22 Incident Response jobs in Dubai

In this role, you will have the opportunity to work closely with our esteemed clients.

Job Overview:

1. Incident Response Process Ownership: Detect, validate, contain, and communicate security events and incidents such as malware infections, potential compromise, DDoS , etc. Ensure appropriate tuning, correlation of critical logs, connection to incident response process, and reporting of relevant metrics.
2. Security Incident and Event Management (SIEM) Strategy: Drive strategy for SIEM and oversee effectiveness of technology and process. Involve creation and maintenance of security operation playbooks with IT teams to effectively trigger and execute security incident response process.
3. Logging and Monitoring Across Infrastructure & Applications: Manage current state of logging and monitoring, maintain vision of ideal state of logging and monitoring, and drive prioritized roadmap to reduce gaps.
4. Internal / External Engagements: Act as SPOC for all escalated client communications and handle day-to-day operations of the Security Operations Centre reporting to SOC Manager.

Key Responsibilities:

logging, event management, steps validation, metrics, infrastructure strategy, security communication management

What We Offer:

We offer a dynamic and challenging work environment that fosters growth and development.

We are seeking a highly skilled Incident Response Specialist to join our team. The ideal candidate will be responsible for rapidly addressing security incidents and threats, strategizing, and leading incident engagements with staff at all levels.

On the ground, you will monitor threats targeting our company and help prevent attacks from occurring or escalating. This is an excellent opportunity to leverage your expertise in cybersecurity to drive business outcomes.

• Perform end-to-end handling of all critical, high, and medium cybersecurity incidents
• Draft incident reports and communicate incident summaries to senior leadership, end users, and legal teams
• Write playbooks for different types of cybersecurity incidents and use automation to reduce MTTR
• Automate repetitive incident-response tasks using automation platforms and/or programming
• Optimize existing security controls to fine-tune alerts and reduce false positives
• Gather open source and commercial threat intelligence and perform hunting across the enterprise for undetected threats
• Support legal and regulatory teams as a technical SME for cyber incidents with regulatory requirements
• Evaluate new technologies and drive POCs for new security products

Note: You will be expected to leverage coding skills to develop and automate solutions that enhance detection and response capabilities.

• 5+ years in Cyber Security, specifically Incident Response, with 24/7 SOC experience
• Strong understanding of NIST, CSF, MITRE, and other cybersecurity frameworks
• Programming or scripting skills (e.g., Python, C++) for automating incident-response tasks and developing custom tools
• Ability to write and tune detection rules across security platforms
• Hands-on experience dealing with major security incidents
• Automation proficiency using automation platforms or programming
• Malware analysis and digital forensics experience is a plus
• Relevant certifications (e.g., CISSP, ECSA, GISP, GCIH, GCFE, GCFA) are a plus
• Excellent multitasking ability with adaptability and teamwork
• Strong English communication skills (oral and written)

• Hybrid working model
• WFH setup allowance
• 30 days remote working from anywhere globally each year
• Employee discounts for accommodations worldwide
• Global team of 90+ nationalities, 40+ offices across 25+ countries
• CSR/Volunteer time off, Benevity donation subscription, volunteering opportunities
• Free Headspace, Odilo & Udemy subscriptions
• Employee Assistance Program and enhanced parental leave
• Life, total and accidental insurance

At our company, we are an equal opportunity employer and value diversity. Employment is based on merit and qualifications, without regard to sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other legally protected characteristics.

In this role, you will have the opportunity to work closely with one of our esteemed clients. This client is a global leader known for its commitment to quality and innovation. They have chosen Dautom as their trusted partner for their upcoming projects.

Job Description:

1. Incident Response Process: Owns the critical process steps detection, validation, containment, and communication for security events and incidents such as malware infections, potential compromise, Distributed Denial of Service (DDoS), etc.
2. Security Incident and Event Management (SIEM): Drives our strategy for SIEM and oversees the effectiveness of the technology and process. Involves appropriate tuning, correlation of critical logs, connection to our incident response process, and reporting of relevant metrics.
3. Security Operations Playbooks: Create, maintain, and promote a set of security operation playbooks with Agilents IT teams to effectively trigger and execute the security incident response process.
4. Logging and Monitoring Across Infrastructure & Applications: Manages the current state of logging and monitoring, maintains a vision of ideal state of logging and monitoring, and drives a prioritized roadmap to reduce the gaps.
5. Internal / External Engagements: Act as a SPOC for all escalated client communications and handle the day-to-day operations of the Security Operations Centre reporting to the SOC Manager.

