DFIR Specialist - L2

If you are a self-motivated individual passionate about cybersecurity, we encourage you to apply for this exciting opportunity to join our dynamic team at CyberGate Defense.

Job Title: DFIR Specialist L2

Job Location: AbuDhabi Location/ Dubai

Job Role: Permanent

Responsibilities:

• Ability to forensically analyze systems for evidence of compromise.
• Investigate security incidents, conduct a detailed analysis of security events, and determine the root cause of security breaches.
• Conduct forensics analysis on endpoints and networks and investigate security incidents which involve digital forensic analysis, malware analysis, and log analysis.
• Identify security incidents through Hunting operations within a SIEM and other relevant tools.
• Coordinate and lead incident response efforts, including containment, eradication, and recovery activities.
• Develop and maintain incident response plans, playbooks, and standard operating procedures.
• Proactively hunt for potential security threats and vulnerabilities within the organization's networks, systems, and applications.
• Utilize various threat intelligence sources, security logs, and other tools to identify anomalous activities and potential security incidents.
• Collaborate with cross-functional teams, including IT, network operations, legal, and external partners, to ensure a comprehensive response to security incidents.
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques, and provide recommendations for security improvements and countermeasures.
• Conduct post-incident analysis and create detailed reports documenting the incident response process and lessons learned.
• Participate in security incident simulations and tabletop exercises to test the effectiveness of incident response plans.
• Assist in implementing and maintaining security monitoring tools and technologies.

Qualifications:

• Bachelor's degree in computer science, cybersecurity, or a related field (or equivalent work experience).
• Extensive experience in threat hunting, incident response, and cybersecurity operations.
• In-depth knowledge of security frameworks, such as MITRE ATT&CK, and industry-standard incident response methodologies.
• Strong understanding of network protocols, system logs, and security event management.
• Proficient in using various security tools, such as SIEM, IDS/IPS, EDR, and forensic analysis tools.
• Familiarity with cloud platforms, network security, and emerging technologies.
• Excellent analytical and problem-solving skills with the ability to analyze large datasets and identify patterns or indicators of compromise.
• Strong communication skills with the ability to effectively collaborate with cross-functional teams and communicate complex security issues to technical and non-technical stakeholders.
• Relevant certifications such as GCIH, GCFA will be an advantage.
• Experience with scripting or programming languages (e.g., Python, PowerShell) for automation and data analysis is a plus.
• Ability to work in a fast-paced environment, prioritize tasks, and handle multiple incidents simultaneously.
• Strong commitment to continuous learning and staying updated with the latest trends and best practices in threat hunting and incident response.