10 Incident Response jobs in Riyadh

Incident Response Specialist (Специалист по расследованию компьютерных инцидентов) является частью команды Kaspersky Global Emergency Response Team, которая занимается реагированием на инциденты и расследованием киберугроз по всему миру.

• анализ вредоносных объектов;
• взаимодействие с заказчиком в рамках работы над инцидентами ИБ.
• навыки и опыт работы с инструментами статического и динамического анализа файлов (отладчики и дизассемблер);
• владение основными инструментами digital forensic, threat intelligence, network forensic, reverse engineering;
• опыт анализа вредоносных файлов;
• понимание актуальных индикаторов компрометации информационных систем и методов их обнаружения;
• знание современных угроз, уязвимостей, типичных атак на информационные системы, утилит для их реализации, а также методов их обнаружения и реагирования на них;
• знание и понимание распространённых сетевых протоколов, архитектур и внутреннего устройства современных операционных систем, а также технологий в области информационной безопасности.
• опыт расследования компьютерных инцидентов в крупных корпоративных сетях;
• опыт практического применения средств обнаружения целенаправленных атак;
• опыт создания детектирующих правил YARA, OpenIOC, STIX;
• опыт подготовки отчетных и аналитических документов по проектам;
• опыт программирования на языке Python (или др. скриптовые языки);
• наличие профессиональных сертификатов от Offensive Security, GIAC (или аналогичных);
• разговорный английский.

Overview

To support the organization’s Governance, Risk, and Compliance (GRC) cybersecurity framework by implementing, monitoring, and reporting on cybersecurity initiatives, ensuring alignment with Saudi regulatory requirements and internal policies. The role focuses on managing cybersecurity risks, compliance, and governance activities to strengthen the organization’s security posture.

• Assist in the development, implementation, and maintenance of the organization’s cybersecurity governance framework in alignment with Saudi cybersecurity regulations.
• Support the identification, assessment, and mitigation of cybersecurity risks as part of the enterprise risk management process.
• Monitor compliance with cybersecurity policies, frameworks, and standards, providing regular updates to the Head of GRC and Cybersecurity.
• Coordinate and support internal and external cybersecurity audits and regulatory assessments.
• Conduct periodic risk assessments and ensure that gaps are documented and addressed through actionable plans.
• Maintain the cybersecurity risk register and track the status of mitigation actions.
• Support the development and delivery of cybersecurity awareness programs for all employees.
• Monitor security incidents and collaborate with IT and third-party vendors for timely response and remediation.
• Assist in managing third-party risks by ensuring vendors comply with the organization’s cybersecurity requirements.
• Prepare regular reports on cybersecurity risks, compliance status, and performance metrics for leadership and board-level committees.
• Stay updated on emerging cybersecurity threats and regulatory changes to recommend proactive measures.

• Bachelor’s degree in Cybersecurity, Information Security, Information Technology, or a related field.
• Preferably one or more of the following certifications or similar in Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISO 27001 Lead Implementer or Auditor and Certified in Risk and Information Systems Control (CRISC).
• Proficiency in Microsoft Office Suite Word, Excel, PowerPoint, and Outlook.
• Exceptional written and verbal communication skills in both English and Arabic.
• 3-4 years of experience in cybersecurity governance, risk, and compliance.

• Entry level

• Full-time

• Analyst, Information Technology, and Quality Assurance

• Investment Banking, Real Estate, and Oil and Gas

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Get AI-powered advice on this job and more exclusive features.

We are looking for a proactive and skilled Cyber Security Analyst to join our in-house IT team. The ideal candidate will be responsible for strengthening our organisation’s security posture, ensuring systems are secure, compliant, and resilient against evolving threats.

Key Responsibilities:

Conduct network vulnerability assessments and penetration testing (VAPT) to identify and mitigate security risks.

Perform firewall configuration reviews and internal network assessments to maintain a strong security infrastructure.

Deliver web and mobile application security assessments, ensuring alignment with OWASP Top 10 standards.

Support implementation of data protection and privacy frameworks, including Personal Data Protection Act (PDPA) or similar regulations relevant to our operations.

Prepare and present technical reports and executive summaries, outlining security observations, risk analysis, and actionable remediation plans.

