Incident Response Security Engineer

About the job

Incident Response Security Engineer

Position Overview

Our client is seeking a highly skilled and detail-oriented Incident Response Security Engineer to join their team in Dubai. The ideal candidate will lead host-based investigations and compromise assessments across Unix/Linux and Windows environments, leveraging UAC and large-scale artifact triage to identify, contain, and remediate advanced threats within telecommunications infrastructures.

Key Responsibilities & Role

1. Incident Detection & Investigation (Telecom & Host-Based)

• Investigate security incidents within telecommunications environments, including core network, signaling, and service platforms.
• Analyze incidents involving telecom protocols and systems (e.g., SS7, SIP, Diameter, VoIP, signaling infrastructure).
• Perform deep host-based investigations on compromised systems.
• Conduct advanced investigations on Unix/Linux-based systems and supporting services.

2. Compromise Assessment & Threat Analysis

• Lead and support compromise assessments to determine attacker presence, persistence, and lateral movement.
• Execute large-scale artifact triage across enterprise Windows and Linux fleets.
• Identify indicators of compromise (IOCs), attacker techniques, and affected assets.

3. Digital Forensics & Artifact Collection

• Collect and analyze host artifacts such as logs, processes, memory, persistence mechanisms, and network connections.
• Use and customize UAC (Unix-like Artifacts Collector) scripts for scalable evidence collection.
• Ensure forensic soundness and proper evidence handling.

4. Containment, Eradication & Recovery

• Recommend and execute containment strategies tailored to telecom infrastructure and production systems.
• Support eradication of malicious artifacts and validate system integrity post-remediation.
• Work closely with operations teams to minimize service disruption.

5. Threat Hunting & Proactive Detection

• Conduct proactive threat hunting across Unix/Linux and Windows systems using known TTPs and telecom-specific threat models.
• Correlate host-based findings with network and signaling activity.

6. Incident Response Process & Playbooks

• Contribute to the development and refinement of incident response playbooks for telecom environments.
• Improve investigation workflows for host-based and large-scale incident scenarios.

7. Reporting, Collaboration & Knowledge Transfer

• Produce clear technical reports detailing findings, impact, and remediation actions.
• Brief stakeholders, SOC teams, and leadership on incident scope and risk.
• Share investigation techniques and lessons learned to strengthen detection capabilities.

Qualifications & Skills

• Background in telecommunications incident response and is familiar with telecom concepts and protocols.
• Prior investigation experience on Unix-based systems.
• Investigation background with direct experience in host-based investigations.
• Practical experience in using or customizing UAC script.
• Prior experience in conducting compromise assessments and large-scale artifact triage across both Windows and Linux environments.