2 361 Ethical Hackers jobs in Bahrain

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

• Plan, execute, and document penetration tests on networks, applications, and systems.
• Identify, analyze, and report on security vulnerabilities and their potential impact.
• Simulate adversarial attacks to test defensive capabilities.
• Collaborate with IT and security teams to remediate identified vulnerabilities.
• Develop and maintain penetration testing methodologies and tools.
• Stay current with the latest security threats, vulnerabilities, and attack techniques.
• Provide technical guidance and recommendations for improving security posture.
• Conduct security assessments of new systems and applications.
• Contribute to the development of security awareness training materials.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• 5+ years of experience in penetration testing or offensive security.
• Proficiency with common penetration testing tools and frameworks.
• Strong understanding of network protocols, operating systems, and web application security.
• Experience with scripting languages (e.g., Python, Bash).
• Excellent reporting and communication skills.
• Relevant certifications such as OSCP, CEH, or CISSP are highly desirable.

• Perform comprehensive penetration testing and vulnerability assessments on internal and external systems, applications, and networks.
• Simulate advanced persistent threats (APTs) and other attack vectors to identify security weaknesses.
• Conduct security code reviews and provide detailed feedback to development teams.
• Develop and maintain custom scripts and tools to automate penetration testing processes.
• Analyze test results, document findings, and create detailed, actionable reports for technical and non-technical audiences.
• Collaborate with IT and development teams to prioritize and track the remediation of identified vulnerabilities.
• Stay current with the latest security threats, vulnerabilities, and penetration testing techniques.
• Contribute to the development and improvement of security policies, procedures, and best practices.
• Participate in incident response activities when necessary.
• Mentor junior security analysts and share knowledge across the team.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 5+ years of hands-on experience in penetration testing and vulnerability assessment.
• Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and attack methodologies.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, etc.
• Experience with scripting languages like Python, Bash, or PowerShell.
• Strong knowledge of network protocols, operating systems (Windows, Linux), and web technologies.
• Relevant security certifications such as OSCP, CISSP, CEH, or GWAPT are highly desirable.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work effectively both independently and as part of a collaborative team in a hybrid environment.

• Monitor security systems and analyze security alerts to detect and respond to threats.
• Conduct vulnerability assessments and penetration testing.
• Develop, implement, and maintain security policies and procedures.
• Lead incident response activities and conduct post-incident analysis.
• Perform security audits and ensure compliance with relevant regulations.
• Research and stay updated on emerging cybersecurity threats and vulnerabilities.
• Provide security awareness training to employees.
• Collaborate with IT teams to implement security solutions and best practices.
• Manage security tools and technologies, ensuring their effectiveness.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in information security, cybersecurity operations, or a related role.
• Proven experience in incident response, threat analysis, and vulnerability management.
• Strong understanding of network security, cryptography, and security frameworks (e.g., ISO 27001, NIST).
• Proficiency with security tools such as SIEM, IDS/IPS, firewalls, and endpoint detection and response (EDR).
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications such as CISSP, CEH, or CISM are highly desirable.
• Ability to work effectively in a hybrid environment and manage multiple priorities.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

• Design, implement, and maintain enterprise-wide security architecture.
• Develop and enforce security policies, standards, and guidelines.
• Evaluate and recommend new security technologies and solutions.
• Conduct security risk assessments and develop mitigation strategies.
• Collaborate with IT and development teams to ensure security is integrated into systems and applications.
• Develop security roadmaps and strategic plans.
• Oversee the implementation of security controls, including firewalls, IDS/IPS, SIEM, and endpoint protection.
• Provide technical leadership and guidance on security matters.
• Monitor security trends and threats to proactively adapt defenses.
• Ensure compliance with relevant security regulations and standards.

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's preferred.
• 10+ years of experience in information security, with at least 5 years in a security architecture role.
• Strong knowledge of network security, cloud security, application security, and data privacy.
• Experience with security frameworks such as NIST, ISO 27001.
• Proficiency in security assessment tools and techniques.
• Excellent understanding of cryptography, authentication, and authorization protocols.
• Strong analytical, problem-solving, and communication skills.
• Experience with scripting and automation for security tasks.
• Relevant security certifications (e.g., CISSP, CISM, TOGAF).

• Monitoring security alerts and events to detect and respond to potential threats.
• Analyzing security vulnerabilities and recommending remediation strategies.
• Implementing and managing security tools and technologies, such as firewalls, intrusion detection systems, and SIEM solutions.
• Conducting regular security assessments and penetration testing.
• Developing and updating security policies, procedures, and guidelines.
• Investigating security incidents and providing detailed post-incident reports.
• Collaborating with IT teams to ensure secure system configurations and deployment.
• Educating users on security best practices and raising awareness of potential risks.
• Staying informed about the latest cybersecurity threats, trends, and technologies.
• Contributing to the development and maintenance of the organization's security architecture.
• Ensuring compliance with relevant data protection regulations and standards.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security roles.
• Proven experience with security monitoring tools and incident response.
• Strong understanding of network security, cloud security, and endpoint security.
• Knowledge of common security frameworks (e.g., NIST, ISO 27001).
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts clearly.
• Relevant security certifications (e.g., CISSP, CompTIA Security+) are highly desirable.
• Ability to work independently and as part of a distributed team in a remote environment.

• Develop, implement, and maintain the organization's information security program, policies, and procedures.
• Oversee the security operations center (SOC) and manage security monitoring, threat detection, and incident response activities.
• Conduct regular risk assessments and vulnerability analyses to identify and mitigate security threats.
• Manage the deployment and maintenance of security technologies, including firewalls, IDS/IPS, SIEM, EDR, and data loss prevention (DLP) solutions.
• Ensure compliance with relevant industry standards (e.g., ISO 27001, NIST) and regulatory requirements (e.g., GDPR).
• Develop and deliver security awareness training programs for all employees.
• Lead and mentor a team of information security professionals, fostering their professional development.
• Collaborate with IT, legal, and business units to integrate security into all aspects of the organization's operations.
• Manage security budgets and vendor relationships.
• Develop and regularly test the organization's business continuity and disaster recovery plans.
• Stay abreast of evolving cybersecurity threats, trends, and technologies.
• Act as a subject matter expert on information security matters for the organization.

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field; Master's degree is preferred.
• Minimum of 7 years of progressive experience in information security, with at least 3 years in a management or leadership role.
• In-depth knowledge of cybersecurity frameworks, best practices, and threat landscapes.
• Proven experience in developing and implementing security policies, procedures, and controls.
• Hands-on experience with various security technologies and tools (SIEM, firewalls, IDS/IPS, vulnerability scanners).
• Strong understanding of network security, application security, cloud security, and data protection.
• Excellent leadership, team management, communication, and interpersonal skills.
• Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
• Ability to develop and execute strategic security plans.
• Strong analytical and problem-solving abilities.