Lead Incident Response Specialist with AI capabilities

We are seeking a Lead Incident Response Specialist with AI capabilities to investigate, analyze and respond to cybersecurity incidents. The role involves examining security incidents that may negatively impact the client (including hacking attempts, intrusions, virus infections, mishandling of information and other security threats), providing support during large incidents and investigations and participating in threat hunting activities. The specialist will define, develop, maintain and regularly test incident response processes and procedures, as well as create use cases and scenarios to address new threats and improve security monitoring and alerting capabilities. Responsibilities Coordinate and provide expert technical support to enterprise-wide cybersecurity technicians to resolve cyber defense incidents Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation Conduct analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs and intrusion detection system [IDS] logs) to identify possible threats to network security Carry out cybersecurity incident triage, to include determining scope, urgency and potential impact, identifying the specific vulnerability and making recommendations that enable expeditious remediation Execute initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enterprise systems Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts Handle real-time cybersecurity incidents (e.g., forensic collections, intrusion correlation and tracking, threat analysis and direct system remediation) to support deployable Incident Response Teams (IRTs) Track and document cybersecurity incidents from initial detection through final resolution, write and publish cybersecurity techniques, guidance and reports on incident findings to appropriate constituencies Apply approved defense-in-depth principles and practices, collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cybersecurity incidents, and write and publish 'after action' reviews Monitor external data sources to maintain current awareness of cybersecurity threats and determine which security issues may have an impact on the organization Collaborate with threat intelligence analysts to correlate threat assessment data and report cyber incidents to the client Develop and maintain effective business relationships with internal functions, departments and external entities such as shareholders, government authorities, service providers and vendors Provide technical expertise to conduct market analysis for new technological developments and lead the development of RFPs and RFQs relevant to Enterprise Architecture, including negotiation of contractual terms and Service Level Agreements (SLA) Requirements Bachelor's degree in Information Technology, Computer Science, Information Security or equivalent Minimum 9 years of experience in information security or related technology Expertise in cybersecurity incident response, threat hunting and forensic analysis Proficiency in analyzing log files from host, network traffic and firewall or IDS sources Knowledge of defense-in-depth principles and intrusion artifact collection (source code, malware, Trojans) Skills in real-time incident handling, intrusion correlation and direct system remediation Understanding of threat intelligence correlation and cybersecurity reporting Capability to work within, or very close to, UAE business hours Nice to have CEH (Certified Ethical Hacker) GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler or GIAC Certified Forensics Analyst Certified Computer Forensics Examiner or Certified Reverse Engineering Analyst CompTIA Cybersecurity Analyst (CySA+) or CompTIA Security+