982 Information Security jobs in Bahrain

Join to apply for the Linux Cryptography and Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Linux Cryptography and Security Engineer role at Canonical

This is a unique opportunity to use your software engineering and cryptography skills to build and maintain the security foundation that enables Ubuntu and its users to operate securely and remain compliant to international information security standards such as FIPS 140-3 and Common Criteria. You will use your applied cryptography, Linux Security, and coding skills to enhance the Ubuntu distribution and work with organizations such as DISA and CIS to draft and implement security hardening benchmarks for Ubuntu.

As a member of the Security Hardening team you will work with and develop automation tooling to audit deployed systems for DISA-STIG and CIS benchmark compliance. You will interact with internal and external stakeholders to identify gaps in our frameworks, and develop new solutions to address these challenges. In this role you will have the opportunity to influence team and security culture, facilitate technical delivery, and help drive team direction and execution. You'll collaborate closely with Canonical's kernel team as well as the wider engineering organization to drive features impacting all Ubuntu users.

Day-to-day responsibilities

• Collaborate with other engineers in the Security Hardening team to achieve and retain various Security certifications
• Extend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features and functionality required for FIPS and CC certification
• Collaborate with external security consultants to test and validate kernel and crypto module components
• Work with external partners to develop security hardening benchmarks and audit + remediation automation for Ubuntu
• Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
• Communication and collaboration within and outside Canonical to identify opportunities to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on schedule
  
  

• Hands-on experience with low-level Linux cryptography APIs and debugging
• Excellent software engineering fundamentals, including prior experience with C development, and the ability to demonstrate such
• Hands-on experience with Linux system administration and shell scripting
• Demonstrated knowledge of security and cryptography fundamentals + direct experience writing secure code and implementing best practices
• Significant development experience working with open source libraries
• Excellent verbal and written communications to enable efficient collaboration with internal and external partners in a remote-first environment
  
  

• Prior experience working on FIPS/Common Criteria certified products and in-depth knowledge of the underlying standards
• Prior experience working directly with DISA-STIG or CIS benchmarks, including related audit + remediation tooling (e.g. Compliance as Code)
• Experience working directly with Linux Kernel
• Prior experience with Python, OVAL (Open Vulnerability Assessment Language), and Ansible
• History of contributions to open source projects
  
  

• Distributed work environment with twice-yearly team sprints in person - we've been working remotely since 2004!
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues from your team and others
• Priority Pass for travel and travel upgrades for long haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Manama, Capital Governorate, Bahrain 4 months ago

Manama, Capital Governorate, Bahrain 1 month ago

Bahrain $60,000.00-$120,000.00 1 month ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 weeks ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 5 months ago

Manama, Capital Governorate, Bahrain 6 months ago

Seef, Capital Governorate, Bahrain 4 weeks ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 1 month ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 5 months ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 weeks ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 1 month ago

Manama, Capital Governorate, Bahrain 1 month ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 4 months ago

Manama, Capital Governorate, Bahrain 6 months ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 4 months ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 4 months ago

Manama, Capital Governorate, Bahrain 2 months ago

Manama, Capital Governorate, Bahrain 3 days ago

Manama, Capital Governorate, Bahrain 4 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Full Time

Job Purpose

The IT Compliance & Risk Lead is responsible for the assessment of technology vendor risks and control effectiveness across the IT disciplines. The IT Risk lead will identify, classify, and document control issues in the bank's environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to IT management.

Key Accountabilities

1. Supports the establishment of the IT risk management process and integration and maturing of the process across the IT disciplines and practices.
2. Supports development of the technology risk framework, policies, standards, and risk taxonomy.
3. Supports the implementation and adherence to the risk framework, in collaboration and conjunction with business-aligned risk partners.
4. Evaluates and identifies technology risk related to divisions and the enterprise, including emerging trends that may impact risk profile.
5. Supports the self and control risk assessment (RCSA) for IT and engages with the IT stakeholders to define the controls in place, residual risk, and treatment plans.
6. Maintains a consolidated list of the technology risks at the enterprise level and ensures continuous monitoring of the risks and corresponding mitigation plans.
7. Implements risk assessments across the enterprise and builds an overall profile of the technology risk.
8. Provides credible challenge based on risk assessment results and ensures risk is being mitigated.
9. Collaborates with division risk officers and subject matter experts to ensure policies and standards are practical, effective, and efficient.

