Expert Engineer/Security Operation Centre

As an Expert Engineer in the Security Operation Centre, you will be responsible for incident response efforts, host-level investigations, conducting comprehensive forensic investigations, and proactively hunting for threats within the network and systems to remediate security incidents.

Responsibilities:

• Monitor and analyze threat intelligence feeds, security blogs, and industry news to stay informed on emerging threats and vulnerabilities.
• Conduct forensic investigations for cybersecurity incidents, including data breaches, advanced persistent threats (APT), ransomware, and insider threats.
• Utilize forensic tools and techniques to collect and analyze evidence, ensuring secure evidence handling and chain of custody for compliance with legal and regulatory standards.
• Conduct in-depth analysis of security events from multiple sources, such as SIEM, IDS/IPS, firewall logs, endpoint detection tools, and network traffic data.
• Develop and execute advanced threat-hunting queries and custom searches to detect malicious activities that may evade standard detection systems and improve detection rules.
• Conduct host-based forensic analyses across various platforms, including Windows, Linux, macOS, and mobile devices.
• Conduct network-based forensics using platforms such as NDR and Security Onion.
• Conduct initial malware analysis to assess potential risks.
• Proactively hunt for threats in the organization’s network by identifying Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by adversaries.
• Communicate findings through detailed, high-quality reports and presentations to security teams, management, and relevant stakeholders.
• Develop remediation strategies for compromised environments and custom scripts to automate security log analysis.
• Conduct cloud incident response across Azure & AWS, utilizing the MITRE ATT&CK framework to map detected threats and enhance threat-hunting capabilities.
• Ensure timely closure of incidents in compliance with SLA requirements.

Qualifications:

• Mandatory: Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent work experience).
• Strong hands-on experience with incident response and digital forensics, including an investigation background that includes exposure to host-level investigations.
• Minimum 6 years of experience in digital forensics, incident response, or threat hunting.
• Expertise in Digital Forensics, Incident Response, and Threat Hunting with practical investigation experience.
• Knowledge of forensic tools such as EnCase, FTK, Oxygen, Cellebrite, and scripting skills (e.g., Python, PowerShell).
• Possession of DFIR-related certifications, including relevant SANS certifications (GCFA, GCFE & GCIH).
• Strong analytical and problem-solving skills with attention to detail and accuracy.

Language Requirements:

• Proficiency in English, with the ability to communicate complex technical findings effectively to both technical and non-technical audiences.

Location: Abu Dhabi, Abu Dhabi Emirate, United Arab Emirates
Work Conditions: On-site, Full-time