26 Information Security jobs in Kuwait

Role Summary:

We are seeking a highly experienced and results-driven Senior Information Security Analyst to serve as our central Governance, Risk, and Compliance (GRC) resource. This is a pivotal role responsible for the overall design, maintenance, and enhancement of the organization's security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant international and local standards, with a specific focus on leading our audit readiness and certification efforts.

Compliance and GRC Management

• Establish, maintain, and enhance the organization's Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks
• Ensure the organization's compliance with all relevant local, regional, and international regulations and standards, ISO 27001, ISO 22301)
• Act as the primary auditee and point of contact for all internal and external information security audits
• Proactively identify, assess, and manage information security and business continuity risks to protect the organization's information assets
• Drive a culture of security and resilience across the organization

Security Controls & Technical Oversight

• Conduct security assessments and audits of various IT platforms, including cloud infrastructure, on‑premise servers (Windows, Linux), databases, and network devices.
• Utilize or interpret reports from vulnerability scanners and penetration testing tools to identify and prioritize security weaknesses
• Evaluate and enforce robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA)
• Review and ensure the security of cloud deployments (IaaS, PaaS, SaaS), including security groups, IAM policies, and logging
• Apply strong knowledge of secure configuration baselines and hardening standards (CIS Benchmarks) for operating systems, web servers, and network equipment

Role Summary:

We are seeking a highly experienced and results-drivenSenior Information Security Analystto serve as our centralGovernance, Risk, and Compliance (GRC) resource. This is a pivotal role responsible for the overall design, maintenance, and enhancement of the organization's security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant international and local standards, with a specific focus on leading our audit readiness and certification efforts.

• Establish, maintain, and enhance the organization's Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks
• Ensure the organization's compliance with all relevant local, regional, and international regulations and standards
• Act as the primary auditee and point of contact for all internal and external information security audits
• Proactively identify, assess, and manage information security and business continuity risks to protect the organization's information assets
• Drive a culture of security and resilience across the organization

• Conduct security assessments and audits of various IT platforms, including cloud infrastructure, on-premise servers (Windows, Linux), databases, and network devices.
• Utilize or interpret reports from vulnerability scanners and penetration testing tools to identify and prioritize security weaknesses
• Evaluate and enforce robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA)
• Review and ensure the security of cloud deployments (IaaS, PaaS, SaaS), including security groups, IAM policies, and logging
• Apply strong knowledge of secure configuration baselines and hardening standards for operating systems, web servers, and network equipment

• Education: Candidate must possess at least a Bachelor of Science or Bachelor of Computer Application
• Experience: A minimum of 5 - 10 years of experience in a similar environment
• Domain: Experience in Government Sector or Private Sector with Enterprise data Center Security Compliance
• Certifications: Essential certifications include ISO 27001, ISO 22301, CISSP, and CISA
• Language: Must be fluent in English, with Arabic as an added advantage.

• Security Frameworks & Standards: Profound knowledge of ISO 27001, NIST, and CIS
• Security Controls: A solid understanding of network security (Firewalls, IDS/IPS), Endpoint Security (EDR), IAM principles, and Cryptography
• Tools: Practical experience with Vulnerability and Risk Assessment Tools, and familiarity with SIEM platforms
• Software Proficiency: Experience with GRC Platforms, and documentation tools (Microsoft Office Suite, SharePoint, Jira, Confluence)

• Teamwork and Collaboration
• Quality and Results focused
• Learning Agility
• Business Acumen
• Decision Making
• Digital Savvy
• Agility and Adaptability
• Negotiation and influence
• Planning and Organizing

Role Summary

We are seeking a highly experienced and results-driven Senior Information Security Analyst to serve as our central Governance, Risk, and Compliance (GRC) resource. This is a pivotal role responsible for the overall design, maintenance, and enhancement of the organization's security and resilience frameworks. The core purpose of this position is to ensure continuous compliance with all relevant international and local standards, with a specific focus on leading our audit readiness and certification efforts.