Qualifications
Bachelor’s/master’s degree in computer science or related field.
Professional Certifications: COBIT, ITIL, CRISC, ISACA.

Experience
6 – 8 Years

Skills

1. Minimum 3-5 years of experience in an IT risk and compliance role.
2. Solid understanding of IT governance, information security policies, standards, and industry best practices.
3. Experience in technology and operational risks frameworks.
4. Practical experience in scoping, conducting risk assessments, and documenting results.
5. Detail-oriented and able to meet tight deadlines.
6. Excellent documentation skills and ability to communicate effectively across functional areas.

Overview

Delivery Consultant - Infrastructure and Security, Professional Services role at Amazon Web Services (AWS). In this role, you will work closely with customers to design, implement, and manage AWS solutions that meet their technical requirements and business objectives. You will be a key player in driving customer success through their cloud journey, providing technical expertise and best practices throughout the project lifecycle.

• Designing and implementing complex, scalable, and secure AWS solutions tailored to customer needs
• Providing technical guidance and troubleshooting support throughout project delivery
• Collaborating with stakeholders to gather requirements and propose effective migration strategies
• Acting as a trusted advisor to customers on industry trends and emerging technologies
• Sharing knowledge within the organization through mentoring, training, and creating reusable artifacts

The AWS Professional Services (ProServe) team helps customers realize their desired business outcomes when using the AWS Cloud. We work with customer teams and the AWS Partner Network (APN) to execute enterprise cloud computing initiatives, delivering guidance through global specialty practices that cover a variety of solutions, technologies, and industries.

• 7+ years of experience as a technical specialist in customer-facing roles
• Experience driving discussions with senior personnel regarding trade-offs, best practices, project management and risk mitigation
• Hands-on experience leading the design, development and deployment of business software at scale or current hands-on technology infrastructure, including networking, compute, storage, and virtualization
• Experience with automation and scripting (e.g., Terraform, Python) and application migration and modernization
• Strong communication skills with the ability to explain technical concepts to both technical and non-technical audiences

• Bachelor’s degree, or equivalent experience, in Computer Science, Engineering, Mathematics or a related field
• AWS experience preferred, with proficiency in a wide range of AWS services (e.g., EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation)
• Experience in an Architect role or similar with a strong track record of implementing AWS services in distributed environments
• Large-scale migration experience (Data Center to Data Center and/or Data Center to Cloud)
• Infrastructure automation through DevOps scripting (e.g., shell, Python, Ruby, PowerShell)

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation during the application and hiring process, including support for the interview or onboarding process, please visit the AWS accommodations page for more information.

Amazon Web Services EMEA SARL, Branch of a Foreign Company

Overview

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions – at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We have more junior roles for exceptional individuals with a proven personal interest and engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.

Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team. The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack. The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

• Implement and evolve Canonical's SecOps security standards and playbooks
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Expertise in threat modelling and risk management frameworks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF
• Experience with security standards such as ISO 27001

• Experience in a security operations team or a security operations centre (SOC)
• Experience in offensive or defensive security teams with hands-on ability
• Experience with state-actor and other advanced persistent threats

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Overview

VAM Systems is a Business Consulting, IT Solutions and Services company. VAM Systems is currently looking for Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

• Years of Experience: 11-15 Years
• Education Qualification: BE Computer Science and Engineering
• Certifications required: CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, VB
• Professional Training Required: Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming.

• Proficiency and working knowledge in technology stacks used in application development, Web applications, in particular secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• In-depth knowledge in the software's design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, Security principles of routing, authentication, VPN, proxy services, and DDOS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

• Perform security analysis, develop robust security architecture, and ingrain security solutions into the Bank's Group environment ensuring the confidentiality, integrity, and availability of the bank’s information.

VAM Systems is a Business Consulting, IT Solutions and Services company.

VAM Systems is a Business Consulting, IT Solutions and Services company.

