Summary
To lead and strengthen our telecom operator’s security posture. The ideal candidate will have deep, hands-on expertise across the entire security stack, combining practical operational skills with theoretical frameworks and industry best practices. This role requires strong technical proficiency, leadership, and the ability to design, implement, and manage advanced security solutions in a fast-paced telecom environment.
Key Responsibilities
- Define and enforce the organization’s information security policies, standards, and frameworks (ISO 27001, NIST, CIS, ITU-T).
- Conduct risk assessments, gap analyses, and threat modelling specific to telecom infrastructure.
- Lead incident detection, response, and recovery for telecom networks.
- Manage SOC/NOC integration, SIEM platforms, IDS/IPS, firewalls, and endpoint security. Conduct penetration testing, red-teaming, and vulnerability assessments.
- Oversee fraud management and revenue assurance security aspects.
- Secure telecom-specific technologies (SS7, Diameter, SIP, IMS, VoLTE, 5G/4G networks, MPLS, IoT/M2M).
- Ensure protecting subscriber privacy.
- Harden BSS/OSS, mediation, billing, and customer platforms.
- Secure hybrid cloud (OpenStack, VMware, Kubernetes, AWS/Azure).
- Protect customer data (CDRs, subscriber records, financial transactions) using encryption, tokenization, and DLP.
- Ensure security by design in API, mobile apps, and enterprise applications.
- Mentor junior engineers, promote security awareness, collaborate with IT, network, legal, and compliance teams, and engage with regulators and auditors.
Competencies
- Advanced knowledge of telecom protocols (SS7, SIP, Diameter, GTP, SCTP).
- Strong experience with firewalls, IDS/IPS, SIEM, EDR, DLP, WAF, IAM. Expertise in PKI, TLS, IPsec, VPNs, and zero-trust.
- Proficiency in scripting (Python, Bash, PowerShell).
- Deep understanding of cryptography, secure architecture, and cyber threat intelligence.
- Familiarity with telecom fraud scenarios (SIM box, bypass, signalling fraud).
- Knowledge of regulatory frameworks.
- Strong analytical skills, excellent communication, and leadership capabilities.
- CISSP, CISM, ISO 27001 Lead Implementer.
- CEH, OSCP, GPEN, GCIH, GCIA certificates is prefered.
- CCSP, Microsoft SC-100, AWS/Azure Security Specialty.
- 5G Security (ENISA/GSMA) or equivalent.
- Proven track record of hands-on security implementations and leading security teams.
- Experience responding to APTs, telecom fraud, and large-scale incidents.
Language
- English (required)
- Kurdish (preferred)
- Arabic (preferred)
Number of Positions
1
Experience
7-10 years of work experience in relevant field.
Education
Bachelor or Master in Computer Science, Information Security, Telecommunications, or related field
Location
Erbil
