Job description
We’re on the hunt for a Cybersecurity Incident Response Specialist with the curiosity of a detective, the calm of a bomb disposal expert, and the analytical instincts of someone who enjoys untangling the world’s messiest PowerShell scripts.
You’ll be joining the NetWitness Incident Response team in Saudi Arabia, working alongside a group of battle-tested DFIR professionals who thrive on turning chaos into clarity.
You’ll investigate security incidents, perform digital forensics, analyze malware, and help organizations recover from the kind of problems that usually start with, "We just saw some unusual network traffic.
.." If you enjoy pulling threads to find out what really happened, and you’ve ever taken apart malware “just to see what makes it tick,” you’ll fit right in.
Key Responsibilities Conduct cyber incident investigations and digital forensic analysis (sans drama, but with precision).
Perform malware triage, memory forensics, and compromise assessments.
Document findings clearly enough that even your non-technical colleagues will think you’re a wizard.
Work with global NetWitness IR experts to respond to complex attacks and improve detection.
Share knowledge, challenge hypotheses, and occasionally utter phrases like “It depends” with confidence.
Work with some of the brightest minds in digital forensics and incident response.
Get hands-on with major cybersecurity incidents while using serious tooling (and a healthy dose of wit).
Be part of a team that values curiosity, professional rigor, and the occasional well-timed sarcastic observation.
Continual learning and growth opportunities through global collaboration and SANS-aligned training.
If this sounds like your sort of challenge — and you’ve been known to say “I’ll just have a quick look at that memory dump” moments before losing three hours — we’d quite like to hear from you.
At least 5 years of solid, hands-on experience in cybersecurity.
Minimum 2 years of direct involvement in incident response, digital forensics, or malware analysis.
Alternatively, visible public research or open-source projects in DFIR or malware analysis are perfectly acceptable — we value results over titles.
Strong technical foundation in Windows, Linux, and network investigations.
Comfortable using tools like NetWitness, Volatility, Velociraptor, or your own custom scripts.
Scripting skills in Python, PowerShell, or Bash – bonus points if you’ve written something that made your teammates both grateful and slightly afraid.
SANS certifications (GCFA, GREM, GNFA, GCFE, etc.
) are definite pluses, as is a calm demeanor during incidents that make others panic.
Fluency in English; Arabic proficiency is a welcome advantage.
This job post has been translated by AI and may contain minor differences or errors.
Preferred candidate
Years of experience
No experience required
Degree
Bachelor's degree / higher diploma
