6 Incident Response jobs in the United Arab Emirates

Help AG is looking for a talented and experienced Incident Response and Forensic Investigation Specialist (U.A.E National) who will be responsible for off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents. He / She will join our Cyber Defence team within our Managed Security Services (MSS) business unit. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

• Lead incident response engagements in unknown environments until all threats are remediated.

• Develop custom incident response plans tied to specific environments and customer situations.

• Examinate and analyse logs/data from a broad variety of security technologies, such as Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources.

• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.

• Reverse engineer malicious software and develop signatures and indicators of compromise.

• Actively develop incident response tools, scripts, and various detection content.

• Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.

• Articulate and execute common Incident Response methods (e.g. SANS).

• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.

• Work on-site as required with clients during Live Security Incidents.

• Maintain a high degree of awareness of the current threat landscape.

• Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.

• Create and present customer reports to ensure quality, accuracy and value to the client.

• Educate and train other Analysts in execution of Incident Response processes and forensic analysis techniques.

• Perform other essential duties as assigned.

• A Degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.

• 7+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.

• At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.

• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.

• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).

• Should have at least one of the below ACTIVE certifications as a mandatory requirement:

CREST Certified Registered Intrusion Analyst (CRIA)
GIAC Cloud Forensics Responder (GCFR)
GIAC Certified Forensic Analyst (GCFA)

CREST Certified Host Intrusion Analyst (CC-HIA)
CREST Certified Network Intrusion Analyst (CC-NIA)

CREST Certified Incident Manager (CC-IM)

CREST Certified Threat Intelligence Manager (CC-TIM)
GIAC Reverse Engineering Malware (GREM)

• CISSP, GCIA, GCIH, GCFE, OSCP certification would be preferable.

• Deep TCP/IP knowledge, networking and security product experience.

• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.

• Rapid development in scripting languages: Python/PowerShell /Bash.

• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.

• Demonstrable experience in accountability for and applying the methods of Incident Response, including adherence to process and direct engagement with stakeholders.

• Demonstrable experience in analysing and interpreting system, security and application logs.

• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.

• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.

• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.

• Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.

• Health insurance with one of the leading global providers for medical insurance.

• Career progression and growth through challenging projects and work.

• Employee engagement and wellness campaigns activities throughout the year.

• Excellent learning and development opportunities.

• Inclusive and diverse working environment.

• Flexible/Hybrid working environment.

• Open door policy.

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security services and solutions that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in Feb 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and cybersecurity focused. With best-of-breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

Help AG is looking for a talented and enthusiastic Security Analyst who will have a strong knowledge and interest in network security. The Security Analyst will be responsible for monitoring multiple security technologies and events using the Security Information Event Management (SIEM) tool in order to detect and identify IT security related incidents.

This role requires:

• 2-4 years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, or firewall administration.
• 2-4 years of experience in one of the following: Network operations or engineering or system administration on Unix, Linux, Windows.

Responsibilities

• Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of critical information security incidents.
• Correlate and analyze events using the Splunk/Log Rhythm/Qradar SIEM tool to detect IT security incidents.
• Conduct analysis of log files, including forensic analysis of system resource access.
• Review customer reports to ensure quality and accuracy.
• Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Respond in a timely manner (within documented SLA) to support, threat, and other cases.
• Document actions in cases to effectively communicate information internally and to customers.
• Resolve problems independently and understand escalation procedures.
• Maintain a high degree of awareness of the current threat landscape.
• Participate in knowledge sharing with other analysts and writing technical articles for Internal Knowledge Bases.
• Perform other essential duties as assigned.
• Able to work in rotating shifts within a 24/7 operating environment.

Qualifications & Skills

• A Degree in Computer Science, Information Systems, Electrical Engineering, or a closely related degree.
• An active interest in internet security, incident detection, network and systems security.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience of analyzing and interpreting system, security, and application logs.
• Knowledge of the type of events that both Firewalls, IDS/IPS, and other security-related devices produce.
• Experience in using SIEM tools such as Splunk, Log Rhythm, Qradar, Alien Vault, NitroSecurity, etc.
• TCP/IP knowledge, networking, and security product experience.
• Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc., and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CCNA, CISSP, GCA, GCIA, GCIH, CEH certification would be preferable.
• Outstanding organizational skills.
• Exclusive focus and vast experience in IT.
• Strong analytical and problem-solving skills.
• A motivated, self-managed individual who can demonstrate above-average analytical skills and work professionally with peers and customers even under pressure.
• Very good communication skills.
• Strong written and verbal skills.
• Strong interpersonal skills with the ability to collaborate well with others.
• Ability to speak and write in English is required; Arabic is preferred.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Excellent learning and development opportunities.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Annual flight tickets to home country.
• Open door policy.

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity. With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams, and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

At GAC Group IT, our dedication to providing top‑notch solutions to 6000+ users worldwide relies on the dependability of our IT systems, all while upholding our ISO 27001 certification. As we grow the GAC Group IT Team, we are actively seeking an IT Security Analyst to bring his/her technological proficiency to enhance our security protocols.

The Group IT team is dedicated to constructing, configuring, maintaining, and enhancing applications throughout their life cycle while safeguarding them against cyber threats.

