13 Incident Response jobs in the United Arab Emirates

As a member of the ETMSA team at Crypto.com , you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

• Report to Director to facilitate all phases in the incident response lifecycle
• Be involved in various incident prevention projects to improve Security posture
• Preparation:
• Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.
• Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly
• Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements
• Evaluate the incident response readiness of different layers - people, process, technology
• Detection & Analysis:
• Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.
• Respond to cyber security incidents in compliance with the local authority / regulatory requirements.
• Assess the risk, impact and scope of the identified security threats
• Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs
• Containment, Eradication and Recovery:
• Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident
• Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
• Document and present investigative findings for high profile events and other incidents of interest.
• Post incident activities:
• Provide lessons learnt meeting to the stakeholders
• Lead and keep track on the follow-up activities
• Document the incident in the case management system and provide incident reports
• Always ready to jump in, in the event of security incidents.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes.
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc.
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus.

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

As a member of the ETMSA team at Crypto.com, you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

• Report to Director to facilitate all phases in the incident response lifecycle
• Be involved in various incident prevention projects to improve Security posture
• Preparation:
• Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.
• Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly
• Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements
• Evaluate the incident response readiness of different layers - people, process, technology
• Detection & Analysis:
• Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.
• Respond to cyber security incidents in compliance with the local authority / regulatory requirements.
• Assess the risk, impact and scope of the identified security threats
• Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs
• Containment, Eradication and Recovery:
• Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident
• Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
• Document and present investigative findings for high profile events and other incidents of interest.
• Post incident activities:
• Provide lessons learnt meeting to the stakeholders
• Lead and keep track on the follow-up activities
• Document the incident in the case management system and provide incident reports
• Always ready to jump in, in the event of security incidents.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

Full Time | Dubai

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
• Work as a consultant for many Incident Retainer Program
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
• Strong understanding on threat hunting methodologies.
• Strong experience in post-compromise assessment.
• Ability to perform detailed forensics investigations;
  • Network traffic capture and analysis
  • DNS traffic analysis
  • Network detection and response
  • Process Injection and Malicious Process Analysis
  • DLL hijacking
  • Privilege Escalation
  • Kernel Hook Detection
  • Security Outliers
• Knowledge on DFIR tools – Autospy, Encase, Access Data, FTK+, IDA etc.
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
• Provide resolution plans for system and network issues.
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
• Ability to write Incident Response Reports in accordance to international standards.

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
• Expert knowledge on threat hunting tools – commercial and open source
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.

• GCIA, GCIH, or CISSP Certifications
• SANS Certified Forensic Examiner (GCFE)
• Industry Certification on Digital Forensics Tool

Full Time | Dubai

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
• Work as a consultant for many Incident Retainer Program
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
• Strong understanding on threat hunting methodologies.
• Strong experience in post-compromise assessment.
• Ability to perform detailed forensics investigations;
  • Network traffic capture and analysis
  • DNS traffic analysis
  • Network detection and response
  • Process Injection and Malicious Process Analysis
  • DLL hijacking
  • Privilege Escalation
  • Kernel Hook Detection
  • Security Outliers
• Knowledge on DFIR tools – Autospy, Encase, Access Data, FTK+, IDA etc.
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
• Provide resolution plans for system and network issues.
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
• Ability to write Incident Response Reports in accordance to international standards.

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
• Expert knowledge on threat hunting tools – commercial and open source
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.

• GCIA, GCIH, or CISSP Certifications
• SANS Certified Forensic Examiner (GCFE)
• Industry Certification on Digital Forensics Tool

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
  
• Work as a consultant for many Incident Retainer Program
  
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
  
• Strong understanding on threat hunting methodologies.
  
• Strong experience in post-compromise assessment.
  
• Ability to perform detailed forensics investigations;
  
• Knowledge on DFIR tools Autospy, Encase, Access Data, FTK+, IDA etc.
  
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
  
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
  
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
  
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
  
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
  
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
  
• Provide resolution plans for system and network issues.
  
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
  
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
  
• Ability to write Incident Response Reports in accordance to international standards.
  

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
  
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
  
• Expert knowledge on threat hunting tools commercial and open source
  
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.
  

• GCIA, GCIH, or CISSP Certifications
  
• SANS Certified Forensic Examiner (GCFE)
  
• Industry Certification on Digital Forensics Tool
  

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
  
• Work as a consultant for many Incident Retainer Program
  
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
  
• Strong understanding on threat hunting methodologies.
  
• Strong experience in post-compromise assessment.
  
• Ability to perform detailed forensics investigations;
  
• Knowledge on DFIR tools Autospy, Encase, Access Data, FTK+, IDA etc.
  
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
  
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
  
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
  
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
  
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
  
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
  
• Provide resolution plans for system and network issues.
  
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
  
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
  
• Ability to write Incident Response Reports in accordance to international standards.
  

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
  
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
  
• Expert knowledge on threat hunting tools commercial and open source
  
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.
  

