Incident Response and Forensics



Incident Response and Forensic Investigation Specialist

Job Description: Our large corporate client is looking for a talented and enthusiastic individual to join our Cyber Defence team within our Managed Security Services (MSS) business unit. If you have a strong knowledge and interest in incident response and/or digital forensics, this position might be the right one for you. The Incident Response and Forensic Investigation Specialist will be responsible for off-site and on-site Incident Response activities and customer engagements, leveraging multiple security technologies, guiding and leading customers in the handling of Security Incidents and examining IT and security systems using best-practice digital forensic methods to detect, validate and mitigate IT security related incidents. Responsibilities:

• Lead incident response engagements in unknown environments until all threats are remediated

• Develop custom incident response plans tied to specific environments and customer situations

• Examinate and analyse logs/data from a broad variety of security technologies, such as Antiviruses, IDS/IPS, Firewalls, Switches, VPNs and other security threat data sources

• Perform forensic analysis of different artifacts including RAM, packet captures, logs and disk images

• Reverse engineer malicious software and develop signatures and indicators of compromise

• Actively develop incident response tools, scripts, and various detection content • Research Red Team techniques, develop custom detection queries, rules, watchlists

and other content, and conduct threat hunts • Articulate and execute common Incident Response methods (e.g. SANS) • Respond to inbound requests via phone and other electronic means for technical

assistance with managed services • Work on-site as required with clients during Live Security Incidents • Maintain a high degree of awareness of the current threat landscape • Champion excellence and support others in delivering it through active knowledge

sharing with team members, writing technical articles for internal knowledge bases, blog posts and reports as required or requested

• Create and present customer reports to ensure quality, accuracy and value to the client • Educate and train other Analysts in execution of Incident Response processes and

forensic analysis techniques • Perform other essential duties as assigned


• 10+ years of experience in information security, in areas such as security operations, intrusion detection, incident analysis, incident handling, log analysis, malware analysis, reverse engineering or threat detection



• Demonstrate experience in handling Incident Response engagements (APTs and Ransomware) using the SANS Incident Response method (or similar)

• Strong background or equivalent experience in four of the following: Security Threat and Event Analysis, Network Security Operations or Engineering, Reverse Engineering, Malware Analysis, Windows/Linux/OSX Forensics, Penetration Testing, Active Directory and Azure Administration

• At least 2-3 years of experience as a Senior or Lead Analyst, or equivalent experience guiding, mentoring and teaching other Analysts/Security Professionals how to handle Security Incidents

Technical Skills:

• A Degree in Computer Science, Information Systems, Electrical Engineering or a closely related degree

• A sound knowledge of IT security best practices, common attack types and detection/prevention methods

• Demonstrable experience in accountability for and applying the methods of Incident Response, including adherence to process and direct engagement with stakeholders

• Demonstrable experience in analysing and interpreting system, security and application logs

• Broad knowledge of the type of events that Firewalls, IDS/IPS and other security related devices produce

• Demonstrable experience in the use of Digital Forensics tools, techniques and concepts including creating and using custom tools and scripts

• Static reverse engineering and analysis of malware written in different languages (X86/X64/C/C#, Go, etc.), signatures and Yara/Snort/Sigma rules development

• Strong knowledge of Red Team tactics and ability to find adversary traces on Enterprise scale

• Rapid development in scripting languages: Python/PowerShell /Bash • Deep TCP/IP knowledge, networking and security product experience • Knowledge of attack activities, such as scans, man in the middle, sniffing, DoS, DDoS,

etc. and possible abnormal activities, such as worms, Trojans, viruses, etc. • CISSP, GCIA, GCIH, GCFA, GCFE, GREM, OSCP certification would be preferable

Soft Skills:

• An experienced Consultant or Analyst who is committed to knowing and implementing the principles of Incident Response

• Outstanding organizational skills • Exclusive focus and vast experience in IT • Very good communication skills • Strong analytical and problem-solving skills • A motivated, self-managed, individual who can demonstrate exceptional analytical

skills and work professionally with peers and customers even under pressure • Ability to work unsupervised, in potentially stressful situations, with little or no

immediate supervision • Strong written and verbal skills • Strong interpersonal skills with the ability to collaborate well with others • Ability to speak and write in English is required; ability to speak and write in both

English and Arabic is preferred Benefits:

• Health insurance with one of the leading global providers of medical insurance



• Employee engagement activities throughout the year



  • Employment Status: Permanent
  • Job Location: Dubai, United Arab Emirates


  • Employment Status: Permanent
  • Job Location: Dubai, United Arab Emirates

Find your dream job

Browse our vacancies

Find your dream team

Contact our representative