Compliance and GRC Management

• Establish, maintain, and enhance the organization's Information Security Management System (ISMS) and Business Continuity & Supply Chain Management (BCSM) frameworks
• Ensure the organization's compliance with all relevant local, regional, and international regulations and standards, ISO 27001, ISO 22301
• Act as the primary auditee and point of contact for all internal and external information security audits
• Proactively identify, assess, and manage information security and business continuity risks to protect the organization's information assets
• Drive a culture of security and resilience across the organization

Security Controls & Technical Oversight

• Conduct security assessments and audits of various IT platforms, including cloud infrastructure, on-premise servers (Windows, Linux), databases, and network devices.
• Utilize or interpret reports from vulnerability scanners and penetration testing tools to identify and prioritize security weaknesses
• Evaluate and enforce robust Identity and Access Management (IAM) controls, including role-based access control (RBAC) and multi-factor authentication (MFA)
• Review and ensure the security of cloud deployments (IaaS, PaaS, SaaS), including security groups, IAM policies, and logging
• Apply strong knowledge of secure configuration baselines and hardening standards (CIS Benchmarks) for operating systems, web servers, and network equipment

• Education: Bachelor of Science or Bachelor of Computer Applications
• Experience: A minimum of 5 - 10 years of experience in a similar environment
• Domain: Experience in Government Sector or Private Sector with Enterprise data Center Security Compliance
• Certifications: Essential certifications include ISO 27001, ISO 22301, CISSP, and CISA
• Language: Must be fluent in English, with Arabic as an added advantage.

Technical:

• Security Frameworks & Standards: Profound knowledge of ISO 27001, NIST, and CIS
• Security Controls: A solid understanding of network security (Firewalls, IDS/IPS), Endpoint Security (EDR), IAM principles, and Cryptography
• Tools: Practical experience with Vulnerability and Risk Assessment Tools and familiarity with SIEM platforms
• Software Proficiency: Experience with GRC Platforms and documentation tools (Microsoft Office Suite, SharePoint, Jira, Confluence)

Behavioral:

• Teamwork and Collaboration
• Quality and Results focused
• Learning Agility
• Business Acumen
• Decision Making
• Digital Savvy
• Agility and Adaptability
• Negotiation and influence
• Planning and Organizing

All Jobs > CAC/PKI Local Registration Authority (LRA) Information Security Specialist – Intermediate

Location: Kuwait

Position Type: Full-time

As a CAC/PKI Local Registration Authority (LRA) Information Security Specialist, you will support the Army Network Enterprise Technology Command (NETCOM) on the DoDIN-A Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. You will be part of the CAC/PKI Registration Authority (LRA) operations team, responsible for token issuance, maintenance, and revocation for the Army.

• Provide 24/7 On-Call and Emergency Response
• Respond to emergencies within two hours of notification
• Maintain an asset inventory of PKI equipment at all sites
• Support DoD Compliance Audits
• Address audit findings per DoD PKI policies
• Develop and maintain training packages
• Test PKI system software and token compatibility
• Verify subscriber identities and pre-register users
• Validate certificate requirements and handle revocations
• Support token issuance, renewal, and delivery of reports
• Complete requests for PIN resets, revocations, key recoveries, and token requests within specified timelines
• Submit activity and token reports monthly
• Prepare reports for NSA and HQDA
• Hold a Secret Security Clearance with Tier 5 background investigation
• Have 3+ years of experience in PKI and related fields
• Have never been relieved of trusted duties or had security clearance revoked
• Have never been convicted of a felony
• Complete RA/LRA training provided by DISA

• DoD Cyber Workforce Framework (DCWF 631) Security Developer Intermediate qualification or equivalent

• Sitting and standing for long periods
• Mobility within an office environment
• Stoop, kneel, crouch, crawl as needed
• Travel less than 10%

QBE is an equal opportunity employer. All qualified applicants will receive consideration regardless of race, color, religion, sex, national origin, sexual orientation, gender identity/expression, age, disability, veteran status, genetic information, pregnancy, marital status, neurodivergence, ethnicity, caste, or military service.

All Jobs > CAC/PKI Local Registration Authority (LRA) Information Security Specialist – Senior

CAC/PKI Local Registration Authority (LRA) Information Security Specialist – Senior
Kuwait

Full-time

Description

As a CAC/PKI Local Registration Authority (LRA) Information Security Specialist, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. As a member of the CAC/PKI Registration Authority (LRA) operations team, you will provide token issuance, sustainment, maintenance, and revocation to the Army customer.