VAM Systems is currently looking for Security Architect for our Bahrain operations with the following skillsets & terms and conditions:

Years of Experience: 11-15 Years

Education Qualification: BE Computer Science and Engineering

Certifications required: CISSP, CCSP, CEH, CCNP, AWS, Azure, Java, Python, VB

Professional Training Required: Azure Solutions Architect, AWS Solution Architect, Secure Software Development and Programming.

Skills:

• Proficiency and working knowledge in technology stacks used in application development, especially secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• In-depth knowledge in software design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews, and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding of security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, security principles of routing, authentication, VPN, proxy services, and DDoS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

Job Responsibilities:

• Perform security analysis, develop robust security architecture, and integrate security solutions into the Bank's Group environment ensuring the confidentiality, integrity, and availability of the bank’s information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend security controls to address security risks.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Evaluate and implement information security technologies and countermeasures against threats to information.
• Review technical service requests and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure end-to-end security.
• Develop security baseline for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices, and ensure efficacy.
• Provide security architectural guidance to IT Project Managers.
• Understand the risk and weakness in applications.
• Secure application design and architecture, and conduct application security testing.

Bachelor of Technology/Engineering(Computers)

Nationality

Any Nationality

Vacancy

1 Vacancy

Job Description

Job Purpose

The Senior Security Architect will play a key role in building and maintaining IT security solutions and controls for the Bank across new and emerging domains, including Cloud and Innovation. The role will involve developing end-to-end security for Bank ABC and handling any technical problems that arise. The Senior Security Architect will identify IT threats and vulnerabilities, design and build robust security architectures and serve as the security point person for technical and business security concerns.
The job holder will be architecting and managing change and implementation with existing and new technologies, reusing when appropriate and implementing when required.
The job requires in-depth knowledge and hard skills (e.g. secure cloud architecture, cryptographic practices, protocols, network and platform security etc.) as well as strong soft skills (e.g. communication and presentation skills, stakeholder management) and a good amount of hands-on previous work experience demonstrating these.

Principal Responsibilities, Accountabilities and Deliverables of Role

Research & Planning:

• Plan, research and design robust enterprise-wide security architectures for any IT or business projects aligned with industry frameworks (e.g. SABSA, TOGAF, NIST, CSA, ISO 27001)
• Develop threat use cases / scenarios to clearly depict threats to security architecture.
• Aligning new security solutions with existing technologies and designing and planning integration.
• Lead and coordinate assessment of existing and target / implemented architecture.

• Prepare cost estimates and identify integration issues for solutions and architectures
• Develop and maintain security reference architectures and roadmaps

• Understanding of Security Engineering outputs and able to oversee and incorporate into security planning
• Able to incorporate security measures into the existing, resultant or target architecture.
• Collaborate with DevOps, Cloud, and IT teams to embed security into CI/CD pipelines and infrastructure (DevSecOps)

• Define and maintain technical security patterns for secure systems and applications
• Design high level and low-level security architecture to meet business and technical requirements
• Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
• Identify and reuse security solutions and consider integration with other tools when designing security solutions.

• Product Ownership & Collaboration :
  • Support the Senior Security Architect as the Product Owner for specific security tools within the team s domain.
• Microsoft Security Solutions :
  • Serve as the Product Owner with expertise in:
    • MS Purview , Azure Cloud, Active Directory , Defender , O365 Security and Microsoft AIP solutions
    • Ensure proper configuration and timely resolution of issues
    • Develop and implement effective processes and procedures
    • Good knowledge of activities and solving challenges relating to classification, labeling, and handling Data Loss Prevention (DLP)
    • Continuously monitor and follow up on security alerts
• HSM Solution Management :
  • Oversee the Hardware Security Module (HSM) as Product Owner:
    • Ensure accurate configuration
    • Identify and resolve issues efficiently
    • Develop and manage processes and procedures
    • Responsible for key lifecycle management

