17 Incident Response jobs in Riyadh

Company Description

Innovative Solutions (IS) is a distinguished Cybersecurity company, founded in 2003 and headquartered in Riyadh, with a strong presence across the GCC region, including Al Khobar, Jeddah, Dubai, and Abu Dhabi. We specialize in a broad array of Cybersecurity solutions and services, encompassing Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

At Innovative Solutions, our mission is to "Bring Trust to Cyberspace" to ensure "Your Business, Secured ."

Role Description

As the Incident Response Team Lead at Innovative Solutions, you will oversee our incident response team's activities, ensuring swift and effective responses to cybersecurity incidents. You will lead investigations, coordinate responses, and develop strategies to improve our incident response capabilities. You will also mentor team members, promoting continuous improvement in processes and practices to enhance the cyber resilience of our organization and clients.

Responsibilities:

1. Lead and manage the incident response team, setting priorities, assigning tasks, and ensuring timely resolution of incidents
2. Provide mentorship, coaching, and skills development for team members
3. Act as the central escalation point of contact for critical and complex incidents
4. Develop and manage incident response metrics, reporting, and performance KPIs
5. Provide executive briefings and updates during major security incidents
6. Ensure incident response processes compliance with regulatory frameworks

DFIR Operations:

1. Oversee incident response lifecycle
2. Coordinate technical and business stakeholders during incidents, ensuring clear communication and structured escalation
3. Lead root cause analysis, digital forensics, and threat hunting activities for critical incidents
4. Ensure proper documentation of incidents, including timelines, actions taken, and lessons learned

Process and Improvements:

1. Develop, implement, and maintain incident response playbooks, runbooks, and escalation processes
2. Coordinate and lead tabletop exercises, red team/purple team simulations, and incident readiness drills
3. Collaborate with SOC, threat intelligence, vulnerability management, and IT/OT security teams to enhance detection and response capabilities

Requirements

1. Bachelor's degree in computer science, cyber security, or a related field. Master's degree is a plus
2. 3+ years of experience in cybersecurity, with a focus on incident response
3. Proven experience leading incident response teams and managing incidents effectively
4. Relevant certifications such as GCIA, GCIH, GCFA, GNFA, BTL1, OSDA, CDSA, or PSAA. CISSP is a plus
5. Strong expertise in incident response methodologies and frameworks
6. Excellent leadership, communication, and interpersonal skills
7. Ability to think critically and make sound decisions under pressure

Benefits

1. Comprehensive training and development programs
2. Opportunity for career growth and advancement
3. Friendly and supportive work environment

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Other

Industries

• IT Services and IT Consulting

Get AI-powered advice on this job and more exclusive features.

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity

technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, and citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us!

ABOUT THE ROLE:

This is a high-impact, hands-on role that puts you on the front lines of some of the most challenging incident response and threat hunting engagements. You’ll work across diverse industries, confronting real-world cyber threats and helping clients recover from complex incidents. Your expertise will directly shape outcomes, protect critical infrastructure, and contribute to a safer digital environment.

This role is ideal for professionals eager to sharpen their DFIR skills while operating in fast-paced, high-stakes environments.

YOUR MISSION

• Conduct root cause analysis to determine the initial attack vector in security incidents.
• Lead incident response engagements, including containment, eradication, and recovery guidance.
• Acquire and analyze disk and memory forensic images, as well as perform triage analysis.
• Recover deleted data, trace file execution, and validate indicators of compromise (IOCs).
• Develop attack hypotheses using adversary TTPs mapped to the MITRE ATT&CK framework.
• Prepare and deliver clear, actionable reports and findings to both technical and non-technical stakeholders.
• Maintain composure and communicate effectively in high-pressure, time-sensitive incidents.

WHAT SUCCESS LOOKS LIKE:

• Minimum first hands-on experience in Digital Forensics and Incident Response.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or equivalent professional experience.
• Proficiency in analyzing forensic artifacts such as:
• Windows registry
• Master File Table (MFT)
• Prefetch files
• Shellbags
• Experience working with EDR platforms and SIEM solutions.
• Strong understanding of attacker methodologies, MITRE ATT&CK, and the intrusion kill chain.

Additional requirements:

• Strong problem-solving mindset and attention to detail.
• Ability to remain calm under pressure during active incidents.
• One or more of the following: GCFA, GCIH, GNFA, GCFE, CHFI, GCFR, OSCP, or similar.

OUR WORK ENVIRONMENT & CULTURE:

At Group-IB, we believe that employee happiness is fundamental to success. We foster a supportive, inclusive, and dynamic workplace where every team member is empowered to grow. Whether you’re aiming to deepen your expertise, step into leadership, explore new departments, or take your career abroad, we provide diverse opportunities for professional development.

