35 Incident Response jobs in Saudi Arabia

Job ID: 2976351 | Amazon Support Services Pty Ltd

Amazon is looking for a qualified Security Engineer to join our innovative, high energy Security Incident Response Team (SIRT) in Sydney.
SIRT Security Engineers respond to security events, conduct analysis of threats and intrusion attempts, and provide security services to safeguard highly sensitive data.
They work hands-on with detection systems and vulnerability analysis tools to respond to potential threats to Amazon systems. Security Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis. With your technical expertise, you will be solving security challenges at scale, working to protect the applications powering the most sophisticated e-commerce platform ever built.
We value broad and deep technical knowledge, specifically in the fields of forensics, malware analysis, network security, application security, cryptography, and security intelligence. Key job responsibilities
- Responding to security incidents, and coordinating a cohesive response involving multiple teams across Amazon.
- Providing security engineering solutions and support during customer-facing incidents, proactively considering the prevention of similar incidents from occurring in the future.
- Assisting in the development of pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
- Identifying and recommending solutions that improve or expand Amazon’s incident response capabilities.
- Working alongside Security Engineers to improve security, and to reduce and quickly address risk.
- Evaluating the impact of current security trends, advisories, publications, and coordinating response as necessary across affected teams.
- Keeping your knowledge and skills current with the rapidly changing threat landscape.
- Participating in a follow-the-sun on-call rotation. About the team
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve. Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. BASIC QUALIFICATIONS

- BS in Computer Science, Information Security and 1+ years of post graduate (non- internship) related professional experience or 3+ years of related professional experience.
- Proficient in one or more scripting languages (E.g: Python, Perl, Bash, PowerShell, etc.).
- Experience with common security monitoring, log analysis and forensic tools.
- Able to perform DFIR and provide incident command at all stages (identification, containment, eradication, recovery, etc) while coordinating with various teams and providing reporting to leadership.

- Technical depth in one or more specialties including: application security, infrastructure security, digital forensics, malware analysis, threat hunting or some combination thereof.
- Experience working as part of a Computer Security Incident Response Team (CSIRT)
- Familiarity/experience with AWS services and security concepts. Acknowledgement of country:
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today. IDE statement:
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status. Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Posted: June 24, 2025 (Updated 1 day ago)

Posted: June 24, 2025 (Updated 1 day ago)

Posted: June 24, 2025 (Updated 2 days ago)

Posted: February 6, 2025 (Updated 2 days ago)

Posted: November 22, 2024 (Updated 3 days ago)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Key Responsibilities :

• Monitor security alerts and events using SIEM tools and other monitoring systems.

• investigate, triage, and respond to cybersecurity incidents in real-time.

• Coordinate incident response activities across teams and escalate critical event.

• Develop and maintain incident response plans, playbooks, and procedures.

• Generate incident reports and track remediation efforts.

• vulnerability assessments and penetration testing reviews.

• Risk assessment.

• analyze indicators of compromise (IOCs) and perform deep-dive investigations into suspicious activities.

• Work with compliance and audit teams to ensure compliance.

• Managing Firewall Palo Alto, Sophos.

• Protecting AICC local environment.

• Protecting AICC Cloud Azure environment

Qualifications:

• Bachelor’s degree in computer science, related field.

• Minimum 3 years of experience in cybersecurity, with at least 2 years in incident response.

• Familiarity with SIEM, SOC as services.

• Familiarity with regulator, NCA , SADIA.

• Familiarity with IT infrastructure.

Get AI-powered advice on this job and more exclusive features.

Lead the establishment and operations of Syria's national cyber incident response capability at the newly formed National Cybersecurity Center led by Syria Ministry of communication and information Technology, in collaboration with Cipher Saudi Arabia. As Incident Response Director, you will build the country's first dedicated cyber crisis management function, capable of coordinating responses to incidents affecting critical national infrastructure, government institutions, and essential services. This pivotal leadership role will develop Syria's ability to detect, contain, and recover from sophisticated cyber attacks while building resilience across the nation's digital ecosystem.

