DFIR / Threat Hunter

The company is a technology resource solutions provider to leading OEMs across the EMEA region. We are currently supporting our client in Riyadh in the search for a Threat Hunter. The Threat Hunter is responsible for proactively identifying, investigating, and responding to advanced cyber threats across complex enterprise environments. This role leads threat hunting activities, digital forensic investigations, and incident response efforts to contain security breaches, determine root cause, and continuously enhance detection and response capabilities.

The Threat Hunter will work closely with Security Operations (SOC), security engineering, IT, and legal teams to strengthen the organization’s overall security posture and resilience against sophisticated adversaries.

Key Responsibilities:

• Proactively hunt for advanced threats, malicious behavior, and anomalous activity across enterprise environments.
• Conduct in-depth investigations of alerts, suspicious events, and potential intrusions to determine scope and impact.
• Lead digital forensic analysis on endpoints, servers, networks, and cloud environments following security incidents.
• Execute incident response activities including containment, eradication, and recovery.
• Identify attacker techniques, tactics, and procedures (TTPs) and map them to threat frameworks.
• Determine root cause of security incidents and document findings clearly for technical and non-technical stakeholders.
• Translate investigation outcomes into improved detection logic, alerts, and response playbooks.
• Collaborate closely with SOC analysts, security engineers, and IT teams to enhance monitoring and response capabilities.
• Support legal, compliance, and risk teams during investigations where required.
• Provide guidance and mentorship to junior analysts during complex investigations.

Required Skills & Experience:

• Proven experience in Threat Hunting, DFIR, and Incident Response within enterprise environments.
• Strong understanding of attacker behaviors, malware techniques, and post-exploitation activity.
• Hands-on experience with forensic investigations across endpoints, networks, and cloud services.
• Solid knowledge of common attack frameworks and threat methodologies.
• Experience working within or alongside SOC teams and security engineering functions.
• Ability to analyze large volumes of security telemetry and identify subtle indicators of compromise.
• Strong documentation skills with the ability to communicate findings clearly under pressure.

Technical Knowledge (Preferred):

• Endpoint, network, and cloud security monitoring tools.
• SIEM, EDR/XDR, and log analysis platforms.
• Malware analysis and endpoint forensics.
• Scripting or automation for investigations and data analysis (e.g., Python, PowerShell).
• Incident response processes and threat intelligence integration.

Location: Riyadh, Saudi Arabia
Work Conditions: On-site, Contract
Language Requirements: Not specified.