• GCIA, GCIH, or CISSP Certifications
  
• SANS Certified Forensic Examiner (GCFE)
  
• Industry Certification on Digital Forensics Tool
  

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

Help AG is looking for a talented and enthusiastic Security Analyst who will have a strong knowledge and interest in network security. The Security Analyst will be responsible for monitoring multiple security technologies and events using the Security Information Event Management (SIEM) tool in order to detect and identify IT security related incidents.

This role requires:

• 2-4 years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, or firewall administration.
• 2-4 years of experience in one of the following: Network operations or engineering or system administration on Unix, Linux, Windows.

Responsibilities

• Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of critical information security incidents.
• Correlate and analyze events using the Splunk/Log Rhythm/Qradar SIEM tool to detect IT security incidents.
• Conduct analysis of log files, including forensic analysis of system resource access.
• Review customer reports to ensure quality and accuracy.
• Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Respond in a timely manner (within documented SLA) to support, threat, and other cases.
• Document actions in cases to effectively communicate information internally and to customers.
• Resolve problems independently and understand escalation procedures.
• Maintain a high degree of awareness of the current threat landscape.
• Participate in knowledge sharing with other analysts and writing technical articles for Internal Knowledge Bases.
• Perform other essential duties as assigned.
• Able to work in rotating shifts within a 24/7 operating environment.

Qualifications & Skills

• A Degree in Computer Science, Information Systems, Electrical Engineering, or a closely related degree.
• An active interest in internet security, incident detection, network and systems security.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience of analyzing and interpreting system, security, and application logs.
• Knowledge of the type of events that both Firewalls, IDS/IPS, and other security-related devices produce.
• Experience in using SIEM tools such as Splunk, Log Rhythm, Qradar, Alien Vault, NitroSecurity, etc.
• TCP/IP knowledge, networking, and security product experience.
• Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc., and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CCNA, CISSP, GCA, GCIA, GCIH, CEH certification would be preferable.
• Outstanding organizational skills.
• Exclusive focus and vast experience in IT.
• Strong analytical and problem-solving skills.
• A motivated, self-managed individual who can demonstrate above-average analytical skills and work professionally with peers and customers even under pressure.
• Very good communication skills.
• Strong written and verbal skills.
• Strong interpersonal skills with the ability to collaborate well with others.
• Ability to speak and write in English is required; Arabic is preferred.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Excellent learning and development opportunities.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Annual flight tickets to home country.
• Open door policy.

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity. With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams, and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

About Cyberr:

At Cyberr, we specialize in connecting top cybersecurity talent with leading organizations across various industries. Our mission is to ensure our clients’ digital landscapes are secure by providing them with expert professionals who are passionate about cybersecurity. We are currently hiring skilled Cybersecurity Analysts on behalf of multiple clients who are looking to strengthen their security teams and protect their valuable digital assets.

Job Summary:

As a Cybersecurity Analyst working with one of Cyberr’s esteemed clients, you will be instrumental in safeguarding critical information and IT systems from cyber threats. You will be responsible for monitoring, detecting, and responding to security incidents, conducting vulnerability assessments, and working closely with other teams to implement robust security measures. This is a unique opportunity to apply your cybersecurity expertise in a dynamic environment with the support of a leading recruitment agency.

Key Responsibilities:

• Continuously monitor security alerts and events from various tools such as SIEM systems, firewalls, IDS/IPS, and endpoint protection software.
• Perform detailed analyses of security incidents, identify the root causes, and recommend remediation actions.
• Conduct regular vulnerability assessments and risk evaluations to detect potential security threats.
• Collaborate with IT teams to enhance security protocols, ensuring alignment with industry standards and best practices.
• Assist in developing and enforcing security policies, procedures, and guidelines.
• Stay informed about the latest cybersecurity threats, trends, and best practices.
• Prepare detailed security reports for management, highlighting findings, risks, and recommended actions.
• Participate in audits and compliance checks to ensure adherence to security frameworks such as NIST, ISO 27001, or CIS Controls.

Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• 2-4 years of experience in cybersecurity or a related field.
• Strong knowledge of cybersecurity principles, threat management, vulnerability management, and incident response.
• Hands-on experience with security tools such as SIEMs, firewalls, IDS/IPS, and endpoint protection platforms.
• Familiarity with security frameworks and standards like NIST, ISO 27001, or CIS Controls.
• Excellent analytical and problem-solving skills.
• Strong communication skills, capable of explaining complex security issues to non-technical stakeholders.
• Relevant certifications (e.g., CompTIA Security+, CISSP, CEH) are highly desirable.

What Cyberr Offers:

• Competitive salary and comprehensive benefits packages through our clients.
• Access to a network of high-profile clients and cutting-edge cybersecurity projects.
• Opportunities for ongoing professional development and certification support.
• Flexible work arrangements, including remote options, depending on client requirements.
• A supportive and collaborative environment with Cyberr’s expert guidance throughout your career.