and penetration testing.
• PHI (Personal Health Information) data protection standards.
• Security architecture, including topology, protocols, and components.
• Experience with SIEM tools.
• DLP platform experience
• Familiarity with Firewalls, IDS/IPS, and Endpoint Protection.
• Microsoft Azure and Office 365 security solutions.
• ADHICS implementation experience preferred.

Qualification

Bachelor's Degree in Information Technology, Computer Science, or Cybersecurity.

Diploma holders with strong relevant experience may be considered.

Job Types: Full-time, Fresher

Pay: From AED2,500.00 per month

About the Company

Responsible for the technical strategic design, implementation, and operational management of the enterprise data security infrastructure in the support and enforcement of organization policies and priorities. This person will provide leadership to ensure sustainable, high quality delivery of technical security systems and related tools to safeguard the availability and integrity of all CCAD data.

About the Role

Reports directly to Executive Director, Technology & Development. Reports indirectly to N/A. Head Count Managed Approx. 2. Number of Direct Reports Approx. 0. Number of Indirect Reports Approx. 2. Financial Accountability N/A.

Responsibilities

• Responsible for the technical strategic design, implementation, and management of enterprise security systems to include but not limited to firewalls, intrusion detection systems, application security integration, secure remote access, data encryption, identity management and access provisioning, user and system auditing and reporting, HIPPA, VPN, SSL, smart card/token access systems, wireless device security , VOIP security, workstation end point patch management, anti-spam, anti-virus, anti-malware/spyware systems and management tools, and new technology and regulatory requirements potentially impacting the security posture of CCAD.
• Provide technical oversight of vended services covering these areas of responsibility and proactively plan for future growth and technological innovations that effect the hospital's environment related to these knowledge areas.
• Work closely with CCAD customer groups to ensure that service levels are being met while utilizing resources efficiently and effectively.
• Manages both full time staff and contract labor to adequately design, implement, and support technical solutions.
• Provide guidance, coaching, and formal counseling to CCAD and contract staff to include but not limited to training, appraisals, corrective action, and employment/contract termination.
• Ensure performance management standards are being met and services are being delivered according to set agreements and/or contracts.
• Performs other duties as assigned.

Qualifications

• Education: Bachelor's degree or technical degree in Information Technology or a related field is preferred.
• Experience: Minimum of 6 (six) years of professional job experience working with large organizations in support of the technical design, implementation, and management of enterprise data security and associated technologies. Minimum of two (2) years of experience supporting technical environments in a large U.S. based Hospital supporting a user base of more than 5000 users. Demonstrated strong background in the development and supervision of fulltime and contract IT professionals.
• Certification and Licensure: CISSP is required.
• Professional Membership: N/A.

Required Skills

• Proficiency with Microsoft Office suite.
• Ability to speak and write in English is required.

Preferred Skills

• Demonstrated strong background in the development and supervision of fulltime and contract IT professionals.

Equal Opportunity Statement

The responsibilities described on this job description are intended to describe the general nature and level of work being performed by people assigned to this job. These statements are not intended to be exhaustive of all responsibilities, duties, knowledge, skills and abilities required of employees in the position. Final determination of a candidate's qualifications and eligibility to perform the job is at the sole discretion and judgment of the institute/department executive leadership.

Purpose and summary:

As the Information Security Officer, individual will be responsible for overseeing and implementing the information security program of the company within the regulatory framework of Abu Dhabi Global Market. ISO will play a crucial role in safeguarding company systems, networks, and data from potential threats and ensuring compliance with industry standards and best practices.

Key Responsibilities:

• Information Security Strategy:
  Develop and implement an effective information security strategy aligned with the business objectives of the company and regulatory requirements of Abu Dhabi Global Market.

• Risk Management:
  Conduct regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities. Develop and implement risk mitigation strategies to minimize security risks to the organization.

• Security Policies and Procedures:
  Develop, review, and enforce information security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.

• Security Awareness Training:
  Coordinate and conduct security awareness training programs for employees to promote a culture of security awareness and compliance throughout the organization.

• Incident Response and Management:
  Establish an incident response plan and coordinate responses to security incidents, including conducting investigations, implementing remediation measures, and reporting incidents to relevant stakeholders.