Logging, Event Management, Steps Validation, Metrics, Infrastructure Strategy, Security Communication Management

The Cyber Defense Center is seeking a seasoned information security expert to lead its incident response team. This key role involves coordinating with various stakeholders, managing incident response processes, and ensuring timely and effective handling of security incidents.

Key responsibilities include:

• Coordinating incident response efforts across multiple teams
• Managing incident response processes and procedures
• Investigating and analyzing security incidents
• Containing and recovering from security breaches
• Communicating incident response efforts to stakeholders
• Reporting on incident response activities

The ideal candidate will possess strong leadership skills, excellent communication abilities, and a deep understanding of information security principles.

• Work as a DFIR consultant in DTS Solution supporting our 800-HACKED program
  
• Work as a consultant for many Incident Retainer Program
  
• Cyber breach investigations including forensic and malware analysis. Identifies network computer intrusion evidence and perpetrators.
  
• Strong understanding on threat hunting methodologies.
  
• Strong experience in post-compromise assessment.
  
• Ability to perform detailed forensics investigations;
  
• Knowledge on DFIR tools Autospy, Encase, Access Data, FTK+, IDA etc.
  
• Examines and performs comprehensive technical analysis of computer-related evidence and information stored on a device(s) during the conduct of an investigation or litigation.
  
• Proactively advise teams/hunt for and research potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
  
• Use both internal and external threat intelligence to build indicators of compromise into monitoring tools, can integrate these tools with one another to provide data enrichment.
  
• Use strong TCP/IP networking skills to perform network analysis to isolate and diagnose potential threats and anomalous network behavior.
  
• Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports.
  
• Report common and repeated problems (trend analysis) to management and propose process and technical improvements.
  
• Provide resolution plans for system and network issues.
  
• Provide support in the detection, response, mitigation, and reporting of real or potential cyber threats to the environment and assist in the automation of the processes.
  
• Provides oral and written communication to staff personnel concerning findings of fact, results of examination(s), and legal declarations, and testify in court as to the procedures and methodology used to recover and identify relevant evidence.
  
• Ability to write Incident Response Reports in accordance to international standards.
  

• 6+ years of experience of network/security and analyzing digital evidence and investigate computer security incidents
  
• Expert knowledge on DFIR tools such as Access Data, IDA Pro, FTK+, Encase
  
• Expert knowledge on threat hunting tools commercial and open source
  
• Familiarity with network tools such as Wireshark, tcpdump, libpcap.
  

• GCIA, GCIH, or CISSP Certifications
  
• SANS Certified Forensic Examiner (GCFE)
  
• Industry Certification on Digital Forensics Tool
  

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at

Senior Incident Response Specialist, Bangkok Based (Relocation Provided) – Agoda.

We are looking for an industry-experienced, highly motivated and self-driven Incident Response Specialist who can rapidly address security incidents and threats, strategize, and lead incident engagements with staff at all levels. On the ground, you will monitor threats targeting Agoda and help prevent attacks from occurring or escalating.

• Perform end-to-end handling of all critical, high and medium cybersecurity incidents at Agoda
• Draft incident reports and communicate incident summaries to senior leadership, end users, and legal teams
• Write playbooks for different types of cybersecurity incidents and use automation to reduce MTTR
• Automate repetitive incident-response tasks using automation platforms and/or programming
• Optimize existing security controls to fine-tune alerts and reduce false positives
• Gather open source and commercial threat intelligence and perform hunting across the enterprise for undetected threats
• Support legal and regulatory teams as a technical SME for cyber incidents with regulatory requirements
• Evaluate new technologies and drive POCs for new security products

Note: You will be expected to leverage coding skills to develop and automate solutions that enhance detection and response capabilities.

