58 Security Monitoring jobs in the United Arab Emirates

As a member of the ETMSA team at Crypto.com , you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

Responsibilities

- Report to Director to facilitate all phases in the incident response lifecycle

- Be involved in various incident prevention projects to improve Security posture

Preparation:

- Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.

- Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly

Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements

- Evaluate the incident response readiness of different layers - people, process, technology

Detection & Analysis:

- Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.

- Respond to cyber security incidents in compliance with the local authority / regulatory requirements.

- Assess the risk, impact and scope of the identified security threats

- Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs

Containment, Eradication and Recovery:

- Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident

- Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.

- Document and present investigative findings for high profile events and other incidents of interest.

Post incident activities:

- Provide lessons learnt meeting to the stakeholders

- Lead and keep track on the follow-up activities

- Document the incident in the case management system and provide incident reports

Always ready to jump in, in the event of security incidents.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes.
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc.
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus ( e.g.Azure , AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus.

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

As a member of the ETMSA team at Crypto.com , you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

• Report to Director to facilitate all phases in the incident response lifecycle
• Be involved in various incident prevention projects to improve Security posture
• Preparation:
• Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.
• Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly
• Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements
• Evaluate the incident response readiness of different layers - people, process, technology
• Detection & Analysis:
• Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.
• Respond to cyber security incidents in compliance with the local authority / regulatory requirements.
• Assess the risk, impact and scope of the identified security threats
• Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs
• Containment, Eradication and Recovery:
• Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident
• Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
• Document and present investigative findings for high profile events and other incidents of interest.
• Post incident activities:
• Provide lessons learnt meeting to the stakeholders
• Lead and keep track on the follow-up activities
• Document the incident in the case management system and provide incident reports
• Always ready to jump in, in the event of security incidents.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

We are seeking an experienced Incident Response Consultant to join our team. In this role, you will work closely with our security team to investigate and respond to cyber threats.

• Investigate and analyze security incidents to identify the root cause and recommend remediation strategies;
• Develop and implement incident response plans to ensure timely and effective responses to security incidents;
• Collaborate with internal teams to provide guidance and support on security-related matters;

Required Skills:

• 6+ years of experience in network security and digital forensics;
• Expert knowledge of DFIR tools such as Access Data, IDA Pro, FTK+, Encase;
• Familiarity with threat hunting tools and commercial and open-source solutions;

Benefits:

• Opportunity to work with a dynamic and growing organization;
• Competitive salary and benefits package;
• Opportunities for professional growth and development;

Others:

• GCIA, GCIH, or CISSP certifications;
• SANS Certified Forensic Examiner (GCFE) certification;
• Industry Certification on Digital Forensics Tools.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes.
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc.
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus.

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

Role: Incident Response Manager

Location: Abu Dhabi

Role purpose:

• The Incident Response Manager will lead the Cyber Security Incident Response unit oversee its day-to-day operations and manage the SOC shifts.
• This role requires collaboration with various internal teams and departments as well as external partners and cybersecurity agencies to ensure an effective and timely response to all security incidents.
• The manager must demonstrate strong leadership skills encourage teamwork optimize team performance and develop incident response strategies.
• Additionally this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition including leveraging AI-driven threat detection and automated incident response tools.
• The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.

Key accountabilities of the role:

Leadership and strategy:

• Lead the Cyber Security Incident Response unit managing both the day-to-day operations and the strategic development of incident response capabilities.
• Develop oversee and refine incident response plans playbooks and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes tools and technologies driving continuous improvements and reducing gaps between current and ideal states.
• Demonstrate adaptability and innovation to address evolving threat landscapes continuously enhancing the response approach.
• Incident Management:
• Directly handle L3 security incidents overseeing their detection analysis containment and resolution.
• Supervise the staffs utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Coordinate with threat intelligence monitoring teams and other security functions to effectively communicate incident findings to leadership and relevant stakeholders.
• Implement and maintain robust incident response frameworks including industry standards such as NIST MITRE ATT&CK and best practices for coordinated response efforts.
• Prepare and present post-incident reports including lessons learned and recommendations for preventive measures to executive management.
• Experience in crisis management and business continuity planning.

Operational efficiency:

• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Provide detailed reports on incident investigations root cause analyses and mitigation strategies contributing to the organizations continuous improvement efforts.
• Develop and track key performance metrics for incident management and response reporting outcomes to senior management.
• Maintain strong relationships with internal and external stakeholders to support the incident problem and change management cycles.
• Facilitate effective communication during incidents ensuring that stakeholders are informed of progress and resolution steps.

