Lead, Threat Detection

**Company**
QatarEnergy is a state-owned public corporation established byEmiri Decree No. 10 in 1974. It is responsible for all phases

of the oiland gas industry in the State of Qatar.The principal activities of QatarEnergy, its subsidiaries and jointventures are

the exploration, production, local and international saleof crude oil,natural gas and gas liquids, refined products,

syntheticfuels,petrochemicals, fuel additives, fertilizers, liquefied natural gas(LNG), steel and aluminium.Qatar Energy's

strategy of conducting hydrocarbon exploration anddevelopment is through Exploration and Production Sharing

Agreements(EPSA) and Development and Production Sharing Agreements (DPSA)concluded with major international oil

and gas companies.The operations and activities of QatarEnergy and its affiliates areconducted atvarious onshore

locations, including Doha, Dukhan and the Mesaieed andRas Laffan Industrial Cities, as well as offshore areas, including

HalulIsland, offshore production stations, drilling platforms and the NorthField.Thriving on a spirit of enterprise, each of our

joint ventures isunderpinned by transparency, innovation and high standards of qualityand service. At QatarEnergy, we are

committed to one thing aboveall: Excellence.

**Department**
INFORMATION SECURITY

**Primary purpose of job**
Lead Threat Detection & Response responsible for early detection, and rapid response in order to mitigate the

cybersecurity risks for QatarEnergy. Lead Threat Detection & Response build, train and lead the 24/7 Cybersecurity

Security Operations Centre’s Cybersecurity Detection he/she will be leading technical investigations for security incidents,

overseeing process improvements, and driving implementation of new capabilities. He/she will act as front-line point of

escalation and serves as a technical escalation resource for other security analysts and engineers and provide mentoring

for skill development. He/she will partner with Information Security leads to implement and improve technology and

processes to enhance Cybersecurity monitoring, detection, investigation, and response.

Lead Threat Detection & Response supervises and coordinates engineers and external consultants who are responsible for

the design, build and ongoing management of the QatarEnergy Detection platforms and ultimately support QatarEnergy’s IT

and OT cybersecurity 24/7 mission critical operations.

**Experience & Skills**:

- 10 years of technical experience in Information Security.
- Preferably experience with large ICS & ICT environments in the Energy sector.
- An understanding of Memory, Host, Network Forensics Analysis and Malware Analysis is required.
- Ability to communicate between staff at all level, as well as maintain positive working relationships across the business.
- Excellent written and verbal business communication skills.
- Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc.)
- Advanced knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
- Advanced knowledge of penetration techniques and forensic techniques.
- Moderate knowledge and experience with Cloud technologies
- Moderate protocol analysis experience (Wireshark, Netwitness, etc.)
- Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux, Solaris,

Unix).

enterprise Anti-Virus products.
- Strong understanding of security incident management, malware management and vulnerability management processes.
- Experience with web content filtering technology - policy engineering and troubleshooting.
- Good awareness of IT Support processes, such as ITIL.

**Education**:

- Bachelor’s degree in information security, computer science, or systems engineering.
- Possession of Industry Certifications such as but not limited to Certified Incident Handler (GCIH), Certified Intrusion

Analyst (GIAC), Certified Ethical Hacker (CEH), Certified Expert Penetration Tester (CEPT), OSCE/ CHFI/ SANS Cyber

Threat Hunting/ SANS GREM or equivalent SIEM/ security technologies technical certification (Advanced Level).