Requirements

Highlights of Responsibilities:

• Provide 24/7 On-Call and Emergency Response
• Respond to emergency calls and arrive at the designated work site within two (2) hours after receiving the emergency call from the COR
• Provide leadership, supervision, and mentorship to the RA/LRA team, ensuring all responsibilities are executed in compliance with DoD PKI CPS and RPS requirements
• Provide RA support to the LRA personnel in creation of NIPRNET and SIPRNET PKI tokens
• Provide RA interface with the Trusted Agent (TA) for token request and distribution
• Maintain an asset inventory list of all PKI daily operations equipment by location at all RA/LRA sites
• Provide support for annual and semi-annual DoD Compliance Audits
• Support the Army CIO/G6 Cyber Security Directorate and the NETCOM G3/5 in addressing audit findings to include mitigation and correction of findings in accordance with DoD PKI CPS and RPS
• Develop and maintain On-the-Job Training packages
• Support test events of the global management PKI system software and token versions to assess backwards compatibility and interoperability
• Verify Subscriber’s identity
• Pre-register users with PKI
• Validate NPE certificate requirements and forward revocation requests
• Support issuance and renewal of SIPRNET tokens and/or NIPRNET Alternate Smart Card Logon
• Support production of and delivery of an Issuance Report detailing number of tokens issued, revoked, renewed, and any issues encountered
• Conduct duties as assigned through NSS/PKI RPS and DoD/PKI RA/LRA CPS
• Complete General Officer/Senior Executive Service requests within 12 hours of receipt
• Complete request for PIN reset, unlock code, revocation and re-issuance of a failed token CRI within 24 hours
• Complete request for key recoveries within 48 hours
• Complete new ASCL and NSS SIPRNET token request within 72 hours
• Submit a monthly RA Activity Report
• Submit a monthly Token Report of all tokens on hand to include returned and bad tokens
• Provide the weekly RA Backlog Report of any activities that fall outside the response timelines identified in the sections titled Response Time
• Prepare a monthly NSA Failed Token Report for HQDA to submit to NSA Program Manager Office

Qualifications

• Secret Security Clearance with a completed Tier 5 (T5) background investigation
• 5+ years of experience
• Advanced operational expertise in Smart Tokens, PKI, Certificate Revocation, CAC Pin Reset, PKE, biometrics, logical and physical access, tactical PKI, and directory services
• Have never been previously relieved of trusted role duties for reasons of negligence or nonperformance of duties
• Have never been denied or had a security clearance revoked
• Have never been convicted of a felony offense
• Must complete RA/LRA training provided by DISA prior to receiving RA or LRA credentials

Preferred Qualifications:

• DoD Cyber Workforce Framework (DCWF 631) Information Systems Security Developer Intermediate qualified (BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or CSC or GCLD or CASP+ or CCSP or Cloud+ or GSEC) or equivalent certification

Physical Requirements:

• Sitting for long periods
• Standing for long periods
• Ambulate throughout an office
• Stoop, kneel, crouch, or crawl as required
• Travel by land or air transportation 10% or less

QBE is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender, gender-identity and/or expression, age, disability, Veteran status, genetic information, pregnancy (including childbirth, lactation, or other related medical conditions), marital-status, neurodivergence, ethnicity, ancestry, caste, military/uniformed service-member status, or any other characteristic protected by applicable federal, state, local, or international law.

• Assist in the design, implementation, and maintenance of security systems, including firewalls, intrusion detection and prevention systems, and other security technologies.
• Monitor security systems and respond to security alerts and incidents.
• Assist in the development and implementation of security policies and procedures.
• Assist in the maintenance of security documentation, including system configurations, policies, and procedures.
• Participate in security incident response activities.
• Stay up to date with industry trends and advancements in security technology.
• Perform any other tasks or responsibilities assigned by the manager as needed, to adapt to business requirements and organizational changes.
  
  

• Bachelor’s degree in computer science, Information Security, or a related field.
• 2-4 years of experience in security engineering or a related role, preferably in the Telecommunication, Technology or ICT industry.
  
