Information Security Analyst

Location: UAE (on-site as required) + remote (hybrid)
Engagement: Contract / fixed-term (project-based)


About the role

Insight is delivering a sovereign private cloud programme for a major UAE financial-sector organisation, acting as the prime implementation and integration partner alongside leading OEMs (including Red Hat as design authority). We are seeking a Security Analyst to support secure delivery across design validation, build, integration, testing, and transition/hypercare.

You will work within Insight’s programme governance to help ensure security controls are implemented as designed, security integration points are validated end-to-end (IAM, logging/SIEM, segmentation, encryption/key management), and that security risks/issues and evidence are managed effectively through delivery.

Key responsibilities

• Translate customer security requirements and policies into actionable control checks for delivery workstreams.
• Contribute to design validation by reviewing HLD/LLD artefacts, identifying gaps/risks/dependencies, and tracking actions (design authority remains with OEMs as defined in scope).
• Validate IAM integrations (e.g., AD/LDAP federation, RBAC, privileged access controls) for OpenStack, OpenShift and the Cloud Management Platform.
• Validate network security and segmentation controls, including firewall zoning and permitted traffic flows across tenants and platform networks.
• Coordinate and validate logging/telemetry integration with SOC/SIEM and NOC tooling, including onboarding coverage and time synchronisation dependencies.
• Support security hardening aligned to vendor best practice and customer policy (secure protocols, certificates, secrets handling, least privilege).
• Support vulnerability management during implementation/hypercare: prerequisites, tracking, validation of remediation within scope, and closure evidence.
• Contribute to test planning and execute/oversee security-related test cases during SIT/FAT (access controls, audit logging, encryption checks, segmentation tests).
• Maintain security RAID items and provide regular reporting into programme governance.
• Produce/curate security artefacts for handover (control evidence, monitoring requirements, runbook inputs).
• Support incident triage during hypercare for security-related events, coordinating with OEMs and customer teams.

Essential experience & skills

• 3–7+ years in security operations, security engineering, or security assurance in infrastructure and/or private cloud environments.
• Strong understanding of cloud security controls: IAM, segmentation, encryption, secrets/certificates, logging/monitoring, vulnerability management.
• Familiarity with SIEM onboarding and SOC integration practices (sources, forwarding, parsers, time sync).
• Working knowledge of Linux hardening and secure configuration baselines (SELinux desirable).
• Knowledge of Kubernetes/container security (OpenShift preferred): RBAC, ingress exposure, audit logging.
• Experience supporting security testing and evidence collection in governed delivery programmes.
• Clear documentation skills and ability to communicate risks and requirements to technical/non-technical stakeholders.

Desirable

• OpenStack security concepts (tenants/projects, security groups, API exposure).
• Certifications such as Security+, SSCP, CISSP (or equivalent); CCSP desirable.
• Vendor/platform certifications (e.g., Red Hat/OpenShift, Fortinet, SIEM tooling).

Compliance / access

This role requires adherence to customer security policies and access controls, and may be subject to UAE regulatory/identification requirements for personnel with system access.