Senior Cloud Security Engineer
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Requirements
- Years of experience: 5-7+ years in Cybersecurity, with at least 3+ years of deeply hands-on experience exclusively securing Google Cloud (GCP) environments.
- Domain exposure: Native GCP security stack (IAM, Cloud Armor, VPC Service Controls, SCC), SaaS architecture, web application vulnerabilities, DevSecOps pipelines, and Infrastructure as Code (Terraform).
- Leadership/ownership: Proven track record of technically influencing and guiding senior software architects, and owning the end-to-end security posture of cloud-native, multi-tenant applications.
- Skills and Competencies
- Technical:
- GCP Security Stack (Cloud Armor, IAM, VPC Service Controls, Secret Manager, SCC) - Must-have
- AppSec & Web Vulnerabilities (OWASP Top 10, API Security, WAF configuration) - Must-have
- Infrastructure as Code (Terraform for security controls) - Must-have
- DevSecOps integration (SAST/DAST within CI/CD pipelines) - Must-have
- Scripting/Automation (Python, Go, or Bash) - Nice-to-haveNice-to-have
- Behavioural: Attacker & Builder Mindset (think like a hacker, build like an engineer), Technical Influence (ability to argue technically and gain respect without being a blocker), Pragmatism, and Ownership.
- Tools/Systems: GCP Console/CLI, Terraform, Modern CI/CD systems (GitHub Actions, GitLab CI, etc.), Cloud-native security scanning tools.
- Why Us
- Career growth: You will be the guiding light for cloud security at East-West Digital / Iberdrola Innovation ME, shaping the security foundation of new SaaS products from the ground up. We provide continuous learning platforms and sponsor relevant certifications.
- Culture: We have an engineering-first mindset where security is an enabler, not a roadblock. We value undeniable technical arguments over compliance checklists. You will work in an international, highly skilled environment at the QSTP
- Rewards: Competitive tax-free salary in Qatar, comprehensive health benefits, relocation assistance, and modern workplace perks, among others.
- Mobility Information
- Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country.
- Job Posting End Date:
- julio-31-2026
Benefits
Additional Information
Department: Digital Platforms Reports To: Chief Technology Officer (CTO) Location: Doha Position Description At East-West Digital / Iberdrola Innovation Middle East, we are scaling our cloud platform and need a highly capable Senior Cloud Security Engineer . You will not act as a theoretical compliance auditor, but rather as a hands-on technical authority with cybersecurity in your DNA . By working shoulder-to-shoulder with engineering teams in a true DevSecOps approach, you will ensure our SaaS products on Google Cloud are secure by design, resilient against attacks, and built with robust, automated defenses from conception to deployment. Primary mission : Secure the design, deployment, and operation of our SaaS products on Google Cloud through hands-on implementation and technical leadership. Key stakeholders : Software Architects, Cloud Engineers, Development Teams, and Product Managers. Employment type : Full-time Jobs To Be Done Technical Leadership & Architecture: Act as the primary technical authority for cloud security. Partner with software architects to perform Threat Modeling on new SaaS products and embed "Security by Design" principles. Hands-on GCP Implementation: Design, configure, and maintain the native Google Cloud security stack (Cloud Armor, conditional IAM, VPC Service Controls, Secret Manager, Security Command Center). SaaS & AppSec: Define and implement robust protections for our SaaS applications, focusing on API security, WAF configurations, DDoS mitigation, and secure multi-tenant isolation. DevSecOps Integration: Guide and implement security automations and controls within our CI/CD pipelines (SAST, DAST, container/artifact scanning). Validation & Incident Response: Conduct continuous internal security assessments of our infrastructure and deployed applications, identify vulnerabilities, provide pragmatic remediation strategies, and act as a key responder during security events. Education Requirements Minimum: Bachelor's degree in Computer Science, Engineering, Cybersecurity, or equivalent deep, verifiable hands-on engineering experience. Preferred: Master's degree in Cybersecurity. Licences/Accreditations: Google Cloud Professional Cloud Security Engineer (highly preferred). Other respected technical certifications (e.g., CISSP, CCSP, OSWE) are a plus.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at iberdrola? Share your experience