57 Incident Response jobs in the United Arab Emirates

Job Summary:

We are seeking a seasoned Security Incident Response Manager to join our team. This key role will oversee the development and implementation of incident management policies and procedures, ensuring seamless communication with stakeholders.

Key Responsibilities:

• Develop strategic direction for the incident management process, providing oversight and guidance to team members.
• Lead coordination efforts for major security incidents, managing investigation, analysis, containment, recovery, communication, and reporting.
• Mentor junior team members in incident response best practices and conduct post-incident reviews to identify lessons learned and implement improvements.
• Stay up-to-date with industry standards and regulations, applying knowledge to enhance security measures.
• Maintain effective communication channels with stakeholders, fostering trust and transparency.

Requirements:

• 12+ years in information security with 6-8+ years in Security Incident Response experience.
• Familiarity with advanced SOC monitoring technologies, risk, threat, and security measures.
• Strong understanding of standards and regulations such as NIST 800-61, CERT/CC, PCI, ISO 27035, etc.

About Us:

This position offers a unique opportunity to contribute to the growth and success of our organization while advancing your career in security incident response.

Binance is a leading global blockchain ecosystem behind the world's largest cryptocurrency exchange by trading volume and registered users. We are trusted by over 280 million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world.

We're looking for a security engineer with hands-on experience in Data Loss Prevention (DLP) and incident response, ideally within fintech, crypto, or high-security environments. The role goes beyond using commercial tools you'll also design and build custom solutions, leverage automation, and adapt to emerging threats, including those driven by recent LLM/AI advancements.

• Design, deploy, and optimize DLP solutions across network, endpoint, and cloud.
• Build and refine data classification schemes for sensitive assets (wallets, trading algorithms, customer PII).
• Configure DLP policies to prevent data exfiltration while minimizing false positives.

• Monitor, analyze, and tune alerts and incidents for continuous improvement.

• Lead investigations of DLP incidents and insider threats,

• Conduct threat hunting and forensic analysis of data exfiltration attempts.

• Integrate DLP monitoring into broader SOC workflows and incident response playbooks.

• Build custom DLP tools and integrations (e.g., macOS Swift endpoint protection, Unix socket monitoring).

• Develop automation scripts, APIs, regexes and integrations to enhance detection and response.

• Explore AI/LLM-driven methods for anomaly detection and response efficiency.

• Ensure controls align with crypto and financial regulations (AML, KYC, GDPR, CCPA).

• Support audits and regulatory reviews related to data protection.
• Assess and mitigate data loss risks across trading platforms, onboarding systems, and blockchain infrastructure.

• 4+ years in a SOC or security operations role with incident response focus.
• Proven experience with DLP design, deployment, and monitoring.
• Strong programming skills (macOS Swift, Unix socket programming, scripting).
• Hands-on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data classification methods.

• 4+ years in a SOC or security operations role with incident response focus.
• Proven experience with DLP design, deployment, and monitoring.
• Strong programming skills (macOS Swift, Unix socket programming, scripting).
• Hands-on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data classification methods.

Why Binance

• Shape the future with the world's leading blockchain ecosystem
• Collaborate with world-class talent in a user-centric global organization with a flat structure
• Tackle unique, fast-paced projects with autonomy in an innovative environment
• Thrive in a results-driven workplace with opportunities for career growth and continuous learning
• Competitive salary and company benefits
• Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team)

Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success.

By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice .

Incident preparedness is a proactive approach to managing and responding to unexpected events.

The Principal Consultant will lead and produce deliverables based on engagements that focus on proactive incident preparedness services. They will work with multiple customers and key stakeholders to manage and deliver engagements related to proactive incident preparedness.

• Lead proactive incident preparedness projects, including tabletop exercises, incident response plans, and response maturity assessments.
• Review crisis management, incident response, business continuity, and disaster recovery plans.
• Plan and deliver tabletop exercises, writing post-exercise reports for detailed analysis and recommendations.
• Manage and contribute to incident preparedness and cyber security engagements from initial scoping through delivery.