Specialist skills / technical knowledge required for this role:

• Proven experience in managing security operations centers and incident response teams.
• Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
• Strong leadership skills with the ability to motivate and guide teams.
• Expertise in information security principles the cyber threat landscape and incident response protocols.
• Excellent communication and interpersonal skills to interact with various business units and IT departments.
• Knowledge of ISO 27001 NESA PCI DSS SWIFT and other information security standards and regulations.
• Familiarity with incident response frameworks (NIST MITRE ATT&CK) and best practices in managing cybersecurity incidents.
• Ability to manage multiple tasks with high attention to detail and organizational skills.
• Bachelors degree in engineering IT or a related technical discipline.
• Relevant certifications in cybersecurity and incident management (e.g. CISSP CISM GCFA GCIH).

Previous Experience:

• More than 10 years of experience in information security particularly in incident management and response within banks or financial institutions.
• Strong experience in monitoring and incident handling techniques and tools.
• Experience managing a Computer Incident Response Team (CIRT) Computer Security Incident Response Center (CSIRC) or Security Operations Center (SOC).
• Executive experience including management-level discussions.
  

Required Experience:

Manager

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes.
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc.
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus.

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

As a member of the ETMSA team at Crypto.com, you will be integral to responding to and managing cybersecurity threats and incidents throughout their lifecycle – from Preparation to Identification, Containment, Eradication, Recovery, and Lessons Learned – collaborating with a global team of incident responders.

You will apply your comprehensive skills in cyber defense, digital forensics, log analysis, and intrusion analysis to address security incidents across our endpoints, network, and cloud infrastructure. In this role, you will be responsible for prevention, detection, response, and remediation activities, ensuring that information assets and technologies are adequately protected by leveraging various technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), and more.

You will also leverage your collaboration and communication skills to work effectively with all relevant stakeholders in multicultural and global environments.

• Report to Director to facilitate all phases in the incident response lifecycle
• Be involved in various incident prevention projects to improve Security posture
• Preparation:
• Understand different regulatory and compliance requirements like critical time to report, escalation flows, etc.
• Take part in self-assessment exercises like Tabletop Exercises, Attack Simulations, Red/Purple Team exercises to make sure the incident response process is working smoothly
• Develop incident response runbooks, playbooks and SOPs with reference to different regulatory requirements
• Evaluate the incident response readiness of different layers - people, process, technology
• Detection & Analysis:
• Respond to the cyber security incidents escalated from various channels including the 24/7 SOC team.
• Respond to cyber security incidents in compliance with the local authority / regulatory requirements.
• Assess the risk, impact and scope of the identified security threats
• Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against medium-term threats and IOCs
• Containment, Eradication and Recovery:
• Communicate with the stakeholders and provide guidance, recommendations to contain and eradicate the security incident
• Participate in root cause analysis using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.
• Document and present investigative findings for high profile events and other incidents of interest.
• Post incident activities:
• Provide lessons learnt meeting to the stakeholders
• Lead and keep track on the follow-up activities
• Document the incident in the case management system and provide incident reports
• Always ready to jump in, in the event of security incidents.

• At least 5 years experience in the Cyber Security industry
• Strong technical and analytical skills
• Familiar with the cyber security incident response process
• Familiarity with AI tools and their application in automating security tasks and processes
• Hands-on experience on performing incident response activities
• Have scripting experience like Bash, PowerShell, Python, Go, etc, and the ability to use these skills to aid in responding to incidents involving Windows, Linux, macOS, as well as cloud environment
• Have knowledge of cybersecurity tools and software like NGFW, EDR, IDS/IPS, EDR, DLP, SIEM, other log management platforms, etc
• Be familiar with the MITRE ATT&CK Framework and/or Cyber Kill Chain
• Be passionate on exploring new technologies and having creative initiative to boost the team capabilities
• Holders of security related certifications is a plus (e.g.Azure, AWS, CISSP, GCIH, GCIA, GCFA, GNFA, GREM, or other equivalent)
• Awareness of regulatory and compliance requirements like GDPR, MAS, PSD2 etc is a plus

• Fast learner with can do attitude and ready to get the hands dirty
• A strong team player who can collaborate with compassion
• Passionate to learn and willing to put in the extra effort
• Understand the concept of ownership and accountability coupled with sense of urgency and prioritisation
• Confidence in handling incidents and managing relevant senior and technical stakeholders
• Possess business acumen/mindset (not only technical) when making critical decisions

Role: Incident Response Manager

Location: Abu Dhabi

Role purpose:

• The Incident Response Manager will lead the Cyber Security Incident Response unit oversee its day-to-day operations and manage the SOC shifts.
• This role requires collaboration with various internal teams and departments as well as external partners and cybersecurity agencies to ensure an effective and timely response to all security incidents.
• The manager must demonstrate strong leadership skills encourage teamwork optimize team performance and develop incident response strategies.
• Additionally this position demands hands-on expertise in handling complex L3 security incidents from detection to disposition including leveraging AI-driven threat detection and automated incident response tools.
• The role also requires strong crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.