Collaborate with IT and compliance teams to ensure alignment with CIS Controls, ISO 27001, and GDPR basics.

Manage and monitor endpoint protection, IDS/IPS systems, and SIEM tools to proactively detect and respond to threats.

Assist in incident response procedures, root cause analysis, and implementing preventive measures.

Automate routine security tasks using PowerShell, Bash, or Python scripting to improve efficiency.

Required Skills & Expertise:

️ Firewall & VPN configuration: FortiGate, Cisco ASA, Palo Alto

️ Penetration testing tools: Nmap, Metasploit, Burp Suite, Nessus, Wireshark

️ Identity and Access Management (IAM)

️ Incident Response procedures and frameworks

️ Good scripting knowledge in PowerShell, Bash, and Python for automation and security analysis

️ Strong understanding of cloud security fundamentals and compliance frameworks (e.g. PDPA, ISO 27001, GDPR basics)

Qualifications:

Bachelor’s Degree in IT or Cyber Security (or equivalent work experience)

Relevant certifications such as CompTIA Security+, CEH, eJPT, or INE Certified Cloud Associate are preferred.

Who You Are:

Analytical with strong problem-solving abilities

Excellent communicator with skills to collaborate across IT, compliance, and management teams

Passionate about cyber security best practices and continuous learning

Able to work independently to proactively identify and address security issues within the organization

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Retail

Referrals increase your chances of interviewing at Dkhoon Emirates by 2x

Get notified about new Cyber Security Analyst jobs in Riyadh, Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Our Culture:

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

Our Code of Conduct

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

The SOC L1 team plays a critical role in maintaining the security posture of an organization and protecting it from cyber threats.

Duties and Responsibilities:

• Performing initial analysis on true positive alerts to determine root cause and impact.
• Undertake first stages of false positive and false negative analysis.
• Generate weekly reports from SIEM platform and send it to L2 SOC analysts for review
• Track and update incidents and requests based on client’s updates and analysis results
• Escalate validated and confirmed incidents as per escalation procedures.
• Collection of necessary logs that could help in the incident containment and security investigation
• Acknowledge, analyze and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
• Acknowledge, analyze and validate incidents triggered from correlated events through SIEM solution.
• Other duties related to the position

• Bachelor's degree in Cyber Security, Computer Science, or any IT-related field
• 0-2 years of experience, fresh graduates are welcome to apply

Minimum two of the below Certificates:

• Security+
• CEH
• eLearnSecurity Certified Incident Responder
• EC-Council Certified Security Analyst

Our Culture:

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

Our Code of Conduct

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

Duties and Responsibilities:

· Provide 24x7 monitoring (shift based), analysis and alerting of IT Security events and incidents.

• Analyze security events to verify incidents and their potential impact and risk to the clients.

• Create tickets for incident alerts and prioritize, correlate, and analyze events and incidents.

• Prepare and share incident analysis form to initiate response to validated events by engaging the required teams or resources to address the security incidents

• Analyze recurring incidents and performance of existing systems, processes, people and ensure corrective actions are taken.

• Proactive monitoring and respond to known and emerging threats against the network.

• Whitelist and fine-tuning content (use-cases) on SIEM solution.

• Threat hunting by identifying and hunting for emerging threat activities across all internal and external sources

• Perform complex data analysis in support of security event management.

• Conducting detailed & comprehensive investigation and triage on wide variety of security events and implement cleanup and remediation processes.

• Participation on Incident Response that includes root cause and lessons learned.

• Participation in the development of new logic and analytical capabilities.

· 3+ years’ experience in SOC operation or with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc.

· Excellent security data analytical and problem-solving skills.

· Good knowledge and expertise of using SIEMSOAR technologies for event investigation

· Demonstrated experience with a wide variety of security logs to detect and resolve security issues.

· Demonstrated success as a member of a highly collaborative team.

· Excellent written and oral communication skills

· Good understanding of the incident response process

Our Culture:

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

Our Code of Conduct

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

Duties and Responsibilities:

· Provide 24x7 monitoring (shift based), analysis and alerting of IT Security events and incidents.

• Analyze security events to verify incidents and their potential impact and risk to the clients.