Level

Location

Requirements

• 10+ years of experience in cybersecurity with focus on incident response
• 5+ years leading incident response teams or programs
• Bachelor's degree required; Advanced degree in Cybersecurity, Computer Science, or related field preferred
• Proven experience handling major security incidents or breaches
• Deep knowledge of incident response methodologies, frameworks, and playbooks
• Strong understanding of digital forensics techniques and toolsets
• Experience coordinating multi-stakeholder responses to complex security incidents
• Background in crisis management and emergency response operations
• Fluency in Arabic and English (written and verbal)

Who You Are

• A battle-tested incident response leader with exceptional crisis management skills
• Methodical thinker who can maintain clarity and structure during high-pressure situations
• Diplomatic professional capable of coordinating diverse stakeholders during incidents
• Technical expert with deep understanding of attack vectors and mitigation strategies
• Effective communicator able to translate technical details to both technical and non-technical audiences
• Adaptable problem-solver who thrives in ambiguous and rapidly evolving scenarios
• Meticulous planner who develops robust response protocols while remaining flexible
• Committed mentor focused on building sustainable incident response capabilities

Nice to Have

• Experience establishing national or sectoral CERT/CSIRT operations
• Background in national security, military, or law enforcement cyber operations
• GCIH, GCFA, CISM, or other incident response certifications
• Experience with critical infrastructure protection and ICS/SCADA security
• Knowledge of regional threat actors and cyber threat landscape in the Middle East
• Background in malware analysis and reverse engineering
• Experience coordinating with international incident response organizations
• Understanding of legal and regulatory aspects of cyber incident handling

What You Will Be Doing

• Establish Syria's national incident response capability from the ground up
• Develop comprehensive incident response frameworks, playbooks, and protocols
• Build and lead teams specialized in containment, eradication, and recovery from cyber attacks
• Create national incident classification scheme and escalation procedures
• Establish digital forensics capabilities for evidence collection and analysis
• Coordinate incident response activities with government agencies, critical infrastructure operators, and international partners
• Lead responses to significant national cyber incidents, serving as incident commander
• Develop post-incident analysis methodologies and lessons learned processes
• Create training programs to build incident response capabilities across Syrian organizations
• Represent Syria in international incident response communities and information sharing forums

What You Will Need

• Expert knowledge of incident response procedures and best practices
• Strong leadership abilities, especially during crisis situations
• Excellent analytical and problem-solving skills
• Digital forensics knowledge and experience
• Crisis communication capabilities
• Documentation and reporting skills
• Ability to work effectively under extreme pressure
• Willingness to relocate to Damascus, Syria

Why Join Us

This role offers an unprecedented opportunity to establish critical national security capabilities that will protect Syria's digital future. You'll build incident response functions from the foundation up, implementing world-class practices while adapting to local needs and challenges. Your work will directly impact the nation's ability to withstand and recover from cyber attacks, protecting essential services and critical infrastructure that millions of citizens depend on. Few cybersecurity positions offer this level of national impact and the chance to build lasting security capabilities.

Be Part of Cipher Syria

By joining Cipher Syria, you'll become part of an elite team establishing the country's premier cybersecurity institution. You'll leverage Cipher's global expertise, methodologies, and resources while having the autonomy to build response capabilities tailored to Syria's unique security landscape. This role combines the stability and backing of an established organization with the excitement and growth potential of a groundbreaking national initiative. Help us establish Syria as a leader in cybersecurity resilience while advancing your career at the forefront of national cyber defense.

• Seniority level Director

• Employment type Full-time

• Job function Information Technology
• Industries Computer and Network Security

Referrals increase your chances of interviewing at Cipher | سايڤر by 2x

Get notified about new Director of Cyber Security jobs in Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from ACWA Power

Incident Response & Forensics Manager (IT & OT) - Saudi Nationals Only

ACWA Power is seeking an experienced Incident Response & Forensics Manager (IT & OT) to lead investigation and response efforts across our global IT infrastructure and industrial control systems (ICS/SCADA).

