52 Incident Response jobs in Saudi Arabia

Company Description

Innovative Solutions (IS) is a distinguished Cybersecurity company, founded in 2003 and headquartered in Riyadh, with a strong presence across the GCC region, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We specialize in a broad array of Cybersecurity solutions and services, encompassing Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

At Innovative Solutions, our mission is to "Bring Trust to Cyberspace" to ensure " Your Business, Secured ".

As the Incident Response Team Lead at Innovative Solutions, you will oversee our incident response team’s activities, ensuring swift and effective responses to cybersecurity incidents. You will lead investigations, coordinate responses, and develop strategies to improve our incident response capabilities. You will also mentor team members, promoting continuous improvement in processes and practices to enhance the cyber resilience of our organization and clients.

• Lead and manage the incident response team, setting priorities, assigning tasks, and ensuring timely resolution of incidents.
• Provide mentorship, coaching, and skills development for team members.
• Act as the central escalation point of contact for critical and complex incidents.
• Develop and manage incident response metrics, reporting, and performance KPIs.
• Provide executive briefings and updates during major security incidents.
• Ensure incident response processes compliance with regulatory frameworks.

• Oversee incident response lifecycle.
• Coordinate technical and business stakeholders during incidents, ensuring clear communication and structured escalation.
• Lead root cause analysis, digital forensics, and threat hunting activities for critical incidents.
• Ensure proper documentation of incidents, including timelines, actions taken, and lessons learned.

• Develop, implement, and maintain incident response playbooks, runbooks, and escalation processes.
• Coordinate and lead tabletop exercises, red team / purple team simulations, and incident readiness drills.
• Collaborate with SOC, threat intelligence, vulnerability management, and IT / OT security teams to enhance detection and response capabilities.

• Bachelor’s degree in computer science, cyber security, or a related field. Master's degree is a plus.
• 3+ years of experience in cybersecurity, with a focus on incident response.
• Proven experience leading incident response teams and managing incidents effectively.
• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA. CISSP is a plus.
• Strong expertise in incident response methodologies and frameworks.
• Excellent leadership, communication, and interpersonal skills.
• Ability to think critically and make sound decisions under pressure.

• Comprehensive training and development programs.
• Opportunity for career growth and advancement.
• Friendly and supportive work environment.

Company Description
Innovative Solutions (IS) is a distinguished Cybersecurity company, founded in 2003 and headquartered in Riyadh, with a strong presence across the GCC region, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We specialize in a broad array of Cybersecurity solutions and services, encompassing Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

At Innovative Solutions, our mission is to "Bring Trust to Cyberspace" to ensure "
Your Business, Secured
".

Role Description
As the Incident Response Team Lead at Innovative Solutions, you will oversee our incident response team's activities, ensuring swift and effective responses to cybersecurity incidents. You will lead investigations, coordinate responses, and develop strategies to improve our incident response capabilities. You will also mentor team members, promoting continuous improvement in processes and practices to enhance the cyber resilience of our organization and clients.

Responsibilities:

• Lead and manage the incident response team, setting priorities, assigning tasks, and ensuring timely resolution of incidents
• Provide mentorship, coaching, and skills development for team members
• Act as the central escalation point of contact for critical and complex incidents
• Develop and manage incident response metrics, reporting, and performance KPIs
• Provide executive briefings and updates during major security incidents
• Ensure incident response processes compliance with regulatory frameworks

DFIR Operations:

• Oversee incident response lifecycle
• Coordinate technical and business stakeholders during incidents, ensuring clear communication and structured escalation
• Lead root cause analysis, digital forensics, and threat hunting activities for critical incidents
• Ensure proper documentation of incidents, including timelines, actions taken, and lessons learned

Process and Improvements:

• Develop, implement, and maintain incident response playbooks, runbooks, and escalation processes
• Coordinate and lead tabletop exercises, red team/purple team simulations, and incident readiness drills
• Collaborate with SOC, threat intelligence, vulnerability management, and IT/OT security teams to enhance detection and response capabilities

Requirements

• Bachelor's degree in computer science, cyber security, or a related field. Master's degree is a plus
• 3+ years of experience in cybersecurity, with a focus on incident response
• Proven experience leading incident response teams and managing incidents effectively
• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA. CISSP is a plus
• Strong expertise in incident response methodologies and frameworks
• Excellent leadership, communication, and interpersonal skills
• Ability to think critically and make sound decisions under pressure

Benefits

• Comprehensive training and development programs
• Opportunity for career growth and advancement
• Friendly and supportive work environment

Company Description
Innovative Solutions (IS) is a leading cybersecurity company established in 2003, with its headquarters in Riyadh and a strong presence throughout the GCC, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We provide a comprehensive array of cybersecurity services, from advisory and technical assurance to solution deployment and managed security services. Our mission is clear: to bring trust to cyberspace and ensure that your business is well secured.

