10 IT Security Specialist jobs in Bahrain

Zain is the pioneer of mobile telecommunications in the Middle East. We began life in 1983 in Kuwait as the region’s first mobile operator, and since the initiation of our expansion strategy in 2003, we have expanded rapidly. Read more here: Zain Overview

The Cyber Security Specialist is responsible for planning, executing, and finalizing projects according to strict deadlines and within budget. This includes acquiring resources and coordinating the efforts of team members and third-party contractors or consultants in order to deliver projects according to plan.

1. Manage and improve an integrated cyber security solution that helps to protect the core infrastructure, the network, and the applications that run within the network.
2. Conduct testing of network design.
3. Provide training and technical support for users with varying levels of IP and cyber security knowledge and competence.
4. Participate in the discovery of vulnerabilities and risks in networks, software systems, and data.
5. Safeguard information system assets by identifying and solving potential and actual security concerns.
6. Participate in procurement, installation, testing, and developing IT and security projects.
7. Establish and maintain the enterprise IT security policy.
8. Develop operations work plan to support all operations activities.
9. Evaluate infrastructure and security proposals and recommend the required solutions that meet the IP and security requirements.
10. Plan and manage the IP network growth and resiliency.
11. Implement and manage CDN infrastructure.
12. Setup peering with other entities to reduce latency and improve traffic flow.
13. Support the organization’s Enterprise requirements with solutions, testing, and operations.
14. Perform any other related duties as assigned or needed.

1. Possess solid network and security technical experience. Maintains technical expertise in all areas of network and computer hardware, software, routing, and switching. CCIE Routing & Switching is preferable.
2. Possess strong communication skills.
3. Effectively communicate by listening actively, sharing relevant information with others, and interacting with others to establish fair and effective relationships.
4. Identify customer’s requirements correctly, exceed customer expectations, and act proactively to ensure customer satisfaction.
5. Ability to develop cooperation and teamwork while working toward solutions that generally benefit all parties.
6. Capacity for recognizing one's feelings and those of others for motivating ourselves and managing emotions well in ourselves and in our relationships.

Bachelor's Degree in Computer Science, Cyber Security, or any relevant field.

3 to 5 years’ experience in a similar role, preferably in the Telecom field.

If you meet the criteria and you are enthusiastic about the role, we would welcome your application. To complete the application you would need the following document(s):

Roles & Responsibilities:

• Monitoring the system and ensuring the system is available 24/7.
• Maintain best practices and security standards.
• Design and implement security solutions that protect the organization's On-prem / cloud infrastructure, applications, and data from security threats.
• Conduct regular security assessments of the organization's On-prem / cloud environment to identify potential security vulnerabilities and recommend appropriate remediation measures.
• Configure and maintain various security tools such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems to ensure optimal protection against security threats.
• Regularly monitor the syslogs and take corrective actions if any security breaches or vulnerabilities are found in the logs.
• Run VAPT tools to mitigate security vulnerabilities.
• Manage access controls for cloud resources, including user authentication and authorization, identity and access management (IAM), and network security groups (NSGs).
• Monitor the On-prem / cloud environment for security incidents and respond promptly to any security breaches or threats.
• Create and maintain security policies and procedures for the organization's On-prem / cloud environment, including disaster recovery plans, incident response plans, and security awareness training for employees.
• Keep up-to-date with the latest security trends and best practices to ensure that the organization's On-prem / cloud environment remains secure against evolving security threats.
• Review and apply the WAF policies to protect against DDoS and application-related attacks.
• Test the WAF rules and ensure they block malicious traffic.

Qualifications & Technical Skills:

1. Minimum of 10 years of experience.

• B.Sc. in Computer Engineering or Equivalent.

• Security Incident Handling & Response

• Security Management Frameworks

• Firewall/IDS/IPS (Palo Alto, Fortinet, Cisco, etc.)

• Vulnerability Management (VAPT)

• SIEM Management

• Data Management Protection

• Advanced Malware Prevention

• Identity & Access Management

• AWS: IAM, KMS, VPC, Security Groups, Network ACLs, VPC endpoints, CloudWatch, VPC Flow Logs

• Logging and Monitoring, SIEM, Syslog

• CloudFront, WAF and Certificate Management

• Technical Certifications like CEH, Security+, CISSP, etc.

* نطاق الراتب هذا هو تقدير أجرته beBee

Company Description Job Description VAM Systems is currently looking for Application Security Specialist for our Bahrain operations with the following skillsets & terms and conditions:

VAM Systems is currently looking for Application Security Specialist for our Bahrain operations with the following skillsets & terms and conditions:

Qualification Major: BE Computer Science and Engineering.

Professional Training Required: Secure Software Development and Programming.