• 5+ years in Cyber Security, specifically Incident Response, with 24/7 SOC experience
• Strong understanding of NIST, CSF, MITRE and other cybersecurity frameworks
• Programming or scripting skills (e.g., Python, C++) for automating incident-response tasks and developing custom tools
• Ability to write and tune detection rules across security platforms
• Hands-on experience dealing with major security incidents
• Automation proficiency using automation platforms or programming
• Malware analysis and digital forensics experience is a plus
• Relevant certifications (e.g., CISSP, ECSA, GISP, GCIH, GCFE, GCFA) are a plus
• Excellent multitasking ability with adaptability and teamwork
• Strong English communication skills (oral and written)
• Relocation package available for Bangkok, Thailand

• Hybrid working model
• WFH setup allowance
• 30 days remote working from anywhere globally each year
• Employee discounts for accommodations worldwide
• Global team of 90+ nationalities, 40+ offices across 25+ countries
• CSR/Volunteer time off, Benevity donation subscription, volunteering opportunities
• Free Headspace, Odilo & Udemy subscriptions
• Employee Assistance Program and enhanced parental leave
• Life, total and accidental insurance

At Agoda, we are an equal opportunity employer and value diversity. Employment is based on merit and qualifications, without regard to sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, or other legally protected characteristics.

Help AG is looking for a talented and experienced Incident Response and Forensic Investigation Specialist who will be responsible for off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents. He / She will join our Cyber Defence team within our Managed Security Services (MSS) business unit. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you.

Responsibilities:

• Lead incident response engagements in unknown environments until all threats are remediated.

• Develop custom incident response plans tied to specific environments and customer situations.

• Examinate and analyse logs/data from a broad variety of security technologies, such as Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources.

• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images.

• Reverse engineer malicious software and develop signatures and indicators of compromise.

• Actively develop incident response tools, scripts, and various detection content.

• Research Red Team techniques, develop custom detection queries, rules, watchlists and other content, and conduct threat hunts.

• Articulate and execute common Incident Response methods (e.g. SANS).

• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.

• Work on-site as required with clients during Live Security Incidents.

• Maintain a high degree of awareness of the current threat landscape.

• Champion excellence and support others in delivering it through active knowledge sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested.

• Create and present customer reports to ensure quality, accuracy and value to the client.

• Educate and train other Analysts in execution of Incident Response processes and forensic analysis techniques.

• Perform other essential duties as assigned.

Qualifications & Skills:

• A Degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree.

• 7+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection.

• At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents.

• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration.

• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar).

• CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable.

• Deep TCP/IP knowledge, networking and security product experience.

• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale.

• Rapid development in scripting languages: Python/PowerShell /Bash.

• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.

• Demonstrable experience in accountability for and applying the methods of Incident Response, including adherence to process and direct engagement with stakeholders.

• Demonstrable experience in analysing and interpreting system, security and application logs.

• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce.

• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts.

• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development.

• Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.

Benefits:

• Health insurance with one of the leading global providers for medical insurance.

• Career progression and growth through challenging projects and work.

• Employee engagement and wellness campaigns activities throughout the year.

• Excellent learning and development opportunities.

• Annual flight tickets.

• Inclusive and diverse working environment.

• Flexible/Hybrid working environment.

• Open door policy.
  

About Us:

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security services and solutions that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in Feb 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and cybersecurity focused. With best-of-breed technologies from industry-leading vendor partners, expertly qualified service delivery teams and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

Help AG is looking for a talented and enthusiastic Security Analyst who will have a strong knowledge and interest in network security. The Security Analyst will be responsible for monitoring multiple security technologies and events using the Security Information Event Management (SIEM) tool in order to detect and identify IT security related incidents.

This role requires:

• 2-4 years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, or firewall administration.
• 2-4 years of experience in one of the following: Network operations or engineering or system administration on Unix, Linux, Windows.

Responsibilities

• Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of critical information security incidents.
• Correlate and analyze events using the Splunk/Log Rhythm/Qradar SIEM tool to detect IT security incidents.
• Conduct analysis of log files, including forensic analysis of system resource access.
• Review customer reports to ensure quality and accuracy.
• Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Respond in a timely manner (within documented SLA) to support, threat, and other cases.
• Document actions in cases to effectively communicate information internally and to customers.
• Resolve problems independently and understand escalation procedures.
• Maintain a high degree of awareness of the current threat landscape.
• Participate in knowledge sharing with other analysts and writing technical articles for Internal Knowledge Bases.
• Perform other essential duties as assigned.
• Able to work in rotating shifts within a 24/7 operating environment.