  

Join to apply for the Senior Information Security Auditor role at Boubyan Consulting Company

Join to apply for the Senior Information Security Auditor role at Boubyan Consulting Company

• Conducting IT and security audits: Lead and perform comprehensive IT security audits to evaluate the effectiveness of an organization's information security controls and measures. This involves assessing security policies, procedures, systems, and practices.
• Risk assessment: Identify and analyze potential security risks and vulnerabilities within an organization's information systems. Develop risk mitigation strategies, recommend remediation plans, and implement necessary controls to minimize risks.
• Compliance monitoring: Ensure that the organization complies with relevant security regulations, standards, and best practices such as ISO 27001, NIST, GDPR, etc. Keep track of regulatory changes and update security policies and procedures accordingly.
• Security incident response: Develop and implement incident response plans to address and resolve security breaches, incidents, or violations. Conduct forensic investigations, collect evidence, and provide reports on the findings.
• Security awareness and training: Develop and deliver security awareness programs and training sessions to educate employees about information security policies, procedures, and best practices. Promote a culture of security awareness and help create a cybersecurity-conscious workforce.
• Security controls evaluation: Evaluate the implementation and effectiveness of security controls such as access controls, encryption mechanisms, firewall configurations, intrusion detection systems, and other security technologies. Identify gaps or weaknesses and recommend improvements.
• Security documentation and reporting: Prepare detailed audit reports, documenting findings, recommendations, and remediation plans. Maintain accurate audit records and ensure compliance with documentation standards.
• Continuous improvement: Stay updated with the latest trends, technologies, and practices in information security. Continuously improve auditing methodologies, tools, and frameworks to enhance the effectiveness and efficiency of the audit process.
• Team leadership and collaboration: Provide guidance, support, and mentorship to junior auditors.
• Communication and stakeholder management: Effectively communicate audit findings, risks, and recommendations to results.
  
  

• Conducting IT and security audits: Lead and perform comprehensive IT security audits to evaluate the effectiveness of an organization's information security controls and measures. This involves assessing security policies, procedures, systems, and practices.
• Risk assessment: Identify and analyze potential security risks and vulnerabilities within an organization's information systems. Develop risk mitigation strategies, recommend remediation plans, and implement necessary controls to minimize risks.
• Compliance monitoring: Ensure that the organization complies with relevant security regulations, standards, and best practices such as ISO 27001, NIST, GDPR, etc. Keep track of regulatory changes and update security policies and procedures accordingly.
• Security incident response: Develop and implement incident response plans to address and resolve security breaches, incidents, or violations. Conduct forensic investigations, collect evidence, and provide reports on the findings.
• Security awareness and training: Develop and deliver security awareness programs and training sessions to educate employees about information security policies, procedures, and best practices. Promote a culture of security awareness and help create a cybersecurity-conscious workforce.
• Security controls evaluation: Evaluate the implementation and effectiveness of security controls such as access controls, encryption mechanisms, firewall configurations, intrusion detection systems, and other security technologies. Identify gaps or weaknesses and recommend improvements.
• Security documentation and reporting: Prepare detailed audit reports, documenting findings, recommendations, and remediation plans. Maintain accurate audit records and ensure compliance with documentation standards.
• Continuous improvement: Stay updated with the latest trends, technologies, and practices in information security. Continuously improve auditing methodologies, tools, and frameworks to enhance the effectiveness and efficiency of the audit process.
• Team leadership and collaboration: Provide guidance, support, and mentorship to junior auditors.
• Communication and stakeholder management: Effectively communicate audit findings, risks, and recommendations to results.
  
  

• Relevant University Degree in Information Security or Information Technology.
• Professional Qualifications in Information Security.
• Minimum 5 Years of Experience in IT audit or Information Security Audit.
• Have a Valid Transferrable Visa in Kuwait.
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Business Consulting and Services

Referrals increase your chances of interviewing at Boubyan Consulting Company by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Network Security Engineer - Senior / Intermediate role at DTS Solution - A Beyon Cyber Company .

Get AI-powered advice on this job and more exclusive features.

• Please ONLY apply if you are based in Kuwait, Bahrain, or UAE with a valid driving license.
• Resume MUST be specific to IT network security experience and NOT Cisco routing & switching.
• Please mention “FGTPANSEC” in the subject line for resume acceptance.
• Position based in UAE and Kuwait but may require travel to GCC countries for short-term projects.