In this role, you will have the opportunity to work closely with our esteemed clients.

Job Overview:

1. Incident Response Process Ownership: Detect, validate, contain, and communicate security events and incidents such as malware infections, potential compromise, DDoS , etc. Ensure appropriate tuning, correlation of critical logs, connection to incident response process, and reporting of relevant metrics.
2. Security Incident and Event Management (SIEM) Strategy: Drive strategy for SIEM and oversee effectiveness of technology and process. Involve creation and maintenance of security operation playbooks with IT teams to effectively trigger and execute security incident response process.
3. Logging and Monitoring Across Infrastructure & Applications: Manage current state of logging and monitoring, maintain vision of ideal state of logging and monitoring, and drive prioritized roadmap to reduce gaps.
4. Internal / External Engagements: Act as SPOC for all escalated client communications and handle day-to-day operations of the Security Operations Centre reporting to SOC Manager.

Key Responsibilities:

logging, event management, steps validation, metrics, infrastructure strategy, security communication management

What We Offer:

We offer a dynamic and challenging work environment that fosters growth and development.

We are seeking a highly skilled Incident Response Specialist to join our team. The ideal candidate will be responsible for rapidly addressing security incidents and threats, strategizing, and leading incident engagements with staff at all levels.

On the ground, you will monitor threats targeting our company and help prevent attacks from occurring or escalating. This is an excellent opportunity to leverage your expertise in cybersecurity to drive business outcomes.

• Perform end-to-end handling of all critical, high, and medium cybersecurity incidents
• Draft incident reports and communicate incident summaries to senior leadership, end users, and legal teams
• Write playbooks for different types of cybersecurity incidents and use automation to reduce MTTR
• Automate repetitive incident-response tasks using automation platforms and/or programming
• Optimize existing security controls to fine-tune alerts and reduce false positives
• Gather open source and commercial threat intelligence and perform hunting across the enterprise for undetected threats
• Support legal and regulatory teams as a technical SME for cyber incidents with regulatory requirements
• Evaluate new technologies and drive POCs for new security products

Note: You will be expected to leverage coding skills to develop and automate solutions that enhance detection and response capabilities.

• 5+ years in Cyber Security, specifically Incident Response, with 24/7 SOC experience
• Strong understanding of NIST, CSF, MITRE, and other cybersecurity frameworks
• Programming or scripting skills (e.g., Python, C++) for automating incident-response tasks and developing custom tools
• Ability to write and tune detection rules across security platforms
• Hands-on experience dealing with major security incidents
• Automation proficiency using automation platforms or programming
• Malware analysis and digital forensics experience is a plus
• Relevant certifications (e.g., CISSP, ECSA, GISP, GCIH, GCFE, GCFA) are a plus
• Excellent multitasking ability with adaptability and teamwork
• Strong English communication skills (oral and written)

• Hybrid working model
• WFH setup allowance
• 30 days remote working from anywhere globally each year
• Employee discounts for accommodations worldwide
• Global team of 90+ nationalities, 40+ offices across 25+ countries
• CSR/Volunteer time off, Benevity donation subscription, volunteering opportunities
• Free Headspace, Odilo & Udemy subscriptions
• Employee Assistance Program and enhanced parental leave
• Life, total and accidental insurance

At our company, we are an equal opportunity employer and value diversity. Employment is based on merit and qualifications, without regard to sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other legally protected characteristics.

In this role, you will have the opportunity to work closely with one of our esteemed clients. This client is a global leader known for its commitment to quality and innovation. They have chosen Dautom as their trusted partner for their upcoming projects.