This is a high-impact role focused on managing major cyber incidents, conducting digital forensics, and ensuring the security of both digital systems and physical OT environments .

What You’ll Be Doing:

• Lead incident response and forensic investigations across IT and OT environments.
• Triage and escalate threats from SIEM, XDR, and threat detection platforms .
• Perform detailed root cause analysis and ensure timely remediation.
• Collaborate with IT, OT, legal, compliance, and external vendors to coordinate investigations and recovery.
• Develop and conduct incident response training and simulation exercises.
• Prepare incident reports for internal stakeholders and regulatory authorities.
• Ensure compliance with frameworks like NIST, ISO 27001, NERC-CIP, and ISA/IEC 62443 .

What You Bring:

• 5+ years in cybersecurity, with hands-on incident response and forensics experience.
• Strong technical knowledge of both enterprise IT and OT systems (SCADA, ICS, PLCs).
• Experience with Splunk , ELK , QRadar , forensic tools, and malware analysis.
• Certifications such as GCIA, GCIH, GCFA, CFCE, CISSP , or GICSP are preferred.
• Exceptional communicator, able to clearly report high-stakes incidents to both technical and business stakeholders.

Why Join Us:

This is your opportunity to secure the future of a company that powers millions across the globe. At ACWA Power, you'll play a mission-critical role protecting some of the most advanced digital and industrial infrastructures in the world.

Refrain from reaching the recruiter, please apply directly.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Services for Renewable Energy

Referrals increase your chances of interviewing at ACWA Power by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Our client is currently hiring for a Cyber Security SIEM Arcsight Administrator.

Manage and Maintain ArcSight Infrastructure

Manage the installation, configuration, and overall health of ArcSight components, including ESM, Logger, Connectors, and ArcMC. Plan and execute updates, patches, and system upgrades to ensure platform stability and security.

• Log Source Integration

Onboard and maintain log sources to ensure consistent event collection, and developing FlexConnectors for unsupported log sources.

• Troubleshooting and Issue Resolution

Identify and resolve issues related to event flow, dropped logs, or parsing errors.

• System Monitoring

Monitor performance, availability, and event flow across the ArcSight environment.

• Security Event Management

Support the SOC by ensuring accurate and timely event logging, correlation, and alert generation. Assist the remote SOC team by addressing queries related to log data and on-site activities as required

Participating in incident as SOC member and providing the log details

• Connector Administration

Manage SmartConnectors, including troubleshooting caching and event drop issues, optimizing performance.

• Compliance and Audit Support

Ensure log retention and access controls align with internal policies and regulatory requirements.

• Access and Role Management

Implement and manage user roles and permissions within the SIEM environment.

• Documentation and Reporting

Maintain system documentation and generate operational and compliance reports as required.

Admin Section - Information Security Department

Responsible for executing and maintaining the operational components of the Organization's security strategy, ensuring a secure, efficient, and effective technology environment. This role aims to protect all Organization data by maintaining a secure information environment.

1. Assist in implementing cybersecurity methodologies, procedures, and tools within the Information Security Management Division.
2. Assist in drafting information security policies across the Organization in accordance with the laws and regulations of the Kingdom of Saudi Arabia.
3. Assist in building and maintaining a catalog of available security services aligned with security policies and in compliance with industry standards such as ISO 27001.
4. Support periodic assessments to evaluate how well security services align with and meet business objectives, determining if services should be decommissioned or new services added.
5. Issue NCA and CVE bulletins to stakeholders and provide guidance to the remediation team.
6. Conduct regularly scheduled reviews of security service quality.
7. Participate in planning, executing, and reporting security audits and network vulnerability assessments with minimal supervision.

Qualifications: One (1) year of related experience with a Master’s degree, or three (3) years with a Bachelor’s degree.

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Get AI-powered advice on this job and more exclusive features.

We are looking for a proactive and skilled Cyber Security Analyst to join our in-house IT team. The ideal candidate will be responsible for strengthening our organisation’s security posture, ensuring systems are secure, compliant, and resilient against evolving threats.

