Description

About the role

Qatar Airways is looking for Senior Cyber Security analyst with in-depth technical experience and expertise on Network and Endpoint security technologies and digital certificate life cycle management. You will be responsible for ensuring the protection and integrity of our systems, networks, and data by leveraging your expertise in security products and solutions, especially those in network DDOS protection; Intrusion Prevention Systems, Web Application Firewalls, Internet security & proxy servers, Email security appliances, Network and endpoint DLP, Application whitelisting technologies, Antivirus / Antimalware / EDR technologies, digital certificates, encryption keys, and cryptographic operations. You will play a crucial role in implementing, and maintaining robust security products and solutions, analyzing potential threats and implementing solutions accordingly.

Responsibilities
• Implement, maintain and update cyber security systems at the network or endpoint to defend against cyber threats.
• Manage all aspects of X.509 certificate lifecycle including creation, issuance, installation and revocation
• Maintain inventory of certificates, usage within applications with the relevant formats such as PEM, PKCS12, PKCS8
• Manage external public certificate authority issuance processes including CAB forum prerequisites for DV, OV and EV processes
• Maintaining & implementation of the standard operating procedures in compliance with ISO27001:2022, PCI-DSS ver4.0, SOCII Type2, NIST requirements, for Network security and endpoint security.
• Support the SOC team with in-depth L3 technical expertise on Network and Endpoint security products.
• Maintain certificate chain mapping for externally trusted certificates and co-ordinate deployment of relevant intermediate and root certificates to enterprise stores.
• Propose and direct the implementation of certificate usage best practices within enterprise systems such as Active Directory, Application Middleware(IIS, JBOSS, Tomcat, Kubernetes, OpenShift), Network Systems (Cisco ASA, F5 LTM, Citrix), CI/CD pipelines and Cloud environments(Azure, Google)
• Manage the Microsoft ADCS-based Enterprise PKI infrastructure including certificate issuance processes, key recovery processes, associated templates, application integrations using DCOM and other components such as AIA, CDP, CRLs, OCSP, CTL
• Ensure PKI environment's availability, security and reliability for enterprise applications
• Implement best practices related to management of smartcards, HSMs and other certificate management hardware components
• Collaborate with cross-functional IT teams, to integrate security controls and ensure a secure infrastructure.
• Stay up to date with the latest cyber security trends, emerging threats, and industry best practices.
• Stay up-to-date with emerging cyber threats and security best practices in the field of PKI CLM, and HSM.
• Provide guidance and training to internal teams on Network Security, Endpoint security, PKI and HSM usage and best practices.

Qualifications

Requirements
• Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., CISSP, CISM, CEH) are highly desirable.
• Minimum of 4 years of experience in cyber security tools and products including managing digital certificates.
• Extensive technical knowledge of security solutions (antivirus, firewalls, WAF/ IPS / DLP/ Application Whitelisting) and any other security networking hardware or software tools.
• Knowledge of Cisco ASA Firewall and strong routing & switching experience is an added advantage.
• Excellent hands-on experience and knowledge implementing, configuring, integrating and supporting the network security with Checkpoint, F5 ASM, BigIP LTM, GTM, Tipping Point IPS, Arbors DDOS appliances, Cisco ISE, Palo Alto, Juniper, BlueCoat security solutions, Fortinet, Forcepoint DLP, Carbon Black Appcontrol, Crowdstrike EDR, Cisco Email Security (Not all are needed but the more you have, the more advantages)
• Knowledge of networking concepts such as WAN connectivity, transport types and protocols, and experience with wireless technology and Wireless deployment for a user base over 500 users per site.
• Previous experience working with Digicert, Sectigo or Entrust certificate management portals for various types of certificates including TLS(single domain/multidomain/wildcard), Code Signing, Document Signing, Client Signing, S/MIME, Verified Mark Certificates (VMC).
• Previous experience with certificate related security features - CAA, HSTS, CT, Certificate Pinning.
• Previous experience with certificate provisioning and deployment protocols - ACME, EST, SCEP, NDES
• Knowledge of Certificate Lifecycle Management(CLM) systems and methods of integration with applications and network devices
• Previous experience managing Hardware Security Modules (HSM) for keys protection incorporating standards such as FIPS 140-2 Level 3
• Familiarity with aspects such as KMIP, JCE, CNG, PKCS#11, Remote Key Attestation, TPM
• Familiarity and knowledge of PKI systems such as Keyfactor/EJBCA, Digicert ManagedPKI, Entrust ManagedPKI is a plus
• Knowledge of PKI Assurance Levels and ability to map certificate requirements to assurance levels
• Support enterprise wide security posture enhancements such as 802.1X deployment using EAP-TLS, TLS1.3 deployment, SSL Offloading and inspection within security equipment
• Strong knowledge of cryptographic constructs such as Asymmetric/Symmetric Crypto(RSA/ECC/AES), hashing, keys(KEK,BYOK), certificates, ciphers, protocols(TLS/HTTPS), timestamping, encryption and data security(TDE, Bitlocker,PGP)
• Experience working with stakeholders at an Operational Level
• Good team player, Self-confident, motivated, and independent
• Excellent communication skills
• Ability to remain calm while multi-tasking and working under pressure in a fast-paced environment
• Attention to details and good problem-solving skills.

How to apply

Application Guidelines

Employees must submit applications through internal vacancies portal (via GEMS) only.

Please see below for all eligibility and requirements for internal applications and please note that any applications not meeting the criteria will not be processed.
• All internal candidates can only have three active applications at any point in time.
• All internal candidates must have completed a minimum 10 months in their current role in order to apply for a new role
• All internal candidates with an active final warning letter will be automatically disqualified from the recruitment process
• If you are Cabin Crew or Deck Crew (Qatar Airways & Qatar Executive) candidate, you would require NOC to apply for this role.