Job Description:

1. Incident Response Process: Owns the critical process steps detection, validation, containment, and communication for security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
2. Security Incident and Event Management (SIEM): Drives our strategy for SIEM and oversees the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
3. Security Operations Playbooks: Create, maintain, and promote a set of security operation playbooks with Agilents IT teams to effectively trigger and execute the security incident response process.
4. Logging and Monitoring Across Infrastructure & Applications: Manages the current state of logging and monitoring, maintains a vision of ideal state of logging and monitoring, and drives a prioritized roadmap to reduce the gaps.
5. Internal / External Engagements: Act as a SPOC for all escalated client communications and handle the day-to-day operations of the Security Operations Centre reporting to the SOC Manager.

Logging, Event Management, Steps Validation, Metrics, Infrastructure Strategy, Security Communication Management

The Cyber Defense Center is seeking a seasoned information security expert to lead its incident response team. This key role involves coordinating with various stakeholders, managing incident response processes, and ensuring timely and effective handling of security incidents.

Key responsibilities include:

• Coordinating incident response efforts across multiple teams
• Managing incident response processes and procedures
• Investigating and analyzing security incidents
• Containing and recovering from security breaches
• Communicating incident response efforts to stakeholders
• Reporting on incident response activities

The ideal candidate will possess strong leadership skills, excellent communication abilities, and a deep understanding of information security principles.

We are seeking a seasoned Incident Preparedness Lead to join our team. As an Incident Preparedness Lead, you will be responsible for leading proactive incident preparedness projects, including tabletop exercises, incident response plans, and response maturity assessments.

• You will lead complicated engagements from initial scoping to delivery, interfacing with clients to ensure successful project outcomes.
• You will review crisis management, incident response, business continuity, and disaster recovery plans, as well as other relevant documents.
• You will plan and deliver tabletop exercises, writing post-exercise reports that provide detailed analysis and recommendations.

This is a key leadership position in our team, requiring a strong background in incident preparedness and incident response consulting. If you have a passion for cybersecurity and excellent leadership skills, we encourage you to apply.

• 8 years of experience in incident preparedness and/or incident response consulting required.
• Experience leading and delivering complex engagements, including scoping and interfacing with clients.
• Incident response consulting experience is necessary, while incident preparedness experience is essential.
• Bachelor's degree in information security, computer science, cybersecurity, or a related field/equivalent experience or equivalent military experience is required.

Our team at Palo Alto Networks' security advisory team focuses on creating a more secure digital world by providing high-quality incident response, risk management, and digital forensic services to clients of all sizes.

Help AG is looking for a talented and experienced Incident Response and Forensic Investigation Specialist who will be responsible for off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents. He / She will join our Cyber Defence team within our Managed Security Services (MSS) business unit. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

Responsibilities:

• Lead incident response engagements in unknown environments until all threats are remediated.
• Develop custom incident response plans tied to specific environments and customer situations.
• Examinate and analyse logs/data from a broad variety of security technologies, such as Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources.
• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.
• Reverse engineer malicious software and develop signatures and indicators of compromise.
• Actively develop incident response tools, scripts, and various detection content.
• Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.
• Articulate and execute common Incident Response methods (e.g. SANS).
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Work on-site as required with clients during Live Security Incidents.
• Maintain a high degree of awareness of the current threat landscape.
• Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.
• Create and present customer reports to ensure quality, accuracy and value to the client.
• Educate and train other Analysts in execution of Incident Response processes and forensic analysis techniques.
• Perform other essential duties as assigned.

Qualifications & Skills:

• A Degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.
• 7+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.
• At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.
• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.
• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).
• CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable.
• Deep TCP/IP knowledge, networking and security product experience.
• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.
• Rapid development in scripting languages: Python/PowerShell /Bash.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience in accountability for and applying the methods of Incident Response, including adherence to process and direct engagement with stakeholders.
• Demonstrable experience in analysing and interpreting system, security and application logs.
• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.
• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.
• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.
• Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.

Benefits:

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Excellent learning and development opportunities.
• Annual flight tickets.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Open door policy.

About Us:
Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security services and solutions that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in Feb 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and cybersecurity focused. With best-of-breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.