Role Description
As a Senior Incident Response Specialist at Innovative Solutions, you will be at the forefront of defending our organization and clients against cyber threats. You will lead incident response activities, oversee investigations, develop response strategies, and liaise with other teams to manage complex incidents effectively. Your expertise will be pivotal in enhancing our incident response capabilities and driving continuous improvement in our security operations.

Responsibilities

• Lead incident response activities for security incidents across the organization
• Conduct thorough investigations of security breaches and incidents to identify root causes and impacts
• Present findings to stakeholders and assist in reporting processes post incident
• Assist in creating and maintaining documentation related to incident handling and response activities
• Conduct digital forensics and malware analysis to support investigations and determine root cause, impact, and scope
• Participate in red/blue/purple team exercises to test and improve response readiness
• Stay updated on emerging threats, attack techniques, and incident response best practices
• Perform proactive threat hunting based on intelligence, anomalies, and advanced detection techniques
• Act as a technical point of contact for incident response analysts, providing guidance, and mentorship
• Collaborate with SOC, threat intelligence, vulnerability management, and IT/OT teams to improve detection and response capabilities

Requirements

• Bachelor's degree in computer science, cyber security, or a related field
• 3+ years of experience in incident response or a related cybersecurity role
• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA
• Proven track record of handling advanced persistent threats, ransomware, insider threats, and cloud security incidents
• Strong knowledge of operating systems, networking protocols, and security technologies
• Experience with SIEM, EDR, SOAR platforms, forensic tools, and malware analysis frameworks
• Strong written and verbal communication skills, capable of engaging with different levels of stakeholders
• Ability to work in a fast-paced environment and manage multiple incidents simultaneously
• Willingness to participate in on-call duties and rotate shifts as needed

Benefits

• Comprehensive training and development programs
• Opportunity for career growth and advancement
• Friendly and supportive work environment

Innovative Solutions (IS) is a leading cybersecurity company established in 2003, with its headquarters in Riyadh and a strong presence throughout the GCC, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We provide a comprehensive array of cybersecurity services, from advisory and technical assurance to solution deployment and managed security services. Our mission is clear: to bring trust to cyberspace and ensure that your business is well secured.

As a Senior Incident Response Specialist at Innovative Solutions, you will be at the forefront of defending our organization and clients against cyber threats. You will lead incident response activities, oversee investigations, develop response strategies, and liaise with other teams to manage complex incidents effectively. Your expertise will be pivotal in enhancing our incident response capabilities and driving continuous improvement in our security operations.

• Lead incident response activities for security incidents across the organization.
• Conduct thorough investigations of security breaches and incidents to identify root causes and impacts.
• Present findings to stakeholders and assist in reporting processes post incident.
• Assist in creating and maintaining documentation related to incident handling and response activities.
• Conduct digital forensics and malware analysis to support investigations and determine root cause, impact, and scope.
• Participate in red/blue/purple team exercises to test and improve response readiness.
• Stay updated on emerging threats, attack techniques, and incident response best practices.
• Perform proactive threat hunting based on intelligence, anomalies, and advanced detection techniques
• Act as a technical point of contact for incident response analysts, providing guidance, and mentorship.
• Collaborate with SOC, threat intelligence, vulnerability management, and IT/OT teams to improve detection and response capabilities.

• Bachelor's degree in computer science, cyber security, or a related field.
• 3+ years of experience in incident response or a related cybersecurity role.
• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA.
• Proven track record of handling advanced persistent threats, ransomware, insider threats, and cloud security incidents.
• Strong knowledge of operating systems, networking protocols, and security technologies.
• Experience with SIEM, EDR, SOAR platforms, forensic tools, and malware analysis frameworks
• Strong written and verbal communication skills, capable of engaging with different levels of stakeholders.

• Ability to work in a fast-paced environment and manage multiple incidents simultaneously.

• Willingness to participate in on-call duties and rotate shifts as needed.

