We are looking for a highly skilled and proactive Incident Response Engineer with at least 5 years of hands-on cybersecurity experience, including a strong background in the telecom industry. This role is critical to ensuring the rapid detection, investigation, containment, and resolution of security incidents. You will collaborate with cross-functional teams to improve the organization’s security posture and operational resilience in a fast-paced telecom environment.
Key Responsibilities:
- Monitor and triage security alerts from telecom-focused SIEM, EDR, and threat intelligence platforms.
- Investigate security incidents involving signaling networks (SS7, Diameter, SIP), subscriber data, and telecom infrastructure.
- Lead incident response lifecycle phases: detection, analysis, containment, eradication, recovery, and post-incident review.
- Utilize tools like Splunk, IBM QRadar, CrowdStrike, Palo Alto Cortex XDR, and Wireshark for forensic and packet analysis.
- Coordinate with SOC teams, NOC, IT Ops, and Core Network teams for effective incident resolution.
- Develop and maintain incident response runbooks specific to telecom use cases (e.g., network intrusions, signaling fraud, SIM cloning, BSS/OSS attacks).
- Conduct threat hunting and IOC correlation to detect stealthy attacks across telecom infrastructure.
- Analyze malware and conduct memory and disk forensics using tools such as Volatility, FTK, EnCase, and Autopsy.
- Stay current on threats to the telecom sector including APT groups, signaling layer exploits, and SS7/Diameter vulnerabilities.
- Support regulatory compliance (e.g., NCA, TRA, GDPR, SAMA) and law enforcement requests by providing forensic evidence and incident reports.
- Organize and lead tabletop exercises and breach simulations involving telecom-specific threat scenarios.
Required Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related discipline.
- Minimum 5 years of cybersecurity experience, with at least 3 years in incident response.
- Mandatory experience in the telecom industry, including knowledge of core network architecture (4G/5G), VAS, BSS/OSS systems, and network signaling protocols (e.g., SS7, SIP, Diameter).
- Strong understanding of network security, TCP/IP, firewalls, proxies, and telecom-specific attack surfaces.
- Hands-on experience with SIEM tools (Splunk, QRadar), EDR platforms (CrowdStrike, SentinelOne, Cortex XDR), and forensic tools.
- Proficiency in Python, Bash, or PowerShell scripting for automation and custom parsing.
- Solid grasp of MITRE ATT&CK, NIST 800-61, ISO/IEC 27035, and telecom security best practices.
- Relevant certifications: GCIA, GCIH, CEH, CISSP, OSCP, or equivalent are highly preferred.
Key Skills & Tools:
- Telecom Cybersecurity
- Incident Detection & Response
- Threat Hunting & IOC Analysis
- SIEM (Splunk, QRadar), EDR (CrowdStrike, Cortex XDR)
- Signaling Protocols: SS7, Diameter, SIP
- Packet Analysis & Forensics (Wireshark, FTK, EnCase)
- Security Automation & Scripting (Python, PowerShell)
- Regulatory & Compliance (NCA, SAMA, GDPR)
- Malware Analysis & Reverse Engineering
- Security Documentation & Playbook Development
Location: Dubai, United Arab Emirates
Work Conditions: On-site, Full-time