Our team is made up of specialists from around the world who bring deep international expertise and thrive on solving complex challenges. You’ll be working with cutting-edge technologies recognized globally by Gartner, IDC, and Forrester, and contributing to projects that span across 60 countries alongside 450+ partners and 500+ clients.

We take pride in our multicultural, values-driven culture—where mutual respect, collaboration, and shared goals unite us across borders. And with Group-IB’s continued global growth and financial stability, your career trajectory here can accelerate faster than in most traditional environments.

WHAT DO WE OFFER :

• Flexible Work Schedule
• We don’t believe in fixed hours—what matters is impact, not time spent. You have the freedom to design your own workday in a way that drives results and balance.
• Your well-being comes first. We offer health insurance to support you when it matters most.
• Certifications & Continuous Learning
• Our team holds over 1,000 globally recognized certifications, including CEH, CISSP, OSCP, and more. Through our incentive program, we cover the cost of professional development—because your growth fuels our innovation.
• From soft skills development to advanced technical training, a wide range of internal programs help you expand your skill set—and earn recognition and rewards along the way.
• Entrepreneurial spirit is encouraged
• We value initiative. Whether it’s launching a tech blog, organizing events, building communities, or starting a sports team—Group-IB is a place where bold ideas are supported and celebrated. .

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Computer and Network Security and Security and Investigations

Referrals increase your chances of interviewing at Group-IB by 2x

Riyadh, Riyadh, Saudi Arabia 23 hours ago

Riyadh, Riyadh, Saudi Arabia 14 hours ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Experience Required: Minimum 3 years in DFIR or related cybersecurity role

Employment Type: Full-time

About the Role:

Security Matterz is seeking a skilledDFIR Specialist to join our growing team. In this role, you will be responsible for investigating, analyzing, and responding to complex cybersecurity incidents, as well as conducting digital forensic investigations to support our clients.

Key Responsibilities:

• Lead digital forensic investigations on endpoints, networks, and cloud environments
• Perform incident response activities including containment, eradication, and recovery
• Analyze malware, logs, and artifacts to identify root cause and impact
• Develop and document investigation reports for internal and client use
• Collaborate with SOC, threat intelligence, and other security teams
• Support continuous improvement of DFIR processes, tools, and playbooks

Qualifications:

• Minimum 3 years of hands-on experience in DFIR, cybersecurity investigations, or incident response
• Strong knowledge of forensic tools (EnCase, FTK, X-Ways, Volatility, Autopsy, etc.)
• Experience with SIEM, EDR, and threat hunting tools
• Familiarity with NIST, SANS, and other incident handling frameworks
• Excellent analytical, documentation, and communication skills
• Relevant certifications (GCFA, GCFE, CHFI, CCE, or similar) are a plus

Why Join Us?

At Security Matterz, you’ll be part of a passionate team delivering high-impact cybersecurity services across multiple industries. We value innovation, expertise, and continuous growth.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Design, Art/Creative, and Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Security Matterz by 2x

Get notified about new Digital Specialist jobs in Riyadh, Riyadh, Saudi Arabia .

Riyadh, Riyadh, Saudi Arabia 16 hours ago

Riyadh, Riyadh, Saudi Arabia 20 hours ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from ACWA Power

Incident Response & Forensics Manager (IT & OT) - Saudi Nationals Only

ACWA Power is seeking an experienced Incident Response & Forensics Manager (IT & OT) to lead investigation and response efforts across our global IT infrastructure and industrial control systems (ICS/SCADA).

This is a high-impact role focused on managing major cyber incidents, conducting digital forensics, and ensuring the security of both digital systems and physical OT environments .

What You’ll Be Doing:

• Lead incident response and forensic investigations across IT and OT environments.
• Triage and escalate threats from SIEM, XDR, and threat detection platforms .
• Perform detailed root cause analysis and ensure timely remediation.
• Collaborate with IT, OT, legal, compliance, and external vendors to coordinate investigations and recovery.
• Develop and conduct incident response training and simulation exercises.
• Prepare incident reports for internal stakeholders and regulatory authorities.
• Ensure compliance with frameworks like NIST, ISO 27001, NERC-CIP, and ISA/IEC 62443 .

What You Bring:

• 5+ years in cybersecurity, with hands-on incident response and forensics experience.
• Strong technical knowledge of both enterprise IT and OT systems (SCADA, ICS, PLCs).
• Experience with Splunk , ELK , QRadar , forensic tools, and malware analysis.
• Certifications such as GCIA, GCIH, GCFA, CFCE, CISSP , or GICSP are preferred.
• Exceptional communicator, able to clearly report high-stakes incidents to both technical and business stakeholders.

Why Join Us:

This is your opportunity to secure the future of a company that powers millions across the globe. At ACWA Power, you'll play a mission-critical role protecting some of the most advanced digital and industrial infrastructures in the world.