• Comprehensive training and development programs.
• Opportunity for career growth and advancement.
• Friendly and supportive work environment.

Innovative Solutions (IS) is a distinguished Cybersecurity company, founded in 2003 and headquartered in Riyadh, with a strong presence across the GCC region, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We specialize in a broad array of Cybersecurity solutions and services, encompassing Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

At Innovative Solutions, our mission is to "Bring Trust to Cyberspace" to ensure "Your Business, Secured".

As the Incident Response Team Lead at Innovative Solutions, you will oversee our incident response team's activities, ensuring swift and effective responses to cybersecurity incidents. You will lead investigations, coordinate responses, and develop strategies to improve our incident response capabilities. You will also mentor team members, promoting continuous improvement in processes and practices to enhance the cyber resilience of our organization and clients.

Responsibilities:

• Lead and manage the incident response team, setting priorities, assigning tasks, and ensuring timely resolution of incidents.
• Provide mentorship, coaching, and skills development for team members.
• Act as the central escalation point of contact for critical and complex incidents.
• Develop and manage incident response metrics, reporting, and performance KPIs.
• Provide executive briefings and updates during major security incidents
• Ensure incident response processes compliance with regulatory frameworks.

DFIR Operations:

• Oversee incident response lifecycle.
• Coordinate technical and business stakeholders during incidents, ensuring clear communication and structured escalation.
• Lead root cause analysis, digital forensics, and threat hunting activities for critical incidents.
• Ensure proper documentation of incidents, including timelines, actions taken, and lessons learned.

Process and Improvements:

• Develop, implement, and maintain incident response playbooks, runbooks, and escalation processes.
• Coordinate and lead tabletop exercises, red team/purple team simulations, and incident readiness drills.
• Collaborate with SOC, threat intelligence, vulnerability management, and IT/OT security teams to enhance detection and response capabilities.

• Bachelor's degree in computer science, cyber security, or a related field. Master's degree is a plus.
• 3+ years of experience in cybersecurity, with a focus on incident response.
• Proven experience leading incident response teams and managing incidents effectively.
• Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA. CISSP is a plus.
• Strong expertise in incident response methodologies and frameworks.
• Excellent leadership, communication, and interpersonal skills.
• Ability to think critically and make sound decisions under pressure.

• Comprehensive training and development programs.
• Opportunity for career growth and advancement.
• Friendly and supportive work environment.

About the Role

This is a high-impact , hands-on role that puts you on the front lines of some of the most challenging incident response and threat hunting engagements. You’ll work across diverse industries, confronting real-world cyber threats and helping clients recover from complex incidents. Your expertise will directly shape outcomes, protect critical infrastructure, and contribute to a safer digital environment.

This role is ideal for professionals eager to sharpen their DFIR skills while operating in fast-paced, high-stakes environments.

• Conduct root cause analysis to determine the initial attack vector in security incidents.
• Lead incident response engagements, including containment, eradication, and recovery guidance.
• Acquire and analyze disk and memory forensic images, as well as perform triage analysis.
• Recover deleted data, trace file execution, and validate indicators of compromise (IOCs).
• Develop attack hypotheses using adversary TTPs mapped to the MITRE ATT&CK framework.
• Prepare and deliver clear, actionable reports and findings to both technical and non-technical stakeholders.
• Maintain composure and communicate effectively in high-pressure, time-sensitive incidents.

• Minimum first hands-on experience in Digital Forensics and Incident Response.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or equivalent professional experience.
• Proficiency in analyzing forensic artifacts such as:
• Windows registry
• Master File Table (MFT)
• Prefetch files
• Shellbags
• Experience working with EDR platforms and SIEM solutions.
• Strong understanding of attacker methodologies, MITRE ATT&CK, and the intrusion kill chain.

Additional requirements:

• Strong problem-solving mindset and attention to detail.
• Ability to remain calm under pressure during active incidents.
• One or more of the following: GCFA, GCIH, GNFA, GCFE, CHFI, GCFR, OSCP, or similar.

At Group-IB, we believe that employee happiness is fundamental to success. We foster a supportive, inclusive, and dynamic workplace where every team member is empowered to grow. Whether you’re aiming to deepen your expertise, step into leadership, explore new departments, or take your career abroad, we provide diverse opportunities for professional development.

Our team is made up of specialists from around the world who bring deep international expertise and thrive on solving complex challenges. You’ll be working with cutting-edge technologies recognized globally and contributing to projects that span across 60 countries alongside 450+ partners and 500+ clients.