Desired Candidate Profile

Job Requirements
Knowledge

• Strong understanding of Cloud Computing Security, including AWS, Azure, Office 365, APIs and WEB services
• Strong knowledge in designing and implementing cryptographic solutions including PKI infrastructure, certificate management and deploying encryption technologies for systems, databases, applications across on-premises and cloud
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Deep knowledge of network, application, cloud and data security best practices
• Understanding of architecture frameworks (e.g. TOGAF, SABSA)
• Good knowledge and hands-on experience in security systems, including CASB, HSMs, web proxies and content filtering, DLP solutions, etc
• Detailed technical knowledge of operating system and Cloud CIS baseline
• Good knowledge of low-level and high-level security architecture design and development
• Good understanding of security design patterns
• Familiarity with regulatory and compliance requirements (e.g., CBB, GDPR, ISO 27001, PCI-DSS, SOC2)
• Broad understanding of the Information Security domains: Infrastructure Security, Access Management, Physical Security, Application Security, Security Compliance, and IT Change Management

Desired Candidate Profile

Job Requirements
Knowledge

• Strong understanding of Cloud Computing Security, including AWS, Azure, Office 365, APIs and WEB services

• Strong knowledge in designing and implementing cryptographic solutions including PKI infrastructure, certificate management and deploying encryption technologies for systems, databases, applications across on-premises and cloud
• Understanding of Information Security frameworks (e.g., ISO 27001/27002, NIST CSF, CIS TOP 20)
• Deep knowledge of network, application, cloud and data security best practices
• Understanding of architecture frameworks (e.g. TOGAF, SABSA)
• Good knowledge and hands-on experience in security systems, including CASB, HSMs, web proxies and content filtering, DLP solutions, etc
• Detailed technical knowledge of operating system and Cloud CIS baseline
• Good knowledge of low-level and high-level security architecture design and development
• Good understanding of security design patterns
• Familiarity with regulatory and compliance requirements (e.g., CBB, GDPR, ISO 27001, PCI-DSS, SOC2)
• Broad understanding of the Information Security domains: Infrastructure Security, Access Management, Physical Security, Application Security, Security Compliance, and IT Change Management

• University degree with an IT and / or Cyber Security background

• Recognized and active Information Security and platform qualifications (e.g., CISSP, CISM, EC Council or SANS related certifications, AWS or other cloud specific certifications).
• Desirable Certifications: GIAC Defensible Security Architecture

• At least 8 years of work experience
• 3+ years of direct hands-on experience on configuring technical security solutions and working with Cloud Service Providers (including Azure, Office 365 and AWS) ideally within financial services
• Experience with threat modelling tools and methodologies (e.g., STRIDE, DREAD, MITRE ATT&CK)
• Experience in working with cryptographic solutions (e.g. HSM)
• Experience in developing high level architecture for the cloud and hands-on experience designing secure architectures in cloud environments (AWS, Azure, GCP)
• Strong understanding of IAM, MFA, authentication protocols (OAuth, SAML, OpenID Connect) and able to configure well known Security Solutions in this domain.
• Experience in securing APIs, containers and microservices
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Recent, full-time working experience with financial institutions
• Practical experience on working with cloud technologies and implementing security in hybrid and multi-cloud scenarios.

• Strong team player
• Fluent in English (mandatory)
• Ability to organise and prioritise tasks
• Able to conduct the role with minimum supervision
• Strong communication skills capable of dealing with wide range of internal and external stakeholders articulating security risks in business-friendly terms.

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

Join to apply for the Senior Security Operations Engineer role at Canonical

Continue with Google Continue with Google

3 months ago Be among the first 25 applicants

Join to apply for the Senior Security Operations Engineer role at Canonical

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions - at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We have more junior roles for exceptional individuals with a proven personal interest an engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.

Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team.

The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.

The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Implement and evolve Canonical's Security Operation Center
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Previous professional experience working or leading a Security Operation Center
• Deep personal motivation to be at the forefront of technology security
• Expertise in threat modelling and risk management frameworks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF and ISO27001
  
  

• Experience in a security operations team or a security operations centre (SOC)
• Experience in offensive or defensive security teams with hands-on ability
• Experience with state-actor and other advanced persistent threats
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Manama, Capital Governorate, Bahrain 3 months ago

Manama, Capital Governorate, Bahrain 4 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.