Incident Response Security Engineer

Position Overview:Our client is seeking a highly skilled and detail-oriented Incident Response Security Engineer to join their team in Dubai. The ideal candidate will lead host-based investigations and compromise assessments across Unix/Linux and Windows environments, leveraging UAC and large-scale artifact triage to identify, contain, and remediate advanced threats within telecommunications infrastructures.Key Responsibilities & Role:1. Incident Detection & Investigation (Telecom & Host-Based):Investigate security incidents within telecommunications environments, including core network, signaling, and service platforms.Analyze incidents involving telecom protocols and systems (e.g., SS7, SIP, Diameter, VoIP, signaling infrastructure).Perform deep host-based investigations on compromised systems.Conduct advanced investigations on Unix/Linux-based systems and supporting services.2. Compromise Assessment & Threat Analysis:Lead and support compromise assessments to determine attacker presence, persistence, and lateral movement.Execute large-scale artifact triage across enterprise Windows and Linux fleets.Identify indicators of compromise (IOCs), attacker techniques, and affected assets.3. Digital Forensics & Artifact Collection:Collect and analyze host artifacts such as logs, processes, memory, persistence mechanisms, and network connections.Use and customize UAC (Unix-like Artifacts Collector) scripts for scalable evidence collection.Ensure forensic soundness and proper evidence handling.4. Containment, Eradication & Recovery:Recommend and execute containment strategies tailored to telecom infrastructure and production systems.Support eradication of malicious artifacts and validate system integrity post-remediation.Work closely with operations teams to minimize service disruption.5. Threat Hunting & Proactive Detection:Conduct proactive threat hunting across Unix/Linux and Windows systems using known TTPs and telecom-specific threat models.Correlate host-based findings with network and signaling activity.6. Incident Response Process & Playbooks:