Incident Response and Forensic Investigation Specialist (DFIR)

About the Job:
Help AG, an e& enterprise company, is seeking a talented and experienced Incident Response and Forensic Investigation Specialist. This role involves managing off-site and on-site incident response activities and customer engagements, utilizing multiple security technologies to guide clients in handling security incidents. The specialist will examine IT and security systems using best-practice digital forensic methods to detect, validate, and mitigate IT security-related incidents. The successful candidate will join our Cyber Defence team within the Managed Security Services (MSS) business unit.

Responsibilities:

• Lead incident response engagements in varied environments until all threats are remediated.
• Develop custom incident response plans tailored to specific client situations.
• Analyze logs and data from diverse security technologies (e.g., Antiviruses, IDS/IPS, Firewalls).
• Conduct forensic analysis on various artifacts, including RAM, packet captures, and disk images.
• Reverse engineer malicious software and create signatures and indicators of compromise.
• Actively develop incident response tools, scripts, and detection content.
• Research Red Team techniques and conduct threat hunts.
• Articulate and execute common Incident Response methods (e.g., SANS).
• Respond to technical requests for managed services and work on-site with clients during live security incidents.
• Maintain awareness of the current threat landscape.
• Champion excellence through knowledge sharing, writing technical articles, and training other analysts.
• Create and present customer reports ensuring quality, accuracy, and value.

Qualifications & Skills:

• Degree in Computer Science, Information Systems, Electrical Engineering, or related field.
• 7+ years of experience in information security, with specific roles in incident analysis, handling, and malware analysis.
• 2-3 years of experience in a senior or lead analyst role, including mentoring and guiding others.
• Strong background in areas including Security Threat Analysis, Network Security Operations, and Forensics.
• Demonstrable experience in handling Incident Response engagements, especially APTs and Ransomware.
• Security certifications (CISSP, GCIA, GCIH, etc.) preferred.
• Deep knowledge of TCP/IP, networking, and security products.
• Proficient in scripting languages: Python, PowerShell, Bash.
• Experience with Digital Forensics tools and methods.

Benefits:

• Health insurance with leading global providers.
• Career progression opportunities through challenging projects.
• Employee engagement and wellness activities throughout the year.
• Excellent learning and development programs.
• Annual flight tickets.
• Inclusive and diverse working environment with open door policy.

Company Overview:
Help AG is the cybersecurity division of e& enterprise, providing strategic consultancy and tailored information security services across the Middle East. Established in 2004, Help AG is recognized as a trusted IT security advisor and combines industry-leading technologies with expert service delivery to enhance clients' cyber defenses.