• Create tickets for incident alerts and prioritize, correlate, and analyze events and incidents.

• Prepare and share incident analysis form to initiate response to validated events by engaging the required teams or resources to address the security incidents

• Analyze recurring incidents and performance of existing systems, processes, people and ensure corrective actions are taken.

• Proactive monitoring and respond to known and emerging threats against the network.

• Whitelist and fine-tuning content (use-cases) on SIEM solution.

• Threat hunting by identifying and hunting for emerging threat activities across all internal and external sources

• Perform complex data analysis in support of security event management.

• Conducting detailed & comprehensive investigation and triage on wide variety of security events and implement cleanup and remediation processes.

• Participation on Incident Response that includes root cause and lessons learned.

• Participation in the development of new logic and analytical capabilities.

· 3+ years’ experience in SOC operation or with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc.

· Excellent security data analytical and problem-solving skills.

· Good knowledge and expertise of using SIEMSOAR technologies for event investigation

· Demonstrated experience with a wide variety of security logs to detect and resolve security issues.

· Demonstrated success as a member of a highly collaborative team.

· Excellent written and oral communication skills

· Good understanding of the incident response process

Our Culture

At Hulool Zaintech for Information Technology we are proud of our culture and how it drives everything we do. We are looking for individuals who share our values and want to be part of a unique and engaging culture that revolves around collaboration and innovation. If you are looking for a role where you can drive engagement and excellence across teams through commitment and collaboration, and are someone who is customer-centric and appreciates an organization with uncompromised integrity that focuses on employee engagement then read on to learn more about how you can become part of the Hulool Zaintech family.

At Hulool Zaintech for Information Technology we strictly adhere to our code of conduct, which is there to serve as a moral compass, offering a framework for responsible behaviours and enabling ethical choices that cultivate positive relationships and a better future. It also outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across the countries we engage with.

Every year, all employees are required to review, comprehend, confirm, and adhere to the code of conduct. Additionally, all newly hired employees are subject to the same as part of their onboarding process.

• Provide 24x7 monitoring (shift based), analysis and alerting of IT Security events and incidents.
• Analyze security events to verify incidents and their potential impact and risk to the clients.
• Create tickets for incident alerts and prioritize, correlate, and analyze events and incidents.
• Prepare and share incident analysis form to initiate response to validated events by engaging the required teams or resources to address the security incidents
• Analyze recurring incidents and performance of existing systems, processes, people and ensure corrective actions are taken.
• Proactive monitoring and respond to known and emerging threats against the network.
• Whitelist and fine-tuning content (use-cases) on SIEM solution.
• Threat hunting by identifying and hunting for emerging threat activities across all internal and external sources
• Perform complex data analysis in support of security event management.
• Conducting detailed & comprehensive investigation and triage on wide variety of security events and implement cleanup and remediation processes.
• Participation on Incident Response that includes root cause and lessons learned.
• Participation in the development of new logic and analytical capabilities.
• 3+ years’ experience in SOC operation or with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc.
• Excellent security data analytical and problem-solving skills.
• Good knowledge and expertise of using SIEMSOAR technologies for event investigation
• Demonstrated experience with a wide variety of security logs to detect and resolve security issues.
• Demonstrated success as a member of a highly collaborative team.
• Excellent written and oral communication skills
• Good understanding of the incident response process

Our Culture:

At Hulool Zaintech for Information Technology, we are proud of our culture and how it drives everything we do. We seek individuals who share our values and want to be part of a unique, engaging culture centered around collaboration and innovation. If you are looking for a role where you can enhance engagement and excellence across teams through commitment and collaboration, and are customer-centric with a focus on integrity and employee engagement, then read on to learn how you can join the Hulool Zaintech family.

Our Code of Conduct:

We strictly adhere to our code of conduct, which serves as a moral compass, providing a framework for responsible behavior and ethical decision-making. It outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across all countries we operate in. All employees review, understand, and adhere to this code annually, including new hires during onboarding.

