Information Security Engineer

• Define and continuously improve security processes, procedures, and incident response playbooks
• Optimize security event and log collection based on risk and detection relevance
• Oversee and improve incident response workflows through post-incident analysis and lessons learned
• Collaborate with L1-L2 security team members to expand detection coverage and develop new use cases
• Participate in major security incident investigations, providing technical analysis and remediation guidance
• Standardize automation and orchestration across SIEM, SOAR, EDR and related tools
• Ensure alignment of security operations with security policies and frameworks (ISO 27001, NIST, MITRE ATT&CK)
• Review security architecture for cloud and on-prem environments and recommend improvements
• Lead investigation and response for high and critical severity incidents
• Track remediation actions and ensure closure of identified security gaps

• 5+ years of experience in Information Security as an L2/L3 SOC Analyst/Engineer with strong focus on Incident Response
• Strong understanding of the incident lifecycle, detection engineering, and response escalation
• Hands-on experience with SIEM/SOAR platforms (e.g., Splunk, Sentinel, Chronicle, QRadar, Wazuh)
• Experience conducting security investigations and root cause analysis, as well as documenting those
• Understanding of common log sources (network, endpoint, identity, application)
• Experience developing detection rules and playbooks (Sigma, KQL, YAML, etc.)
• Knowledge of ISO 27001 standards, MITRE ATT&CK and threat intelligence practices
• Basic scripting or automation skills (Python or Bash)
• Strong documentation, communication, and cross-team collaboration skills

• Knowledge of cloud security monitoring (GCP, AWS, Azure) is a plus

• Long-term service agreement contract with QIC with 3 months probation period
• We are diverse — our digital nomads work remotely from 25+ different countries
• Payment in US dollars monthly to your bank account using SWIFT
• Full-time remote, work schedule: 5 days per week, Sunday to Thursday, GMT +3 timezone
• Vacation policy: Qatar Holiday Calendar, 20 vacation days, 10 sick offs
• Performance reviews are conducted twice a year, with the possibility of a raise
• Potential opportunity to apply for a Qatar ID and relocation to Doha, Qatar

• We promote cross-functional teamwork
• We foster open and respectful communication
• We hire only highly effective A-talents
• We embrace standardization to improve efficiency, Kaizen

• Long-term service agreement contract with QIC with 3 months probation period
• We are diverse — our digital nomads work remotely from 25+ different countries
• Full-time remote, work schedule: 5 days per week, Sunday to Thursday, GMT +3 timezone
• Vacation policy: Qatar Holiday Calendar, 20 vacation days, 10 sick offs, bonus days for years of service
• Performance reviews are conducted twice a year, with the possibility of a raise
• Potential opportunity to apply for a Qatar ID and relocation to Doha, Qatar

• After six months working with us – RemoteHealth Premium Insurance
• Language classes in English, Arabic, or any second language of your choice
• Corporate 70% discount on Yasno mental health services
• Comprehensive professional development support with a $600 annual budget covering courses, conferences, training, and essential tools, plus internal workshops
• Tax policy consultation with a dedicated manager
• QIC Running Club membership on Strava with personal coaching
• Salary paid in USD, EUR, or AED (your choice)
• Flexible working hours and fully remote position

HeadHunter