Professional Certifications Desired: CEH, CCNP, AWS, Azure, Java, Python, VB

Experience Required:

• Working knowledge in technology stacks used in application development, Web applications, in particular secure application design.
• Depth knowledge of IT risks, cyber security, and computer operating software like Windows, Linux, and UNIX.
• Depth knowledge in the software's design with the aid of programming languages like Python, Java, etc.
• Advanced understanding of security protocols, cryptography, and security.
• Understanding of network protocols, Source Code Reviews and OWASP Top 10 security practices.
• In-depth knowledge of frameworks used in developing applications.
• Good understanding in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
• Knowledge of DNS, Security principles of routing, authentication, VPN, proxy services, and DDOS mitigation technology.
• Expertise in the architecture of information security systems.
• Good knowledge of IT Infrastructure, Cloud Technologies like AWS, Azure, and Information Security systems, specifically in architecture.

Job Responsibilities:

• Perform security analysis, develop robust security architecture, and ingrain security solutions into the Bank's Group environment ensuring the confidentiality, integrity and availability of the bank's information.
• Develop security architecture for various Information Security control systems.
• Perform Information Security Risk Assessments of new IT systems, design and recommend security controls to mitigate risks, reassess and enhance security architecture as needed.
• Review security architecture of new technology solutions and business applications, assess security, and recommend controls to address risks and enhance the architecture as needed.
• Research and recommend/implement the security standards, systems, and best practices.
• Review system security, recommend security controls, and implement enhancements.
• Manage information security projects/assignments.
• Collaborating with team to develop and implement information security architecture frameworks and strategies tailored to the specific needs of the banking industry. This includes developing security architecture for applications, cloud technologies and various Information Security control systems.
• Review technical service request and technical changes raised by IT users for Information Security risks.
• Follow Security by Design methodology to assure the end-to-end security.
• Conduct security reviews of business applications to identify weaknesses, recommend mitigation controls, perform thorough security testing, ensure secure design and architecture, and implement secure coding practices for input validation.
• Provide security architectural guidance to IT.
• Understand the risk and weakness in applications and providing expert guidance and recommendations.
• Secure application design and architecture, and application security testing.
• Developing security baselines for all critical applications and ensuring their efficacy.

Skills required:

• Cyber Security Monitoring.
• Cyber Security Analysis.
• Cyber Security Architecture.
• Cyber Security Audits.
• Cyber Security Best.
• Cyber Security Testing.
• Cyber Security Standards and Procedures.

Terms and conditions

Joining time frame: days)

Additional Information

Terms and conditions:

Joining time frame: maximum 4 weeks

Job purpose

• Overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
• Responsible for the organization's data privacy and protection function to ensure compliance with various regulations and best practices.

2. Primary Duties Performed

• Develop and maintain the cybersecurity Risk Management Framework of the organization for addressing the overall approach for handling cybersecurity risks and managing them in a methodological manner.

• Evaluate employees' information security awareness and provide the necessary training whenever is needed.

• Conduct frequent reviews on Vulnerability Assessment and Penetration Testing (VAPT) and manage vulnerabilities.

• Define the necessary controls to ensure all regulatory requirements related to cybersecurity are met, designed effectively with clear documentation.

• Identify the critical assets of the organization and ensure implementation of risk identification and management strategies for these critical assets.
• To assess technology projects to ensure that cybersecurity is adequately addressed.
• Responsible to identifying and managing cybersecurity risk for all third-party technology engagements and all cloud computing engagements.
• Evaluates and recommends cybersecurity technologies and solutions.
• Review cybersecurity & Risk Management manual and recommend necessary updates.
• Act as Data Protection Officer to identify and evaluate the Company's data processing activities.
• Monitor data management procedures and compliance within the Company.
• Assess Company compliance with Data Protection Private Law.
• Provide advice and arrange training to employees on Data Protection.
• Review and recommend updates on Data Protection Manual.
• Serve as the point of contact between the company and the data protection authorities.
• Performs other related duties assigned by the department head.

3. Secondary Duties Performed

• Assist in implementing risk management framework, policies and programs covering business, financial, operational, technological, and regulatory risks.
• Assist in the development and management of controls and business contingency plans.
• Maintain and update organizational risk register.
• Oversee the regular validation and testing of the Company Business Continuity Plan.
• Review Risk Management manual and recommend necessary updates.

4. Work & Business Contacts

Internal

• Management team and staff.

External

• Regulatory Bodies: Central Bank of Bahrain and Personal Data Protection Authority.
• Law Firms and Legal Advisors.
• Internal and External Auditors.
• VAPT vendors.

Division / Department: Risk Management

Incumbent Reports to: Manager – Risk & Project Management

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

This role will be responsible for handling the implementation and maintenance of GFG and subsidiaries Information Security Management System in accordance with local laws, regulations and best practices.