Duties and Responsibilities:

1. Manage, configure, test, and integrate the SIEM system, focusing on content development such as reports, dashboards, real-time rules, filters, and channels.
2. Develop and deploy new content (use-cases) on SIEM solutions based on business or threat requirements, with the engineering team's support.
3. Conduct breach and investigative analysis to trace activities related to advanced threats.
4. Investigate and escalate complex or high-severity security threats or incidents.
5. Serve as an escalation resource and mentor for other analysts.
6. Collaborate with SIEM engineering and security partners to develop and refine correlation rules.
7. Maintain expertise in advanced persistent threats, forensics, and incident response practices.
8. Perform threat hunting to identify emerging threat activities across internal and external sources.
9. Coordinate evidence gathering, documentation, and review security incident reports.
10. Assist in defining and driving strategic security initiatives.
11. Create and develop SOC processes and procedures in collaboration with Level 1 and Level 2 analysts.
12. Recommend improvements to security policies, procedures, and architecture based on operational insights.
13. Develop operational and executive reports.
14. Analyze security events to verify incidents, assessing their impact and risk to clients.
15. Prepare incident analysis reports and coordinate responses with relevant teams.
16. Support log integration activities and reduce false positives.
17. Assist during incident containment, investigation, eradication, and recovery phases.
18. Provide data support for SOC reports and metrics.
19. Monitor for false positives and work with engineering to address them.
20. Analyze recurring incidents and system performance, implementing corrective actions.
21. Document and update playbooks and procedures.

Minimum Requirements:

• 5+ years of experience in SOC operations, monitoring, and event analysis.
• Expertise in security monitoring and analysis platforms and related technologies.
• Excellent analytical and problem-solving skills.
• Advanced knowledge of SIEM/ SOAR technologies for event investigation.
• Strong understanding of incident handling and response techniques.
• Extensive experience in incident response, handling, and security operations.

Our Culture:

At Hulool Zaintech for Information Technology, we are proud of our culture and how it drives everything we do. We seek individuals who share our values and want to be part of a unique, engaging culture centered around collaboration and innovation. If you are looking for a role where you can enhance engagement and excellence across teams through commitment and collaboration, and are customer-centric with a focus on integrity and employee engagement, then read on to learn how you can join the Hulool Zaintech family.

Our Code of Conduct:

We strictly adhere to our code of conduct, which serves as a moral compass, providing a framework for responsible behavior and ethical decision-making. It outlines policies, standards, and procedures for our global operations, promoting integrity and ethical excellence across all countries we operate in. All employees review, understand, and adhere to this code annually, including new hires during onboarding.

Duties and Responsibilities:

1. Manage, configure, test, and integrate the SIEM system, focusing on content development such as reports, dashboards, real-time rules, filters, and channels.
2. Develop and deploy new content (use-cases) on SIEM solutions based on business or threat requirements, with the engineering team's support.
3. Conduct breach and investigative analysis to trace activities related to advanced threats.
4. Investigate and escalate complex or high-severity security threats or incidents.
5. Serve as an escalation resource and mentor for other analysts.
6. Collaborate with SIEM engineering and security partners to develop and refine correlation rules.
7. Maintain expertise in advanced persistent threats, forensics, and incident response practices.
8. Perform threat hunting to identify emerging threat activities across internal and external sources.
9. Coordinate evidence gathering, documentation, and review security incident reports.
10. Assist in defining and driving strategic security initiatives.
11. Create and develop SOC processes and procedures in collaboration with Level 1 and Level 2 analysts.
12. Recommend improvements to security policies, procedures, and architecture based on operational insights.
13. Develop operational and executive reports.
14. Analyze security events to verify incidents, assessing their impact and risk to clients.
15. Prepare incident analysis reports and coordinate responses with relevant teams.
16. Support log integration activities and reduce false positives.
17. Assist during incident containment, investigation, eradication, and recovery phases.
18. Provide data support for SOC reports and metrics.
19. Monitor for false positives and work with engineering to address them.
20. Analyze recurring incidents and system performance, implementing corrective actions.
21. Document and update playbooks and procedures.

Minimum Requirements:

• 5+ years of experience in SOC operations, monitoring, and event analysis.
• Expertise in security monitoring and analysis platforms and related technologies.
• Excellent analytical and problem-solving skills.
• Advanced knowledge of SIEM/ SOAR technologies for event investigation.
• Strong understanding of incident handling and response techniques.
• Extensive experience in incident response, handling, and security operations.