ALEC Engineering and Contracting L.LC. (ALEC), part of the Investment Corporation of Dubai (ICD), is a large construction company with related businesses operating in the GCC with a presence in Africa. ALEC has consistently evolved and grown over the last 20 years to become a trusted partner for the execution of complex and iconic construction projects. The company builds and provides construction solutions to exceed our clients’ expectations for quality, safety, functionality, and aesthetics.
ALEC has extensive experience in complex projects across diverse sectors including airports, retail, hotels & resorts, high-rise buildings, themed projects as well as construction management, design management, estimating, cost planning and procurement.
ALEC also possesses a Design and Build capability, which enables us to provide integrated construction solutions to our clients.
ALEC offers its clients a complete turnkey solution with construction, MEP, fit-out, energy efficiency solutions and solar opportunities, facilities management capabilities, heavy equipment rental as well as technology systems.
We are currently seeking a highly motivated and experienced IT Security Architect for our team in UAE.
Job Overview:
We are seeking an experienced Security Architect to join our growing security team and help design, implement, and manage security solutions for our hybrid environment, leveraging multiple cloud providers. The ideal candidate will possess a deep understanding of security best practices, cloud security frameworks, and an ability to bridge on-premises and cloud environments effectively. As a Security Architect, you will work closely with cross-functional teams to ensure that our infrastructure and applications are secure, scalable, and compliant.
Responsibilities:
- Threat Modeling & Risk Assessment: Perform detailed threat modeling and risk assessments to identify vulnerabilities, potential attack vectors, and security gaps in both existing and new architectures. Prioritize risk mitigation efforts based on severity and business impact.
- Security Monitoring & Auditing: Oversee the implementation of security monitoring, logging, and alerting systems to detect, analyze, and respond to suspicious activity in real-time. Create use case for monitoring and hunting.
- Compliance & Standards: Ensure that security designs align with industry standards (NIST, ISO 27001, CIS, etc.) and compliance requirements. Conduct gap analysis and provide recommendations to close compliance gaps.
- Vulnerability Management: Recommend and implement security automation tools for vulnerability management and roll out a vulnerability management program.
- Secure Configuration: Recommend best practices for secure configuration of network devices, firewalls and endpoint devices.
- Incident Response & Threat Intelligence: Collaborate with security operations teams to design incident response procedures for on-premise and cloud-based systems. Utilize threat intelligence to identify and respond to emerging threats within hybrid cloud environments.
- Cloud Security Strategy: Develop and enforce cloud security policies, controls, and best practices, ensuring the security of applications, data, and systems across multiple cloud environments.
- Documentation & Reporting: Create and maintain security documentation, including security architecture diagrams, threat models, and security policies for the hybrid and multi-cloud environments. Provide regular reports on security posture to leadership.
- Continuous Improvement: Stay up to date with the latest security trends, emerging technologies, and threat landscapes. Continuously improve the organization’s security posture by adopting new methodologies, tools, and practices.
Requirement:
- Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience).
- 5+ years of experience in information security, with at least 3 years focusing on cloud security architecture in hybrid and multi-cloud environments.
- Strong technical skills in vulnerability management and configuration review and management
- Deep understanding of attack chains and frameworks like MITRE
- Deep knowledge of cloud platforms (AWS, Azure, Oracle OCI).
- Experience with security frameworks (NIST, CIS, ISO 27001) and compliance standards (e.g., SOC 2, PCI-DSS, GDPR).
- Working knowledge of threat modeling and risk assessment