1. Support Head Information Security in defining and implementation of information security governance documentation including policies, manual, SOPs and guidelines.
2. Support Head Information Security in conducting Risk-based Assessment of Information Security policies and operating procedures owned by other departments within the group against industry-recognized security standards and best practices, ensuring adequate preventive, detective and corrective controls to provide data integrity, confidentiality and availability.
3. Support Head Information Security in conducting analysis of security requirements and controls to identify gaps and provides recommendations of industry best practices, trends, and technology products.
4. Support Head Information Security in conducting on annual basis and continuous basis Information Security Risk Assessment, identify business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
5. Develop and maintain information register and ensure that the information is classified by data owners and protected in accordance with the information classification framework.
6. Conducting awareness sessions to the new and existing employees on information security policies and global trends as per the awareness program.
7. Support in defining information security requirements in information systems, projects and third parties in cooperation with the delivery departments i.e. ICT, and FM.
8. Support in conducting incident investigation for information security incidents and ensuring that the necessary actions and disciplinary actions are taken.
9. Support in defining information security requirements to be included in ICT Disaster recovery plans to ensure continuity of information security controls during disasters.
10. Support in conducting internal and external audits to ensure that BAC Information Security Management system complies with best practices and local regulations.
11. Improve the maturity of the information security management system through suggesting and supporting in the implementation of technologies such as DLP solutions, GRC solutions etc.

Bachelor’s degree in information technology.

Certified Information Security Auditor (CISA) (Preferred)

3+ years of Information Security experience

1. Proven ability to establish and manage “dotted-line” business relationships to deliver agreed outcomes/deliverables.
2. Ability to work effectively with all levels of personnel across the organization.
3. Proven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills.
4. Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.
5. Ability to be flexible and work effectively with ambiguity and change.

Position Overview:

We are seeking a talented and experienced Cybersecurity Engineer to design, implement, and manage robust security solutions across our enterprise infrastructure. The ideal candidate will possess a strong understanding of various cybersecurity domains, including network security, cloud security, endpoint protection, identity and access management, and incident response.

Key Responsibilities:

• Security Architecture & Design: Participate in the design, implementation, and review of security architectures for new and existing systems, applications, and cloud infrastructure. Develop and maintain security standards, policies, and procedures in alignment with industry frameworks (NIST, ISO 27001). Evaluate and recommend new security technologies and solutions to enhance our security posture.
• Vulnerability Management & Penetration Testing: Conduct regular vulnerability assessments and penetration tests on networks, applications, and systems. Analyze vulnerability scan results, prioritize risks, and collaborate with IT teams to implement effective remediation strategies.
• Incident Response & Threat Intelligence: Serve as a key member of the incident response team, participating in the detection, analysis, containment, eradication, and recovery from security incidents. Utilize SIEM tools to monitor security events, identify anomalies, and investigate potential threats, with experience in Microsoft and Cisco Solutions. Stay current with the latest threat intelligence, attack vectors, and security vulnerabilities, disseminating relevant information to the team.
• Security Operations & Tooling: Administer and maintain various security tools, including Fortinet FortiGate firewalls, Cisco Meraki security appliances, intrusion detection/prevention systems (IDS/IPS), Microsoft Defender for Endpoint and other EDR solutions, and DLP solutions. Configure and manage security controls for cloud environments, particularly Microsoft Azure. Develop and implement security automation scripts with PowerShell to streamline security operations and enhance efficiency.
• Data Governance & Compliance: Implement and manage data governance policies using Microsoft Purview to ensure data classification, retention, and protection across our digital estate. Support internal and external security audits by providing necessary documentation, evidence, and explanations of security controls. Ensure all security measures comply with relevant data protection regulations and industry standards.
• Identity & Access Management: Assist in the implementation and management of IAM solutions, including SSO, MFA, and PAM.
• Security Awareness: Contribute to the development and delivery of security awareness training programs for employees.

Required Skills & Qualifications:

• Bachelor’s degree in computer science, Cybersecurity or Information Technology.
• 8+ years of hands-on experience in a Cybersecurity Engineer, Security Analyst, or similar role.
• Strong technical proficiency across multiple cybersecurity domains, including: FortiGate firewalls, Cisco Meraki, Microsoft Defender for Endpoint and other EDR solutions.
• Cloud security with a focus on Azure and AWS
• Experience with Microsoft Purview for data governance and compliance.
• Security Information and Event Management (SIEM) solutions (Auvik, QRadar, Sentinel).
• Experience with PowerShell and PowerBI for automation and analysis.
• Solid understanding of Windows, Linux, macOS and their security configurations.
• Expertise with cybersecurity frameworks (ISO 27001 and NIST)
• Relevant Cybersecurity certifications
• Familiarity with DevOps security practices and Secure Software Development Life Cycle (SSDLC).