The role involves managing the complete post-sales project lifecycle for network and security solutions, including design, audit, implementation, deployment, and review. The ideal candidate will have 5+ years of experience.

Our clients include Government, Enterprise, Telecom Providers, Oil & Gas sectors. As part of DTS, you will engage, learn, and collaborate on various solutions.

• Design and plan solutions to meet business and project needs.
• Participate in design exercises impacting projects.
• Work directly with customers to understand requirements.
• Lead presentations to clients confidently.
• Assist SOC teams with fault diagnosis procedures.
• Prepare HLD, LLD, and migration documentation.
• Perform compliance checks and audit configurations of firewalls, routers, and switches.
• Analyze and troubleshoot security hardware and software.
• Work after hours as needed.
• Collaborate with team members.
• Maintain technical documentation.
• Develop network metrics and performance baselines.

• Expertise in Cisco ASA, ForcePoint, and WAF technology.
• Experience with IPSec, SSL VPN, Sandboxing, Proxy, NAT, syslog, DNS, NAC, and cloud platforms (AWS/Azure).
• Knowledge of Data Center topology, routing, switching, MPLS, Load-balancer, and SDN.
• Languages: Primary English; Urdu/Hindi and Arabic preferred.

• Valid certifications in Fortinet and Palo Alto Networks solutions.

Send your CV to .

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: IT
• Industry: Network Security

Referrals can double your chances of interview success. Set job alerts for "Senior Network Security Engineer" roles.

Overview

Cloud Security Architect, Cloud and Infrastructure, Mandiant (Arabic, English) role at Google. This description consolidates the Cloud Security Architect responsibilities and qualifications for Google.

• Identify solution issue trends, and collaborate internally to proactively mitigate future risks.
• Develop improved solution delivery methods and contribute to solution innovation initiatives.
• Collaborate with stakeholders to define solutions and address escalations effectively.
• Advise on technical best practices, optimize stakeholder processes, and build relationships.

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, related technical field, or equivalent practical experience.
• 5 years of experience delivering cyber outcomes, identifying mission risks, and devising solutions to combat public sector focused threats.
• 4 years of experience assessing and developing cybersecurity solutions across multiple security domains.
• Ability to communicate in Arabic and English fluently as this is a customer-facing role that requires interactions in Arabic and English with local stakeholders.
• Ability to travel up to 50% of the time as required.

• Experience with enterprise networking and network segmentation strategies, Agile program and project management, SCRUM methodology, DevSecOps, GRC practices, NIST Cybersecurity Framework.
• Experience with enterprise security controls in on-premises and cloud infrastructures, Zero Trust Architecture, Secure Enterprise Platforms Architecture, Identity providers such as Google Cloud Platform, Active Directory, Salesforce, Business-to-Business/Business-to-Consumer identities and collaboration platforms.
• Experience with Privileged Access Management best practices.
• Experience with Unix endpoint hardening and security control enforcement.

As a Security Consultant, you will be responsible for helping clients effectively prepare for, proactively mitigate, and detect and respond to cyber security threats. Security Consultants have an understanding of computer science, operating system functionality and networking, cloud services, corporate network environments and how to apply this knowledge to cyber security threats. You could work on engagements including assisting clients in navigating technically complex and high-profile incidents, performing forensic analysis, threat hunting, and malware triage. You may also test client networks, applications and devices by emulating the latest techniques to help them defend against threats, and will be the technical advocate for information security requirements and provide an in-depth understanding of the information security domain. You will also articulate and present complex concepts to business stakeholders, executive leadership, and technical contributors and successfully lead complex engagements alongside cross functional teams. Mandiant Security Transformation Services helps organizations build an effective security operations program that minimizes organizational risk and reduces the impact of security breaches, with focus on on-premises and cloud architecture, from initial assessment to detailed practical technical recommendations to harden environments, enhance visibility and detection, and improve processes to reduce the risk of compromise.

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Our cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our combination of frontline experience responding to breaches, nation-state level threat intelligence, machine intelligence, and security validation helps us understand today's threats.

Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See Google's EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form.

Note : Seniority level, Employment type, Job function, and Industries sections are included for completeness where applicable.