• Implement and maintain security solutions for our network, infrastructure and applications hosted in On‑prem Data Center and Azure Cloud.
• Closely work with Software development & DevSecOps teams to resolve issues.
• Guide GAC branch offices to improve their IT security posture.
• Monitor and respond to security incidents and perform root cause analysis.
• Research and stay updated on the latest security trends and best practices.

• A bachelor’s degree in computer science / information security.
• A minimum of 2 years of experience as an IT Security Analyst or a similar role.
• A proficiency in implementing & managing security tools such as CSPM, VAPT, VMDR, EDR.
• Excellent teamwork, problem‑solving, analytical and communication skills.
• Holding relevant certifications such as Azure Security (AZ‑500), CCSP, etc. will be advantageous.

Company: Al Rostamani Group of Companies LLC

Every employee at Al Rostamani Group plays a role in making a real difference to the business and our customers. We care for our employees by offering them meaningful and purposeful work and an opportunity to grow, learn, contribute and succeed. Today, the Al Rostamani Group has come a long way since its birth in 1957. Our group has grown steadfastly with the guiding principles of Commitment, Care & Vision, alongside a strong sense of active involvement in the community. We are a well-diversified group, with a key presence in industries such as General Trading, Automobiles and Heavy Equipment, Travel, Foreign Exchange, Financial Services, Property Management, Construction, Infrastructure Development and Information Technology Services. Our Group employs approximately 2000 people from 41 different nationalities, which contributes to our multicultural and multi-national environment.

The Identity & Access Management (IAM) Security Analyst is responsible for protecting the organisation’s digital assets by managing identities, access controls, and authentication systems. This role ensures that only authorised users can access sensitive data, enforce the principle of least privilege, and support compliance with security policies and regulations. Working closely with IT Security & Governance, Group Information Technology, and other departments, the Analyst helps implement security measures, monitor for threats, and respond to incidents.
Beyond daily operations, the Analyst develops security protocols, works closely with business units to conduct access reviews and security assessments, and recommends improvements to strengthen the organisation’s cybersecurity posture. The role also involves cross‑functional collaboration, providing actionable insights to senior leadership, and promoting a culture of security awareness across the enterprise.

Technical Responsibilities

• Access Management and Review: Lead and manage the IAM lifecycle, including provisioning, modification, deprovisioning, and access reviews across all systems and applications.
• Security Monitoring and Incident Response: Monitor IAM and SIEM logs and alerts to identify and respond to suspicious activity, unauthorised access, and security incidents.
• Technical Due Diligence: Evaluate new applications for IAM compatibility, focusing on authentication, access controls, scalability, and security compliance.
• Vulnerability Assessment and Penetration Testing: Conduct comprehensive VA/PT across IT infrastructure, including servers, web applications, APIs, and mobile applications.
• Security Configuration Management: Oversee and optimise IAM solutions across cloud platforms, ensuring seamless system integrations and secure access through technical controls such as firewalls, WAF, NAC, and PAM.
• Security Technology Research: Actively research, evaluate, and drive next‑generation security technologies and solutions to meet organisational requirements.

Business Responsibilities

• Audit Coordination and Remediation: Support the coordination of internal and external audits, track security audit findings, and report remediation efforts.
• Policy and Governance: Enforce and support the development of IAM policies, procedures, and best practices, and remediate violations in coordination with IT Operations and Application teams.
• Security Training and Awareness: Assist in developing and delivering security training programs and awareness campaigns for employees.
• Compliance Monitoring: Monitor adherence to IT and security governance frameworks and recommend improvements.
• Vendor Liaison: Liaise with vendors for POCs and demos of new IT security requirements.

Qualifications

• Bachelor's degree or higher in a relevant field.
• Security certifications such as Certified Ethical Hacker (CEH) or CompTIA Security+ are preferred.

Experience

• Proven experience (typically 3+ years) in information security.

Knowledge and Skills

• Strong knowledge of cloud security, cybersecurity frameworks, standards, and best practices.
• Strong understanding of IT governance frameworks, regulatory requirements, and industry standards.
• Excellent communication and interpersonal skills.
• Demonstrated ability to influence and collaborate with cross‑functional teams.
• In‑depth understanding of risk management, compliance, and governance principles.

Experience in managing data protection mechanisms, preferably on cloud platforms like Microsoft Purview.

• Knowledge of the Microsoft Defender Suite and the Identity and Access Management suite.
• Understanding security solutions such as NAC, PAM, EDR, DLP, SIEM, SOAR, and NDR.
• Knowledge of security configurations in cloud platforms, e.g., AWS, Azure, and Microsoft 365.

At Al Rostamani Group, we seek talented people who work hard to achieve great things. We consider not only your skills and experience, but also your passion for the role, your desire to learn and how well you align with our core values of care, commitment and vision. If this position represents an opportunity you wish to pursue, we invite you to apply.

Login for faster access to the best deals. Click here if you don't have an account.

Interview Questions for Information Security Analyst roles often focus on key areas like risk management, network security, incident response, and vulnerability assessment. Candidates may be asked about common security tools, threat detection techniques, encryption methods, and how they would handle real-world security incidents. Preparing for these questions helps build confidence and demonstrates the technical knowledge and problem-solving skills required for a successful career in information security.