Security Infrastructure Engineer

Our mission is to be the preferred IT Services and Solutions provider in the Middle East and North Africa.

For our employees, this means working in a team committed to service excellence and continual innovation in a fast-paced and dynamic work environment.

We're looking for passionate, self-motivated, and creative team players who want to work hard and be rewarded. If this sounds like you, we'd like to hear from you. If you have any inquiries, please contact

WHAT CAN MEEZA OFFER YOU?

• MEEZA is committed to providing thought leadership that will enable our employees to be involved in bringing global firsts to the market.
• MEEZA is one of the fastest growing technology companies in the Middle East which means an exciting and rewarding work environment for our employees.
• MEEZA is playing a key role in the transformation of Qatar into a knowledge-based society which means our employees can make a real impact.
• MEEZA is committed to developing our team; we provide opportunities to develop your skills, further your career and achieve your goals.
• MEEZA is not just about hard work; the company remains true to its entrepreneurial roots and has a young and passionate team that is just as devoted to having fun as they are to delivering service excellence.
• MEEZA offers market-leading benefits packages.

IMPORTANT STEPS TO FOLLOW:

• Kindly submit your applications only against those positions where your skills and expertise match our requirements.
• Applications that are submitted without a Job Title (Position) in the subject cannot be processed.

The primary responsibilities of the Security Infrastructure Engineer:

Data Ingestion and Normalization

• Pipeline Management: Architect and maintain the ingestion of telemetry from multi-cloud (GCP, AWS, Azure) and on-premises environments using Bind Plane Forwarders, Cloud-to-Cloud (C2C) connectors, and Webhooks.
• Parser Development: Design, build, and troubleshoot custom parsers (CBN) to ensure non-standard log sources are correctly normalized into the Unified Data Model (UDM).
• Data Health Monitoring: Build dashboards to monitor ingestion rates, latency, and data drops to ensure the SIEM is always receiving high-quality, actionable data.

SOAR & Automation Engineering

• Playbook Development: Design and code automated incident response playbooks in Google SOAR using Python and visual builders.
• Connector Engineering: Build and maintain API integrations between Google SOAR and third-party tools (Firewalls, EDR, IAM, Ticketing systems).
• Workflow Optimization: Automate repetitive manual tasks such as artifact enrichment, evidence gathering, and initial containment actions.
• Case Management Configuration: Tailoring the SOAR environment to fit the SOC's operational needs, including custom fields, stages, and SLA tracking.

Platform Administration and Optimization

• System Health Monitoring: Monitoring the ingestion health to ensure no data is dropped and that latency stays within acceptable limits.
• Access Control: Managing Role-Based Access Control (RBAC) to ensure analysts have the correct level of access to sensitive data.
• Threat Intel Ingestion: Managing the integration of Mandiant, Virus Total, and other third-party threat intelligence feeds to ensure detections are always up to date with the latest global threats.

Collaboration with SOC Team

• Feedback Loops: Collaborating with Tier 1 and Tier 2 analysts to tune YARA-L rules based on real-world alert performance and "noise" levels.
• Requirements Gathering: Interviewing incident responders to understand their manual workflows, then translating those into Google SOAR playbooks.
• Training & Enablement: Conducting knowledge transfer sessions on how to use UDM Search and the Google SecOps interface to speed up investigations.

Alignment with Infrastructure Team

• Data Ingestion Strategy: Working with GCP/AWS/Azure Architects to ensure that Cloud Logging and Pub/Sub are configured correctly for seamless export to Google SecOps platform.
• Agent Deployment: Coordinating with IT Infrastructure teams to deploy and maintain Bind Plane Forwarders on on-premises servers and virtual machines.
• Troubleshooting: Collaborating with Network Engineers to resolve connectivity issues or firewall blocks that prevent telemetry from reaching the Google SecOps platform.

Academic & Professional Qualifications:

• Bachelor's degree in computer science, IT, Cybersecurity, or equivalent.
• SIEM Certification (e.g., Google SecOps, Splunk, Azure Sentinel).

Preferred:

• Security certifications such as Security+, CySA+, CEH, CISSP, GCIH

Experience:

• 3–5 years of hands-on experience in Security Engineering, SOC Automation, DevOps Engineer, Security Operations, or Infrastructure Security.

Skills and Requirements:

Technical Skills (Must Have)

• SIEM/SOAR Mastery: Proven experience architecting and managing enterprise-grade platforms (e.g., Splunk, Azure Sentinel, or QRadar), with at least 1–2 years specifically focused on Google SecOps (Chronicle).
• Coding & Scripting: Professional experience using Python to automate security workflows or build custom API connectors.
• Cloud Infrastructure: Hands-on experience managing security within Google Cloud Platform (GCP), including VPC service controls, IAM, and Cloud Logging.
• Languages: Python (Advanced), SQL (BigQuery), YARA/YARA-L, and Bash.
• Frameworks: MITRE ATT&CK, NIST Cybersecurity Framework.
• Tools: Git (Version Control), Terraform (Infrastructure as Code), Docker/Kubernetes (Containerization).
• Data Standards: Deep knowledge of JSON, Protobuf, and Regex for log parsing and normalization.

Soft Skills

• Strong analytical thinking and problem-solving capability.
• Excellent communication skills, able to explain technical findings to non-technical stakeholders.
• Ability to work independently, manage multiple priorities, and meet deadlines.
• Attention to detail and a structured, documentation-driven mindset.