Refrain from reaching the recruiter, please apply directly.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Services for Renewable Energy

Referrals increase your chances of interviewing at ACWA Power by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Experience Required: Minimum 3 years in DFIR or related cybersecurity role

Employment Type: Full-time

About the Role:

Security Matterz is seeking a skilledDFIR Specialist to join our growing team. In this role, you will be responsible for investigating, analyzing, and responding to complex cybersecurity incidents, as well as conducting digital forensic investigations to support our clients.

Key Responsibilities:

• Lead digital forensic investigations on endpoints, networks, and cloud environments
• Perform incident response activities including containment, eradication, and recovery
• Analyze malware, logs, and artifacts to identify root cause and impact
• Develop and document investigation reports for internal and client use
• Collaborate with SOC, threat intelligence, and other security teams
• Support continuous improvement of DFIR processes, tools, and playbooks

Qualifications:

• Minimum 3 years of hands-on experience in DFIR, cybersecurity investigations, or incident response
• Strong knowledge of forensic tools (EnCase, FTK, X-Ways, Volatility, Autopsy, etc.)
• Experience with SIEM, EDR, and threat hunting tools
• Familiarity with NIST, SANS, and other incident handling frameworks
• Excellent analytical, documentation, and communication skills
• Relevant certifications (GCFA, GCFE, CHFI, CCE, or similar) are a plus

Why Join Us?

At Security Matterz, you'll be part of a passionate team delivering high-impact cybersecurity services across multiple industries. We value innovation, expertise, and continuous growth.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Design, Art/Creative, and Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Security Matterz by 2x

Get notified about new Digital Specialist jobs in Riyadh, Riyadh, Saudi Arabia .

Riyadh, Riyadh, Saudi Arabia 16 hours ago

Riyadh, Riyadh, Saudi Arabia 20 hours ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Vectra is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Powered by patented Attack Signal Intelligence, it empowers security teams to rapidly prioritize, investigate and respond to the most advanced cyber-attacks. With 35 patents in AI-driven threat detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on Vectra AI to move at the speed and scale of hybrid attackers. For more information, visit

Position Overview : Serving in the role of Senior Security Analyst , you will join Vectra's MXDR team and use your knowledge of attack and penetration techniques to analyze and interpret real and persistent threats against our customers, piece together indicators of an attack to enumerate the kill-chain, and explain the observed threats in a meaningful and actionable way to both prospects and customers. This is a customer-facing role.

You will be responsible for post-sales customer engagement, planning, optimization, and follow-on services and support of the Vectra Platform along with EDR and 3rd party integrations at customer sites. The successful candidate will have sound technical experience and skills, blended with strong interpersonal, communication, and project management skills.

You will resolve complex cyber security challenges and help customers learn how to distinguish benign from malicious network behavior. Leveraging cloud data and advanced machine learning models, you will apply your experience in defending vulnerabilities in real-world networks to anticipate customer challenges and help progress the core technologies of the company – with a focus on empowering customers to get ahead of the threat.

This is a highly technical role and deep knowledge of Linux and networking is required, as well as a strong background in security. Resolving customer issues routinely includes working in complex product and infrastructure configurations, problem troubleshooting and isolation, performance tuning and optimization.

When not working with customers and analyzing the threats present within their networks, as an Analyst you are expected to research new security topics, engage in bug-hunts, and contribute to the community in a way that helps grow both your personal and company brands. As the voice of the customer, you will be an integral part of our success.

Your role at a glance

• Engage with enterprise customers as a Vectra product expert to support implementation of the Vectra solution at their sites.
• Assist customers with the integration of Vectra into existing ecosystem and tools
• Conduct health checks and architecture reviews, providing technical expertise and real-life experience in creating solutions, designs, and recommendations
• Identify blind spots in customer network security architecture and provide expert guidance on remediation
• Be a strong voice for your customers across business to identify new detection models, identify new product features, build content for both internal and external customer knowledge bases, and ensure that successful Vectra deployments.
• Drive high levels of customer satisfaction
• Provide training and guidance to customers in proper usage of the Vectra platform.
• Analyze threats, piece-together exploitation trails, and study lateral movements of attackers within customer networks
• Expertly explain to customers your conclusions and recommendations for mitigating or remediating an in-progress attack
• Provide an attackers-eye-view to the evidence presented by the clients' products and educate customers to the technical nature of the threat
• Pursue security research topics that contribute to the knowledge and enumeration of new threats
• Travel expected 20-30%

To be successful in your new role, you have

• Solid experience working in a technical customer-facing role or in an end user/customer environment
• Relevant professional security consulting experience
• Demonstrated experience in working with broad cross-functional teams
• Exceptional ability of presenting and explaining technology to people with less technical knowledge
• Excellent organizational, analytical, and writing skills
• Ability to work independently and adapt quickly

