Cybersecurity Operations

Join to apply for the Cybersecurity Operations role at Iberdrola
.

Department: Digital Platforms
Reports To: Chief Technology Officer (CTO)
Location: Doha

East-West Digital (EWD) is seeking a highly skilled Cybersecurity Operations expert to define, implement, and continuously strengthen the company’s cloud security strategy across Google Cloud, AWS, and Azure. This role serves as the central reference point for all matters related to cloud privacy, data protection, defensive security, and secure solution design. Working side‑by‑side with architecture, development, and product teams, the Cybersecurity Operations expert ensures that all cloud‑based products are designed and delivered following a rigorous Privacy & Security by Design approach.

The position includes responsibilities across threat modelling, internal security assessments, incident response, automation of controls, and continuous posture management. This is a senior, high‑impact role within EWD’s cloud platform domain.

• Define and govern EWD’s cloud security framework
• Establish best practices for cloud security and privacy across all EWD products
• Maintain and enhance the organization’s cloud security posture
• Develop policies, automated controls, and preventive guardrails across cloud environments
• Guide architecture and development teams: ensure Security by Design principles are applied throughout the full product lifecycle, provide expert guidance, architectural reviews, and periodic internal audits, contribute to secure architecture patterns, design decisions, and implementation strategies
• Perform continuous security evaluation: identify, analyze, and remediate vulnerabilities across projects, conduct advanced threat modelling and risk assessments, perform internal ethical hacking when needed to validate security controls
• Lead detection and incident response operations: design and implement logging, monitoring, and alerting strategies, detect threats using native cloud security services, lead incident response, recovery, and post‑incident forensics
• Ensure governance, compliance, and architectural robustness: ensure compliance with internal standards, regulatory requirements, and cloud benchmarks, conduct architectural reviews to identify gaps and optimize cost–security–complexity trade‑offs, support centralized management of GCP projects, AWS accounts, and Azure subscriptions

Education

• Bachelor’s degree in Computer Science, Engineering, or a related field
• Master’s degree is a plus

• More than 5 years of experience in cloud security, cloud engineering, or related roles
• Extensive hands‑on experience with Google Cloud and AWS;
  Azure experience is a plus
• Proven track record implementing Dev Sec Ops , security automation, CI/CD pipelines, and incident response
• Previous experience in the energy or utilities sector is advantageous

• Strong understanding of data classification, privacy, and protection mechanisms
• Expertise in encryption (in transit and at rest), key management, and secret protection
• Understanding of secure internet protocols and security operations
• Ability to balance cost, security, and deployment complexity
• Deep knowledge of the Cloud Shared Responsibility Model

• Experience designing and implementing authentication and authorization for cloud resources
• Advanced familiarity with: (MUST) Google Cloud: IAM, IAM Conditions, Cloud Identity, Access Context Manager
• (NICE TO HAVE) AWS:
  Identity Center, Directory Service, IAM Roles, Permission Sets, Control Tower
• (NICE TO HAVE) Azure:
  Entra , Conditional Access, PIM, RBAC

• Proficiency with tools such as SCC, Chronicle, Cloud Logging & Monitoring, Guard Duty, Security Hub, Inspector, Sentinel, Azure Monitor (at least one of them)
• Ability to design logging architectures, dashboarding, alerts, and anomaly detection
• Strong incident response and threat‑mitigation skills

• Experience with edge and application protection (e.g. Cloud Armor, IAP, AWS WAF, AWS Network Firewall, Azure Front Door, etc.)
• Understanding of…