Skills: IT - Analysis & Management
Experience: 8 + Years
Education: Bachelors/3-5 yr Degree
INFORMATION & COMMUNICATION TECHNOLOGY
SR. PENETRATION TEST ANALYST
Primary Purpose of Job
Responsible for QP's vulnerability lifecycle management activities for QP IT and OT / Industrial systems. As an SME plan, lead, execute, report QP's penetration assessments to identify security risks within applications, security controls and network infrastructure. Lead the vulnerability lifecycle management efforts, conduct hands-on technical assessment to detect potential security threats as well as anomalies by testing IT and OT systems and determine if a system or data set has been impacted and communicate and report the findings to QP stakeholders.
Bachelor degree in information security, computer science, or systems engineering.
Experience & Skills
8+ years' experience working in a large-scale IT environment with focus on Information Security, and knowledge of Operational Technology. • 4+ years' experience in industry conducting technical security assessment, penetration testing as well as vulnerability and penetration life cycle management activities.
• Proven track record in conducting security analysis and testing independently, demonstrating vulnerabilities and documenting the results. Track record showing ability to independently lead and perform technical security assessments, execute penetration tests from the scoping until reporting.
• Strong understanding of server, endpoint, networking, wireless hacking principles and commonly used Internet protocols.
• Extensive knowledge of security best practices and concepts Vulnerability Assessment & Penetration Testing.
• Demonstrate knowledge of Cyber Security principles, techniques and technologies such as SANS Critical Security Controls and OWASP.
• Good knowledge of IT including multiple operating systems and system skills (Windows, Unix) Good knowledge of client-server applications, multi-tier web applications, relational databases, security appliances, sandboxing. Good Knowledge of OT systems and their potential risks and threats.
• Security Operations Centre Experience in conducting security investigations is a plus.
• Solid experience in scripting (e.g. Python, Perl, and PowerShell).
• Possession of Industry Certifications (SANS, GCIA, ICS2, ISACA, EC Council (OSCP, OCSE, GPEN, GWAPT, GXPN, GAWN, GCIH, (C|EH), CHFI, GREM, GMOB) equivalent technical certification.
Qatar Petroleum is an integrated national oil company (NOC) responsible for the sustainable development of the oil and gas industry in Qatar and beyond.
Qatar Petroleum’s activities encompass the entire spectrum of the oil and gas value chain locally, regionally, and internationally, and include the exploration, refining, production, marketing and sales of oil and gas, liquefied natural gas (LNG), natural gas liquids (NGL), gas to liquids (GTL) products, refined products, petrochemicals, fertilizers, steel and aluminum.
Qatar Petroleum is committed to contribute to a better future by meeting today’s economic needs, while safeguarding our environment and resources for generations to come. Thriving on innovation and excellence, Qatar Petroleum is bound to the highest levels of sustainable human, socio-economic, and environmental development in Qatar and beyond.
For more information, please visit www.qp.com.qa