Incident Response Specialist

About the Role

Acuative Middle East is seeking a charismatic and articulate Incident Response Specialist to join our team in Jeddah, Saudi Arabia. The ideal candidate is a natural diplomat, eager to learn and share knowledge, with a proven ability to develop innovative solutions. You will be instrumental in responding to global cyber incidents, protecting our customers from both internal and external threats, and may require working non-traditional hours.

Responsibilities

• Address global cyber incidents stemming from internal and external threats to our clientele, potentially involving irregular working hours.
• Detect, contain, and remediate emerging threats by understanding current adversary attack methodologies.
• Conduct host-centric analysis using various forensic tools such as EDR, X-Ways, Volatility, Cisco Secure Endpoint, and Velociraptor.
• Perform network forensic analysis, leveraging network telemetry to aid investigations.
• Clearly articulate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle in relation to known adversary activities.
• Translate technical findings into business impacts, communicating them effectively to non-technical stakeholders.
• Assist in scoping incidents, aligning objectives with clients, and collaborating within a team of consultants during emergency engagements.
• Proactively hunt for adversaries within customer networks using diverse tools and techniques, based on threat hunting principles.
• Understand and potentially facilitate Table-Top Exercises.
• Conduct Incident Response Readiness Assessments, including interviews and document reviews.
• Contribute to the development of written assessments and reports for both internal and external audiences, including technical teams, leadership, and executives.
• Act as a liaison between various businesses and collaborate with security teams.
• Participate in incident response consulting projects as assigned.
• Drive process improvements to ensure efficient, consistent, and scalable consulting operations.
• Contribute to the creation of public-facing content like blog posts, podcasts, whitepapers, or conference presentations.

Required Skills and Experience

• Proficiency in responding to cyber incidents, understanding current threats, attacks, and countermeasures (e.g., Ransomware, Cyber Crime, Hacktivism).
• Familiarity with host-centric analysis and forensic tools (e.g., EDR, X-Ways, Volatility, Cisco Secure Endpoint, Velociraptor).
• Experience with network forensic analysis and leveraging network telemetry.
• Strong understanding of the Incident Response Lifecycle and Attack Life Cycle.
• Ability to map technical findings to business impacts for diverse audiences.
• Experience with threat hunting methodologies and tools.
• Knowledge of Table-Top Exercises and Incident Response Readiness Assessments.
• Skills in developing written communications, assessments, and reports.
• Experience collaborating with cross-functional teams and external clients.
• A proactive approach to process improvement and documentation.
• Interest in developing public-facing security content.
• Willingness to be on-call and work off-shift hours, including nights, weekends, and holidays.

Additional Information

While not a strict requirement, industry certifications such as CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE are highly valued as they demonstrate relevant expertise.

Prior experience in information security and handling cyber security incidents is preferred.