• Good understanding of security product lines (firewalls, sandboxing, SIEM, forensics-type platforms)
• Understanding of network architectures including SPAN/mirroring configuration & network monitoring technologies (switching technologies)
• Understanding of network protocols such as TCP/IP, DHCP, DNS, NAT, VPN, PKI, RADIUS, etc.
• Good understanding of SQL and non-SQL databases
• Proficiency with packet capture tools, PCAPs, and their analysis
• Experience with EDR tools including Crowdstrike, Microsoft Defender for Endpoint (MDE) & SentinelOne

• Experience with Active Directory, LDAP, VPN, firewalls, policy management, and LAN/WAN/Internet services administration
• Understanding of Cloud architecture for AWS and/or Azure; experience deploying in Cloud (AWS/Azure) architecture environments
• Scripting skills (preferably Python or Powershell) highly desired. Open source development a plus.
• Experience working with LLMs, prompt design & iteration

Vectra provides a comprehensive total rewards package that supports the financial, physical, mental and overall health of our employees and their families. Compensation includes competitive base pay, incentive plan eligibility, and participation in the employee equity plan (stock options). Specific benefits offered varies by location, but commonly include health care insurance, income protection / life insurance, access to retirement savings plans, behavioral & emotional wellness services, generous time away from work, and a comprehensive employee recognition program.

Vectra is committed to creating a diverse environment and is proud to be an equal opportunity employer.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

• Director

• Full-time

• Information Technology

• Computer and Network Security

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Join to apply for the Cyber Security Analyst role at Dkhoon Emirates

Get AI-powered advice on this job and more exclusive features.

We are looking for a proactive and skilled Cyber Security Analyst to join our in-house IT team. The ideal candidate will be responsible for strengthening our organisation’s security posture, ensuring systems are secure, compliant, and resilient against evolving threats.

Key Responsibilities:

Conduct network vulnerability assessments and penetration testing (VAPT) to identify and mitigate security risks.

Perform firewall configuration reviews and internal network assessments to maintain a strong security infrastructure.

Deliver web and mobile application security assessments, ensuring alignment with OWASP Top 10 standards.

Support implementation of data protection and privacy frameworks, including Personal Data Protection Act (PDPA) or similar regulations relevant to our operations.

Prepare and present technical reports and executive summaries, outlining security observations, risk analysis, and actionable remediation plans.

Collaborate with IT and compliance teams to ensure alignment with CIS Controls, ISO 27001, and GDPR basics.

Manage and monitor endpoint protection, IDS/IPS systems, and SIEM tools to proactively detect and respond to threats.

Assist in incident response procedures, root cause analysis, and implementing preventive measures.

Automate routine security tasks using PowerShell, Bash, or Python scripting to improve efficiency.

Required Skills & Expertise:

️ Firewall & VPN configuration: FortiGate, Cisco ASA, Palo Alto

️ Penetration testing tools: Nmap, Metasploit, Burp Suite, Nessus, Wireshark

️ Identity and Access Management (IAM)

️ Incident Response procedures and frameworks

️ Good scripting knowledge in PowerShell, Bash, and Python for automation and security analysis

️ Strong understanding of cloud security fundamentals and compliance frameworks (e.g. PDPA, ISO 27001, GDPR basics)

Qualifications:

Bachelor’s Degree in IT or Cyber Security (or equivalent work experience)

Relevant certifications such as CompTIA Security+, CEH, eJPT, or INE Certified Cloud Associate are preferred.

Who You Are:

Analytical with strong problem-solving abilities

Excellent communicator with skills to collaborate across IT, compliance, and management teams

Passionate about cyber security best practices and continuous learning

Able to work independently to proactively identify and address security issues within the organization

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Retail

Referrals increase your chances of interviewing at Dkhoon Emirates by 2x

Get notified about new Cyber Security Analyst jobs in Riyadh, Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

The Cyber Analyst performs real-time event and incident management processes within the SOC, including internal security incident evaluation and response, following established guidelines and policies.

1. Monitor and analyze logs in real-time using leading SIEM technology.
2. Identify security incidents and conduct first-level investigations.
3. Escalate incidents to Level 2 Analysts for further response.

• Bachelor's degree in Computer Science or a related field.
• Master's degree in Information Security is preferred.
• Ability to work on a flexible, rotational 24x7x365 schedule.
• Strong adherence to processes, procedures, and task prioritization.
• Knowledge of attack techniques and current threat landscape is desirable.
• Understanding of TCP/IP, Linux, Windows infrastructures, and basic network security concepts.
• Excellent communication skills in English.
• Analytical and troubleshooting skills for quick resolution.
• Prior experience with SIEM/Log Analysis is a plus but not required.