• Security Monitoring and Compliance:
  Implement security monitoring tools and techniques to detect and respond to security incidents in real-time. Ensure compliance with regulatory requirements, including reporting obligations to Abu Dhabi Global Market authorities.

• Vendor Risk Management:
  Evaluate the security posture of third-party vendors and service providers. Develop and implement vendor risk management processes to ensure that vendors comply with information security requirements.

• Security Audits and Assessments:
  Coordinate and participate in security audits and assessments conducted by internal and external auditors. Implement corrective actions to address findings and ensure continuous improvement of the information security program.

Qualifications:

• Bachelor's degree in information technology, Computer Science, or a related field. Advanced degree or professional certifications (e.g., CISSP, CISM, CISA) preferred.
• Minimum of 10 years of experience in information security management, preferably in the financial services industry or fintech sector.
• In-depth knowledge of information security principles, standards, and best practices, including ISO 27001, NIST Cybersecurity Framework, and PCI DSS.
• Experience in developing and implementing information security policies, standards, and procedures.
• Strong analytical and problem-solving skills, with the ability to assess complex security risks and develop effective mitigation strategies.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate complex technical concepts to non-technical stakeholders.
• Experience in conducting security awareness training and promoting a culture of security awareness within the organization.
• Familiarity with regulatory requirements applicable to the financial services industry, particularly in Abu Dhabi Global Market.
• Proven track record of managing security incidents and coordinating incident response efforts.
• Experience in conducting security audits, assessments, and compliance reviews.
• Knowledge of security monitoring tools and techniques for detecting and responding to security incidents in real-time.

Work Environment

• Required to work office hours.
• Flexibility to work longer hours from time-to-time as and when the job requires.
• Open to travel requirements if needed.

Date Opened

08/19/2025

Job Type

Full time

Job Opening Status

In-progress

Work Experience

5+ years

Industry

Technology

Salary

12500

City

Abu Dhabi

State/Province

Abu Dhabi

Country

United Arab Emirates

Zip/Postal Code

51133

Raqmiyat is a UAE-based IT and digital transformation company specializing in consulting, staffing, and enterprise technology solutions. We empower banking, government, and enterprise clients across the Middle East to achieve their digital objectives.

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications and mobile to identify vulnerabilities and potential entry points for attackers.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.

Threat Modeling and Risk Assessment:

• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies
  
  Incident Response and Crisis Management:
• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts
• Security Research and Development:
• Stay up-to-date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications and mobile to identify vulnerabilities and potential entry points for attackers.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.

Threat Modeling and Risk Assessment:

• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategiesIncident Response and Crisis Management:
• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts
• Security Research and Development:
• Stay up-to-date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies

We Are Hiring: Information Security Specialist (Data Centre Services)

Location: Qatar

Duration: 6 Months (Extendable)

Salary: QAR 12,000 – 15,000

We are seeking a skilled Information Security Specialist to support our Data Centre Services team in implementing and maintaining ISO 27001 standards for one of Qatar's ministries. The ideal candidate will have strong expertise in governance, risk, and compliance, with ISO/IEC 27001:2022 certification and knowledge of related standards

Key Responsibilities

Lead the implementation of ISO 27001 framework.

Conduct ISO/IEC 27001:2022 gap assessment and develop upgrade plans.

Review and enhance policies, procedures, and documentation.

Maintain and update risk registers and treatment plans (ISO 27005/31000).

Align KPIs with ISO 27004 standards.

Review CAPA (Corrective and Preventive Actions) and drive continual improvement.

Conduct internal audits and prepare for Management Review Meetings (MRM).

Provide support for external audits (Recertification, SA-1, SA-2).

Requirements

Proven experience in information security management and risk compliance.

Certification in ISO/IEC 27001:2022 and knowledge of related standards.

Hands-on experience with audit preparation and execution.

Excellent communication and documentation skills.

Ability to work independently and deliver within tight deadlines.

Job Type: Full-time

Pay: AED12, AED15,000.00 per month

Application Question(s):

• How many years of experience do you have in information security, governance, risk, and compliance (GRC)?
• Have you previously implemented ISO 27001 in an organization?