Key Responsibilities:

Conduct network vulnerability assessments and penetration testing (VAPT) to identify and mitigate security risks.

Perform firewall configuration reviews and internal network assessments to maintain a strong security infrastructure.

Deliver web and mobile application security assessments, ensuring alignment with OWASP Top 10 standards.

Support implementation of data protection and privacy frameworks, including Personal Data Protection Act (PDPA) or similar regulations relevant to our operations.

Prepare and present technical reports and executive summaries, outlining security observations, risk analysis, and actionable remediation plans.

Collaborate with IT and compliance teams to ensure alignment with CIS Controls, ISO 27001, and GDPR basics.

Manage and monitor endpoint protection, IDS/IPS systems, and SIEM tools to proactively detect and respond to threats.

Assist in incident response procedures, root cause analysis, and implementing preventive measures.

Automate routine security tasks using PowerShell, Bash, or Python scripting to improve efficiency.

Required Skills & Expertise:

️ Firewall & VPN configuration: FortiGate, Cisco ASA, Palo Alto

️ Penetration testing tools: Nmap, Metasploit, Burp Suite, Nessus, Wireshark

️ Identity and Access Management (IAM)

️ Incident Response procedures and frameworks

️ Good scripting knowledge in PowerShell, Bash, and Python for automation and security analysis

️ Strong understanding of cloud security fundamentals and compliance frameworks (e.g. PDPA, ISO 27001, GDPR basics)

Qualifications:

Bachelor’s Degree in IT or Cyber Security (or equivalent work experience)

Relevant certifications such as CompTIA Security+, CEH, eJPT, or INE Certified Cloud Associate are preferred.

Who You Are:

Analytical with strong problem-solving abilities

Excellent communicator with skills to collaborate across IT, compliance, and management teams

Passionate about cyber security best practices and continuous learning

Able to work independently to proactively identify and address security issues within the organization

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Retail

Referrals increase your chances of interviewing at Dkhoon Emirates by 2x

Get notified about new Cyber Security Analyst jobs in Riyadh, Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Information Security Analyst - Ar Rass, Saudi Arabia


We are hiring an experienced Information Security Analyst to join our team in Ar Rass, Saudi Arabia. As an Indian national, you will be responsible for protecting our company's sensitive information and systems from cyber threats. Your primary focus will be on developing and implementing security protocols and procedures to ensure the confidentiality, integrity, and availability of our data.

Key Responsibilities:
- Conduct regular security assessments to identify potential vulnerabilities and risks
- Monitor networks and systems for suspicious activity and respond quickly to security incidents
- Develop and maintain information security policies, standards, and procedures
- Conduct training to educate employees on best practices for information security
- Collaborate with cross-functional teams to implement security solutions and ensure compliance with regulations
- Perform risk assessments and advise management on potential risks and mitigation strategies
- Stay updated on the latest industry trends, threats, and best practices in information security

Requirements:
- Minimum of 3 years of experience as an Information Security Analyst or similar role
- Bachelor's degree in Computer Science or a related field; professional certifications such as CISSP or CISM are a plus
- Strong knowledge of network and system security protocols (e.g. TCP/IP, firewalls)
- Experience with vulnerability assessment tools and techniques
- Familiarity with regulatory frameworks such as GDPR, ISO 27001, or NIST Cybersecurity Framework
- Excellent communication skills with the ability to explain technical concepts to non-technical stakeholders

Salary:
We offer a competitive salary of 1600$ per month along with accommodation.

If you are passionate about protecting sensitive data and have a strong understanding of information security principles, we would love to hear from you! Please apply with your updated resume.

This job has no reviews yet. You can be the first!

Information Security Analyst Jobs in Ar Rass:

The most in-demand professions in Ar Rass:

MEAT SLAUGHTERHOUSE WORKER | PACKERS, SORTERS | UKRAINE | without work experience

Users also frequently search in these cities:

More professions from the category IT sphere:

Subscribe to our telegram channel @layboard_in