We take pride in our multicultural, values-driven culture—where mutual respect, collaboration, and shared goals unite us across borders. And with Group-IB’s continued global growth and financial stability, your career trajectory here can accelerate faster than in most traditional environments.

• Flexible Work Schedule – you have the freedom to design your own workday in a way that drives results and balance.
• Health insurance to support your well-being.
• Certifications & Continuous Learning – our team holds over 1,000 globally recognized certifications; we cover the cost of professional development.
• Internal programs for soft skills and advanced technical training to help you expand your skill set.
• Entrepreneurial spirit is encouraged – bold ideas are supported and celebrated.

• Mid-Senior level

• Full-time

• Information Technology
• Industries: Computer and Network Security and Security and Investigations

Referrals increase your chances of interviewing at Group-IB. Get notified about new Digital Specialist jobs in Riyadh, Saudi Arabia.

ABOUT GROUP-IB:

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity

technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company's DNA, shaping its technological capabilities to defend businesses, and citizens, and support law enforcement operations.

Group-IB's Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us

ABOUT THE ROLE:

This is a
high-impact,
hands-on role that puts you on the front lines of some of the most challenging incident response and threat hunting engagements. You'll work across diverse industries, confronting real-world cyber threats and helping clients recover from complex incidents. Your expertise will directly shape outcomes, protect critical infrastructure, and contribute to a safer digital environment.

This role is ideal for professionals eager to sharpen their DFIR skills while operating in fast-paced, high-stakes environments.

YOUR MISSION

• Conduct root cause analysis to determine the initial attack vector in security incidents.
• Lead incident response engagements, including containment, eradication, and recovery guidance.
• Acquire and analyze disk and memory forensic images, as well as perform triage analysis.
• Recover deleted data, trace file execution, and validate indicators of compromise (IOCs).
• Develop attack hypotheses using adversary TTPs mapped to the MITRE ATT&CK framework.
• Prepare and deliver clear, actionable reports and findings to both technical and non-technical stakeholders.
• Maintain composure and communicate effectively in high-pressure, time-sensitive incidents.

WHAT SUCCESS LOOKS LIKE:

• Minimum first hands-on experience in Digital Forensics and Incident Response.
• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or equivalent professional experience.
• Proficiency in analyzing forensic artifacts such as:
• Windows registry
• Master File Table (MFT)
• Prefetch files
• Shellbags
• Event logs
• Experience working with EDR platforms and SIEM solutions.
• Strong understanding of attacker methodologies, MITRE ATT&CK, and the intrusion kill chain.

Additional requirements:

• Excellent communication skills.
• Strong problem-solving mindset and attention to detail.
• Ability to remain calm under pressure during active incidents.
• One or more of the following: GCFA, GCIH, GNFA, GCFE, CHFI, GCFR, OSCP, or similar.

OUR WORK ENVIRONMENT & CULTURE:

At Group-IB, we believe that employee happiness is fundamental to success. We foster a supportive, inclusive, and dynamic workplace where every team member is empowered to grow. Whether you're aiming to deepen your expertise, step into leadership, explore new departments, or take your career abroad, we provide diverse opportunities for professional development.

Our team is made up of specialists from around the world who bring deep international expertise and thrive on solving complex challenges. You'll be working with cutting-edge technologies recognized globally by Gartner, IDC, and Forrester, and contributing to projects that span across 60 countries alongside 450+ partners and 500+ clients.

We take pride in our multicultural, values-driven culture—where mutual respect, collaboration, and shared goals unite us across borders. And with Group-IB's continued global growth and financial stability, your career trajectory here can accelerate faster than in most traditional environments.

WHAT DO WE OFFER
:

• Flexible Work Schedule
• We don't believe in fixed hours—what matters is impact, not time spent. You have the freedom to design your own workday in a way that drives results and balance.
• Comprehensive Health Coverage
• Your well-being comes first. We offer health insurance to support you when it matters most.
• Certifications & Continuous Learning
• Our team holds over 1,000 globally recognized certifications, including CEH, CISSP, OSCP, and more. Through our incentive program, we cover the cost of professional development—because your growth fuels our innovation.
• Meaningful Challenges & Growth Paths
• From soft skills development to advanced technical training, a wide range of internal programs help you expand your skill set—and earn recognition and rewards along the way.
• Entrepreneurial spirit is encouraged
• We value initiative. Whether it's launching a tech blog, organizing events, building communities, or starting a sports team—Group-IB is a place where bold ideas are supported and celebrated. .