Job Description

Role Purpose

The overall responsibility to plan and implement policies to protect a DCAA's computer network and data from various forms of security breaches. Also, responsible for identifying vulnerabilities and to resolve them, ensuring that DCAA's network and data remain secure.

Key Responsibilities

1. Identifying vulnerabilities in DCAA technology network.

2. Developing and implementing a comprehensive plan to secure DCAA's computing network.

3. Monitoring network usage to ensure compliance with security policies.

4. Keeping up to date with developments in IT security standards and threats.

5. Performing penetration tests to find any flaws.

6. Collaborating with management and the IT department to improve security.

7. Documenting any security breaches and assessing their damage.

8. Educating DCAA's staff about security systems and best practices for information security.

9. Maintain documents management, and management review of ISO standards related to IT implemented in DCAA, namely ISO27001, and ISO20001.

10. Develop and implement information security policies, protocols and procedures, and implementing those network security policies in accordance with the standards and policies approved by the competent government organizations.

11. Plan and coordinate security operations, and create reports for management on security status

12. Ensure the Implementation of the fundamentals of cyber security governance and risk management framework and standardized processes and tools that enable best practice approach to DCAA and optimize organizational maturity level. Include reviewing reports on information security incidents and breaches, and investigate and resolve issues

13. Ensure compliance with non-disclosure and confidentiality agreements, as well as DCAA security policies, to safeguard both government and DCAA confidential information. Address and rectify any ISR audit findings, promptly report security incidents, and engage in ongoing security awareness training to prevent unauthorized access or disclosure.

14. Provide support to (Executive Director Corporate Support and Communication Sector) and perform other related duties as may be assigned from time to time.

Qualifications

Academic Qualifications:

Bachelor's degree in in Computer Engineering or IT science focusing on Cybersecurity, or any equivalent degree in the same field.

Certifications:

• ISO 27001 lead auditor
• ISO 20001 Lead auditor
• Certified Project manager

Professional Experience:

At least (0-2) years' working experience in similar field.

We have an urgent requirement for Information Security Analyst for our client based at Abu Dhabi
Key Responsibilities
Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications and mobile to identify vulnerabilities and potential entry points for attackers.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.

Vulnerability Assessment

• Perform thorough vulnerability assessments to identify and prioritize security weaknesses.
• Utilize industry-standard tools such as Qualys, Nessus or Nexpose and methodologies to uncover vulnerabilities in various environments.
• Provide actionable recommendations for remediation and mitigation strategies.
• Patch management

Threat Modeling And Risk Assessment

• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies

Incident Response And Crisis Management

• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts

Security Research And Development

• Stay up-to-date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies

Collaboration And Communication

• Collaborate with development teams to implement security patches and fixes
• Provide technical guidance and support to development teams on security-related issues
• Communicate complex technical information to non-technical stakeholders in a clear and concise manner

Reporting And Documentation

• Develop and maintain detailed reports on findings, including vulnerability assessments, penetration testing results, and recommendations for remediation
• Document testing methodologies, tools, and results in a clear and concise manner
• Maintain accurate and up-to-date records of testing activities and results

Mandatory Requirements

• Bachelor's degree in Computer Science, Information Assurance, or a related field
• OSCP, CEH, or other relevant certifications
• 5+ years of experience in penetration testing, vulnerability assessment, or a related field
• Strong understanding of networking protocols, operating systems, and applications
• Proficiency in programming languages such as Python, C++, or Java
• Experience with penetration testing frameworks and tools such as Nmap, Nessus, Burp Suite, or Metasploit
• Strong analytical and problem-solving skills
• Excellent communication and reporting skills
• Ability to work independently and as part of a team
• Strong attention to detail and ability to maintain accurate records
• Ability to work in a fast-paced environment with tight deadlines

Preferred Additional Requirements

• Experience with cloud-based technologies and cloud security
• Familiarity with Agile development methodologies
• Strong understanding of compliance and regulatory requirements (e.g., GDPR, PCI-DSS)
• Experience with security orchestration, automation, and response (SOAR) tools
• Familiarity with threat intelligence and threat hunting

Skills: security,information,penetration testing,vulnerability