the company is shaping the future of cybersecurity through innovation, intelligence, and a relentless drive to protect. Our platforms integrate cutting-edge AI, real-time threat detection, and deep security insights to help organizations proactively defend against evolving cyber threats.
Ready to apply for roles like this?
Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.
Unlock employer & apply directly
Responsibilities
- Own end-to-end forensic investigations across endpoints, cloud platforms, and network infrastructure — from initial triage to root cause, including IoC identification, data exfiltration, and unauthorized access.
- Coordinate and lead the DFIR team across active investigations, ensuring consistent methodology, evidence integrity, and investigative velocity.
- Pull and analyze logs from EDR/XDR, SIEM, DLP, IdP, and email gateway platforms to reconstruct precise attack and user activity timelines.
- Acquire forensic images from laptops, mobile devices, servers, and cloud repositories with full chain of custody.
- Go deep on artifacts — file systems, memory, registry, logs, config states — to reconstruct exactly what happened and when.
- Correlate endpoint, network, and identity telemetry into a coherent picture of attacker behavior and system access.
- Build AI-assisted workflows that automate evidence collection, pattern detection, and timeline generation to scale investigative capacity.
- Translate technical findings into clear, chronological narratives for executives and cross-functional stakeholders — no jargon, no ambiguity.
- Close the loop: feed investigation outcomes back into detection rules, access controls, and policy improvements.
Requirements
- Education
- Bachelor’s in Cybersecurity, International Relations, Computer Science, or related field.
- Experience
- 3+ years in digital forensics, incident response, or security investigations, with a track record leading or coordinating DFIR engagements.
- Exceptional written and verbal communication in both English & Arabic.
- Hands-on proficiency with forensic tooling: FTK, X-Ways, Cellebrite, Axiom, or equivalent platforms.
- Strong command of network protocols (TCP/IP, HTTP/S, DNS) and log analysis across SIEM platforms.
- Scripting ability in Python, PowerShell, or Bash — used to automate evidence processing, not just theoretically.
- Deep working knowledge of Windows, macOS, and Linux/Unix environments at the artifact and system level.
- Proven experience integrating AI tools into investigative workflows to accelerate triage, pattern detection, or reporting.
- Clear, confident communicator — able to brief executives and work alongside legal, HR, and compliance teams without losing technical precision.
- Compliance: Ensuring all operations align with NCA ECC and SAMA CSF regulations.
Certifications (Highly Preferred)
- SANS / GIAC (GCFA, GCFE, GNFA, GCIA or similar)
- IACIS CFCE
- EC-Council CHFI
- Offsec (OSDA, OSIR)
Benefits
- 🚀 Impact that Matters – Build products that shape the future of cybersecurity and protect organizations globally.
- 🏢 On-Site Collaboration – Be at the heart of innovation in our Riyadh office, working side by side with passionate experts.
- 💡 Continuous Growth – Access to certifications, trainings, and opportunities to sharpen your expertise.
- 📈 Ownership Mindset – Benefit from our ESOP program and grow with the company's success.
- 🤝 Culture of Trust – We empower talent, encourage ownership, and celebrate real outcomes.