Senior Incident Response Specialist, Bangkok Based (Relocation Provided)

We are seeking an industry-experienced, highly motivated and self-driven Incident Response Specialist who can rapidly address security incidents and threats, strategize and lead engagements with all staffing levels. On the ground level, your job is to monitor threats targeting Agoda and help prevent attacks from occurring or worsening.

• Perform end-to-end handling of all critical, high and medium cyber security incidents at Agoda
• Draft incident reports and communicate incident summaries to senior leadership, end users, legal teams
• Write playbooks for different types of cyber security incidents and use automation to reduce MTTR
• Automate repetitive tasks of incident response using automation platforms and/or programming
• Optimize existing security controls to fine-tune alerts and reduce false positives
• Gather open source and commercial threat intelligence and perform hunting across the enterprise for undetected threats
• Support the legal and regulatory teams as a technical SME for cyber incidents with regulatory requirements
• Evaluate new technologies and drive POCs for new security products

Note: You will be expected to leverage your coding skills to develop and automate solutions that enhance our Detection and Response capabilities. Proficiency in understanding and writing code is essential for building and maintaining response automation tools.

• 5+ years of experience in Cyber Security, specifically in Incident Response, and experience working with 24/7 SOC teams
• Strong understanding of NIST, CSF, MITRE and other cyber security frameworks
• Programming or scripting skills (e.g., Python or C++) for automating incident response tasks and developing custom security tools
• Ability to write and tune detection rules in different security platforms
• Hands-on experience dealing with major security incidents
• Ability to automate using automation platforms or programming skills
• Malware analysis and digital forensics experience are a plus
• Certifications in Cyber Security, Forensic and Incident Response are a plus (CISSP, ECSA, GISP, GCIH, GCFE, GCFA)
• Flexible, fast-moving, adaptable and multi-tasking; excellent English communication skills (oral and written)
• Relocation package provided for Bangkok, Thailand
• Hybrid working model and WFH setup allowances

• Hybrid working model
• WFH set up allowance
• 30 days remote working from anywhere globally each year
• Employee discount for accommodation globally
• Global team of 90+ nationalities
• 40+ offices and 25+ countries
• Annual CSR / Volunteer Time off
• Benevity subscription for employee donations
• Volunteering opportunities globally
• Free Headspace, Odilo & Udemy subscriptions
• Employee Assistance Program
• Enhanced Parental Leave
• Life, TPD & Accident Insurance

At Agoda, we pride ourselves on being a company represented by people of diverse backgrounds and orientations. We are committed to equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics. We may keep your application on file for future vacancies unless you request removal. For details, please read our privacy policy.

We do not engage with unsolicited third-party agencies. If we receive unsolicited CVs, we reserve the right to contact and hire the candidate directly without a recruitment fee.

Overview

Security Analyst - Jeddah, Saudi Arabia

We are currently seeking a highly skilled and experienced Security Analyst to join our team in Jeddah. This is an excellent opportunity for an English speaking individual with strong analytical and technical skills to work in a fast-paced and dynamic environment.

• Monitor security systems including firewalls, intrusion detection systems, antivirus software, etc.
• Analyze security logs and investigate any suspicious activity.
• Conduct regular vulnerability assessments to identify potential risks.
• Develop and implement security policies and procedures.
• Provide technical guidance on security issues to other departments.
• Stay up-to-date with the latest security trends, threats, and technologies.
• Conduct periodic training sessions for employees on security best practices.
• Collaborate with other teams to ensure compliance with industry regulations and standards.
• Respond to security incidents in a timely manner.

• Bachelor's degree in Computer Science or related field.
• At least 3 years of experience in information security or related field.
• Strong knowledge of network protocols, firewalls, intrusion detection systems, etc.
• Experience with vulnerability assessment tools such as Nessus or Qualys.
• Excellent analytical skills with the ability to identify potential risks quickly.
• Strong understanding of industry regulations such as ISO 27001/2, NIST, etc.
• Experience with cloud-based security solutions is a plus.

Salary: 1400$ per month (negotiable depending on experience)

Benefits: Accommodation provided, Medical insurance, Annual leave

If you are a proactive and detail-oriented individual with a passion for information security, we would love to hear from you. Apply now and join our diverse team of professionals in Jeddah!