Key accountabilities of the role:

Leadership and strategy:

• Lead the Cyber Security Incident Response unit managing both the day-to-day operations and the strategic development of incident response capabilities.
• Develop oversee and refine incident response plans playbooks and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes tools and technologies driving continuous improvements and reducing gaps between current and ideal states.
• Demonstrate adaptability and innovation to address evolving threat landscapes continuously enhancing the response approach.
• Incident Management:
• Directly handle L3 security incidents overseeing their detection analysis containment and resolution.
• Supervise the staffs utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Coordinate with threat intelligence monitoring teams and other security functions to effectively communicate incident findings to leadership and relevant stakeholders.
• Implement and maintain robust incident response frameworks including industry standards such as NIST MITRE ATT&CK and best practices for coordinated response efforts.
• Prepare and present post-incident reports including lessons learned and recommendations for preventive measures to executive management.
• Experience in crisis management and business continuity planning.

Operational efficiency:

• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Provide detailed reports on incident investigations root cause analyses and mitigation strategies contributing to the organizations continuous improvement efforts.
• Develop and track key performance metrics for incident management and response reporting outcomes to senior management.
• Maintain strong relationships with internal and external stakeholders to support the incident problem and change management cycles.
• Facilitate effective communication during incidents ensuring that stakeholders are informed of progress and resolution steps.

Specialist skills / technical knowledge required for this role:

• Proven experience in managing security operations centers and incident response teams.
• Demonstrated capability in hands-on management of L3 security incidents from detection through to disposition.
• Strong leadership skills with the ability to motivate and guide teams.
• Expertise in information security principles the cyber threat landscape and incident response protocols.
• Excellent communication and interpersonal skills to interact with various business units and IT departments.
• Knowledge of ISO 27001 NESA PCI DSS SWIFT and other information security standards and regulations.
• Familiarity with incident response frameworks (NIST MITRE ATT&CK) and best practices in managing cybersecurity incidents.
• Ability to manage multiple tasks with high attention to detail and organizational skills.
• Bachelors degree in engineering IT or a related technical discipline.
• Relevant certifications in cybersecurity and incident management (e.g. CISSP CISM GCFA GCIH).

Previous Experience:

• More than 10 years of experience in information security particularly in incident management and response within banks or financial institutions.
• Strong experience in monitoring and incident handling techniques and tools.
• Experience managing a Computer Incident Response Team (CIRT) Computer Security Incident Response Center (CSIRC) or Security Operations Center (SOC).
• Executive experience including management-level discussions.
  

Required Experience:

Manager

Job Title: Incident Response Manager

Location: Abu Dhabi, UAE

The Cyber Security Incident Response unit is led by the Incident Response Manager, overseeing its day-to-day operations and managing the SOC shifts. This role requires collaboration with various internal teams and departments as well as external partners and cybersecurity agencies to ensure an effective and timely response to all security incidents.

This position demands strong leadership skills, encouraging teamwork, optimizing team performance, and developing incident response strategies. The manager must also demonstrate hands-on expertise in handling complex L3 security incidents from detection to disposition, including leveraging AI-driven threat detection and automated incident response tools.

• The manager will lead the development of incident response plans, playbooks, and strategies to ensure rapid and effective response to security breaches.
• Maintain and enhance information security monitoring processes, tools, and technologies, driving continuous improvements and reducing gaps between current and ideal states.
• Directly handle L3 security incidents, overseeing their detection, analysis, containment, and resolution.

• Lead the development and refinement of incident response capabilities, ensuring adaptability and innovation to address evolving threat landscapes.
• Develop, oversee, and refine incident response plans, playbooks, and strategies to ensure rapid and effective response to security breaches.
• Supervise the staff's utilization of security monitoring tools and ensure high levels of team performance and engagement.
• Demonstrate crisis management and stakeholder communication skills to effectively coordinate during high-impact security events.

• Implement and maintain robust incident response frameworks, including industry standards such as NIST, MITRE ATT&CK, and best practices for coordinated response efforts.
• Prepare and present post-incident reports, including lessons learned and recommendations for preventive measures to executive management.
• Manage SOC shift schedules to ensure 24/7 coverage and effective resource utilization.
• Develop and track key performance metrics for incident management and response reporting outcomes to senior management.

• Foster strong relationships with internal and external stakeholders to support the incident problem and change management cycles.
• Facilitate effective communication during incidents, ensuring that stakeholders are informed of progress and resolution steps.
• Provide detailed reports on incident investigations, root cause analyses, and mitigation strategies, contributing to the organization's continuous improvement efforts.