Qualifications & Skills

• A Degree in Computer Science, Information Systems, Electrical Engineering, or a closely related degree.
• An active interest in internet security, incident detection, network and systems security.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience of analyzing and interpreting system, security, and application logs.
• Knowledge of the type of events that both Firewalls, IDS/IPS, and other security-related devices produce.
• Experience in using SIEM tools such as Splunk, Log Rhythm, Qradar, Alien Vault, NitroSecurity, etc.
• TCP/IP knowledge, networking, and security product experience.
• Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc., and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CCNA, CISSP, GCA, GCIA, GCIH, CEH certification would be preferable.
• Outstanding organizational skills.
• Exclusive focus and vast experience in IT.
• Strong analytical and problem-solving skills.
• A motivated, self-managed individual who can demonstrate above-average analytical skills and work professionally with peers and customers even under pressure.
• Very good communication skills.
• Strong written and verbal skills.
• Strong interpersonal skills with the ability to collaborate well with others.
• Ability to speak and write in English is required; Arabic is preferred.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Excellent learning and development opportunities.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Annual flight tickets to home country.
• Open door policy.

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity. With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams, and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.

Help AG is looking for a talented and enthusiastic Security Analyst who will have a strong knowledge and interest in network security. The Security Analyst will be responsible for monitoring multiple security technologies and events using the Security Information Event Management (SIEM) tool in order to detect and identify IT security related incidents.

This role requires:

• 2-4 years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, or firewall administration.
• 2-4 years of experience in one of the following: Network operations or engineering or system administration on Unix, Linux, Windows.

Responsibilities

• Follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of critical information security incidents.
• Correlate and analyze events using the Splunk/Log Rhythm/Qradar SIEM tool to detect IT security incidents.
• Conduct analysis of log files, including forensic analysis of system resource access.
• Review customer reports to ensure quality and accuracy.
• Monitor multiple security technologies, such as SIEM, IDS/IPS, Firewalls, Switches, VPNs, and other security threat data sources.
• Respond to inbound requests via phone and other electronic means for technical assistance with managed services.
• Respond in a timely manner (within documented SLA) to support, threat, and other cases.
• Document actions in cases to effectively communicate information internally and to customers.
• Resolve problems independently and understand escalation procedures.
• Maintain a high degree of awareness of the current threat landscape.
• Participate in knowledge sharing with other analysts and writing technical articles for Internal Knowledge Bases.
• Perform other essential duties as assigned.
• Able to work in rotating shifts within a 24/7 operating environment.

Qualifications & Skills

• A Degree in Computer Science, Information Systems, Electrical Engineering, or a closely related degree.
• An active interest in internet security, incident detection, network and systems security.
• A sound knowledge of IT security best practices, common attack types and detection/prevention methods.
• Demonstrable experience of analyzing and interpreting system, security, and application logs.
• Knowledge of the type of events that both Firewalls, IDS/IPS, and other security-related devices produce.
• Experience in using SIEM tools such as Splunk, Log Rhythm, Qradar, Alien Vault, NitroSecurity, etc.
• TCP/IP knowledge, networking, and security product experience.
• Knowledge of Cyber Kill Chain and MITRE ATT&CK frameworks.
• Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc., and possible abnormal activities, such as worms, Trojans, viruses, etc.
• CCNA, CISSP, GCA, GCIA, GCIH, CEH certification would be preferable.
• Outstanding organizational skills.
• Exclusive focus and vast experience in IT.
• Strong analytical and problem-solving skills.
• A motivated, self-managed individual who can demonstrate above-average analytical skills and work professionally with peers and customers even under pressure.
• Very good communication skills.
• Strong written and verbal skills.
• Strong interpersonal skills with the ability to collaborate well with others.
• Ability to speak and write in English is required; Arabic is preferred.

Benefits

• Health insurance with one of the leading global providers for medical insurance.
• Career progression and growth through challenging projects and work.
• Employee engagement and wellness campaigns activities throughout the year.
• Excellent learning and development opportunities.
• Inclusive and diverse working environment.
• Flexible/Hybrid working environment.
• Annual flight tickets to home country.
• Open door policy.

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses across the Middle East with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in 2020, hence creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the region's trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and maintaining its focus on all aspects of cybersecurity. With best of breed technologies from industry-leading vendor partners, expertly qualified service delivery teams, and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their business.