Security Operations Officer Starlink WLL

1. Data Security Architecture & Implementation

• Security Architecture: Design and implement data security controls including DLP, encryption, and data protection mechanisms across structured and unstructured environments.

• Control Enforcement: Ensure consistent enforcement of data classification, encryption, and access controls across databases, endpoints, and cloud platforms.

• Compliance Enablement: Translate PDPPL and national data classification requirements (C0–C4) into enforceable technical controls.

1. Data Privacy Engineering

• Privacy Controls Implementation: Embed privacy controls (masking, tokenization, anonymization) into applications and data platforms.

• DPIA Execution: Conduct Data Protection Impact Assessments (DPIAs) with a focus on identifying and mitigating technical risks.

• Data Visibility: Implement data discovery, classification, and lineage tooling to track sensitive data flows.

• Data Residency Controls: Enforce data residency and sovereignty requirements across cloud platforms (Azure/GCP).

1. AI Data Security

• AI Security Controls: Implement safeguards for Generative AI and LLM usage, including access control, logging, and data leakage prevention.

• Data Sanitization: Apply masking and anonymization techniques to datasets used in AI/ML pipelines.

• Third-Party Risk (Technical): Perform technical security validation of AI vendors, focusing on data handling and model training exposure risks.

1. IT/OT Data Protection Integration

• Secure Data Transfer: Implement encryption and data filtering controls for data flows between OT and IT/cloud environments.

• Segmentation Controls: Enforce security controls at Industrial DMZ and integration points (e.g., firewalls, proxies, encryption gateways).

• Monitoring & Risk Detection: Support detection of data exposure risks from industrial systems through logging and monitoring solutions.

________________________________________

1. Data Protection Operations & Cryptography

• Encryption & Key Management: Operate and manage encryption solutions including HSMs and Cloud KMS (BYOK/HYOK).

• Security Tools Operation: Deploy, tune, and operate DLP, Database Activity Monitoring (DAM), and data classification tools (e.g., Microsoft Purview / Azure Information Protection).

• Monitoring & Response: Support incident detection and response related to data leakage, misuse, or unauthorized access.

OR

Key Responsibilities

Security Assurance & Risk Management

• Lead security assessments, architecture reviews, vulnerability management, and assurance activities.

• Establish and operate a structured Security Assurance Framework covering control validation, coverage tracking, and continuous assurance.

• Manage the full security lifecycle from risk identification through remediation and validation.

• Translate technical findings into business-level risk statements and remediation plans.

Application, Cloud & Infrastructure Security

• Perform in-depth security assessments of web applications, APIs, mobile applications, cloud platforms, containers, and infrastructure.

• Identify advanced security risks such as business logic flaws, authentication weaknesses, privilege abuse, and modern attack techniques.

• Validate secure architectures, configuration baselines, and cloud-native security controls.

• Support secure SDLC and DevSecOps practices, including security testing and release controls.

Configuration Baselines & Continuous Hardening (New)

• Define and maintain secure configuration baselines across the enterprise technology stack (OS, databases, network devices, cloud services, identity platforms, and security tools).

• Align baselines with industry standards (e.g., CIS Benchmarks) and organizational risk requirements.

• Implement automated configuration compliance checks and continuous monitoring mechanisms.

• Conduct periodic reviews and validation of configurations to detect drift, misconfigurations, and unauthorized changes.

• Work with engineering and operations teams to enforce hardening standards and remediate deviations.

Architecture, Threat Modeling & Secure Design

• Lead security architecture and design reviews across applications, platforms, and integrations.

• Conduct threat modeling to identify attack paths, risks, and mitigation strategies.

• Ensure alignment with enterprise security architecture and Zero Trust principles.

Third-Party, Data Protection & Resilience

• Conduct security assessments of vendors, SaaS providers, and external integrations.

• Validate data protection, encryption, and privacy controls for sensitive and regulated data.

• Support cyber resilience activities, including OT/ICS security reviews, red team exercises, and incident response simulations.

Governance, Compliance & Reporting

• Ensure continuous alignment with regulatory and framework requirements (ISO 27001, NIST CSF, Qatar NIA, QCSF).

• Support internal and external audits with defensible, evidence-based controls.

• Define and report on security metrics, KPIs, and executive dashboards.

________________________________________