3 Security Incident jobs in Saudi Arabia

Get AI-powered advice on this job and more exclusive features.

Lead the establishment and operations of Syria's national cyber incident response capability at the newly formed National Cybersecurity Center led by Syria Ministry of communication and information Technology, in collaboration with Cipher Saudi Arabia. As Incident Response Director, you will build the country's first dedicated cyber crisis management function, capable of coordinating responses to incidents affecting critical national infrastructure, government institutions, and essential services. This pivotal leadership role will develop Syria's ability to detect, contain, and recover from sophisticated cyber attacks while building resilience across the nation's digital ecosystem.

Level

Location

Requirements

• 10+ years of experience in cybersecurity with focus on incident response
• 5+ years leading incident response teams or programs
• Bachelor's degree required; Advanced degree in Cybersecurity, Computer Science, or related field preferred
• Proven experience handling major security incidents or breaches
• Deep knowledge of incident response methodologies, frameworks, and playbooks
• Strong understanding of digital forensics techniques and toolsets
• Experience coordinating multi-stakeholder responses to complex security incidents
• Background in crisis management and emergency response operations
• Fluency in Arabic and English (written and verbal)

Who You Are

• A battle-tested incident response leader with exceptional crisis management skills
• Methodical thinker who can maintain clarity and structure during high-pressure situations
• Diplomatic professional capable of coordinating diverse stakeholders during incidents
• Technical expert with deep understanding of attack vectors and mitigation strategies
• Effective communicator able to translate technical details to both technical and non-technical audiences
• Adaptable problem-solver who thrives in ambiguous and rapidly evolving scenarios
• Meticulous planner who develops robust response protocols while remaining flexible
• Committed mentor focused on building sustainable incident response capabilities

Nice to Have

• Experience establishing national or sectoral CERT/CSIRT operations
• Background in national security, military, or law enforcement cyber operations
• GCIH, GCFA, CISM, or other incident response certifications
• Experience with critical infrastructure protection and ICS/SCADA security
• Knowledge of regional threat actors and cyber threat landscape in the Middle East
• Background in malware analysis and reverse engineering
• Experience coordinating with international incident response organizations
• Understanding of legal and regulatory aspects of cyber incident handling

What You Will Be Doing

• Establish Syria's national incident response capability from the ground up
• Develop comprehensive incident response frameworks, playbooks, and protocols
• Build and lead teams specialized in containment, eradication, and recovery from cyber attacks
• Create national incident classification scheme and escalation procedures
• Establish digital forensics capabilities for evidence collection and analysis
• Coordinate incident response activities with government agencies, critical infrastructure operators, and international partners
• Lead responses to significant national cyber incidents, serving as incident commander
• Develop post-incident analysis methodologies and lessons learned processes
• Create training programs to build incident response capabilities across Syrian organizations
• Represent Syria in international incident response communities and information sharing forums

What You Will Need

• Expert knowledge of incident response procedures and best practices
• Strong leadership abilities, especially during crisis situations
• Excellent analytical and problem-solving skills
• Digital forensics knowledge and experience
• Crisis communication capabilities
• Documentation and reporting skills
• Ability to work effectively under extreme pressure
• Willingness to relocate to Damascus, Syria

Why Join Us

This role offers an unprecedented opportunity to establish critical national security capabilities that will protect Syria's digital future. You'll build incident response functions from the foundation up, implementing world-class practices while adapting to local needs and challenges. Your work will directly impact the nation's ability to withstand and recover from cyber attacks, protecting essential services and critical infrastructure that millions of citizens depend on. Few cybersecurity positions offer this level of national impact and the chance to build lasting security capabilities.

Be Part of Cipher Syria

By joining Cipher Syria, you'll become part of an elite team establishing the country's premier cybersecurity institution. You'll leverage Cipher's global expertise, methodologies, and resources while having the autonomy to build response capabilities tailored to Syria's unique security landscape. This role combines the stability and backing of an established organization with the excitement and growth potential of a groundbreaking national initiative. Help us establish Syria as a leader in cybersecurity resilience while advancing your career at the forefront of national cyber defense.

• Seniority level Director

• Employment type Full-time

• Job function Information Technology
• Industries Computer and Network Security

Referrals increase your chances of interviewing at Cipher | سايڤر by 2x

Get notified about new Director of Cyber Security jobs in Riyadh, Saudi Arabia .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from ACWA Power

Incident Response & Forensics Manager (IT & OT) - Saudi Nationals Only

ACWA Power is seeking an experienced Incident Response & Forensics Manager (IT & OT) to lead investigation and response efforts across our global IT infrastructure and industrial control systems (ICS/SCADA).

This is a high-impact role focused on managing major cyber incidents, conducting digital forensics, and ensuring the security of both digital systems and physical OT environments .

What You’ll Be Doing:

• Lead incident response and forensic investigations across IT and OT environments.
• Triage and escalate threats from SIEM, XDR, and threat detection platforms .
• Perform detailed root cause analysis and ensure timely remediation.
• Collaborate with IT, OT, legal, compliance, and external vendors to coordinate investigations and recovery.
• Develop and conduct incident response training and simulation exercises.
• Prepare incident reports for internal stakeholders and regulatory authorities.
• Ensure compliance with frameworks like NIST, ISO 27001, NERC-CIP, and ISA/IEC 62443 .

What You Bring:

• 5+ years in cybersecurity, with hands-on incident response and forensics experience.
• Strong technical knowledge of both enterprise IT and OT systems (SCADA, ICS, PLCs).
• Experience with Splunk , ELK , QRadar , forensic tools, and malware analysis.
• Certifications such as GCIA, GCIH, GCFA, CFCE, CISSP , or GICSP are preferred.
• Exceptional communicator, able to clearly report high-stakes incidents to both technical and business stakeholders.

Why Join Us:

This is your opportunity to secure the future of a company that powers millions across the globe. At ACWA Power, you'll play a mission-critical role protecting some of the most advanced digital and industrial infrastructures in the world.

Refrain from reaching the recruiter, please apply directly.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Services for Renewable Energy

Referrals increase your chances of interviewing at ACWA Power by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.