Cyber Security Analyst - Dubai

Lead and coordinate Incident Response (IR) activities from detection through containment, eradication, and recovery—ensuring zero-delay execution and clear communication across technical and executive stakeholders · Architect, tune, and manage enterprise-wide SIEM solutions (Splu ...

Job description

• Lead and coordinate Incident Response (IR) activities from detection through containment, eradication, and recovery—ensuring zero-delay execution and clear communication across technical and executive stakeholders
• Architect, tune, and manage enterprise-wide SIEM solutions (Splunk, QRadar, Sentinel, Chronicle, or similar) to optimize detection coverage, reduce false positives, and enable real-time threat visibility
• Drive Cyber Resilience initiatives: design and test business continuity plans, conduct tabletop exercises, and validate organizational readiness against ransomware, supply chain attacks, and APT campaigns
• Establish and enforce streamlined workflows for alert triage, escalation, and remediation—eliminating bottlenecks and ensuring SLA adherence during critical incidents
• Handle unexpected security events with composure, rapidly assessing impact, mobilizing resources, and adapting tactics in dynamic threat landscapes
• Develop and maintain threat detection use cases, correlation rules, and automated response playbooks
• Produce post-incident reports with actionable intelligence and root cause analysis to continuously improve security posture
• Facilitate tabletop exercises and crisis simulations to stress-test organizational response capabilities and identify coordination gaps before real incidents occur
• Coordinate crisis communications during active incidents, translating technical developments into clear briefings for legal, PR, and executive leadership
• Conduct proactive threat hunting operations beyond automated alerts to identify latent adversaries and advanced persistent threats
• Map security controls and detection capabilities to DESC ISR and MITRE ATT&CK framework, identifying coverage gaps and prioritizing defensive improvements

Desired Candidate Profile

• 4+ years in information security with demonstrated hands-on incident response and digital forensics experience
• Deep expertise with enterprise SIEM platforms (Splunk ES, Microsoft Sentinel, IBM QRadar, Chronicle SIEM, or Elastic Security)—including log source onboarding, parsing, and advanced correlation logic
• Proven track record of coordinating security workflows across SOC, IT, legal, and executive teams with precision timing and accountability
• Experience building and testing cyber resilience frameworks: disaster recovery, backup integrity validation, and crisis communication protocols
• Ability to operate decisively during high-pressure, ambiguous situations with limited initial information
• Hands-on purple teaming or attack simulation experience—ability to think like an adversary to strengthen defensive controls and detection logic
• Practical knowledge of supply chain security risks and third-party vendor assessment methodologies
• Experience with chaos engineering or failure injection testing to validate system recovery and organizational response under simulated duress.

Preferred Certifications & Skills

• Splunk Core Certified Power User or Splunk Enterprise Security Certified Admin
• Microsoft Certified: Security Operations Analyst Associate
• EC-Council Certified Incident Handler (ECIH) or Certified SOC Analyst (CSA)
• GIAC Certified Intrusion Analyst (GCIA)
• Certified Threat Intelligence Analyst (CTIA) or GIAC Cyber Threat Intelligence (GCTI)
• Familiarity with SOAR platforms (Splunk SOAR, Palo Alto XSOAR, Chronicle SOAR) for workflow automation
• Experience with threat intelligence platforms (MISP, ThreatConnect, Mandiant Advantage, Recorded Future)
• Purple teaming tools (Atomic Red Team, Caldera, Prelude Operator) for adversary emulation
• Supply chain security frameworks (SLSA, SSDF, or vendor risk management platforms)
• Scripting abilities (Python, PowerShell, KQL, SPL) for automation, custom detection logic, and threat hunting
• Understanding of cloud security (AWS GuardDuty, Azure Sentinel, GCP Security Command Center) and hybrid architectures
• Knowledge of regulatory resilience requirements (DESC ISR, ISO 27001)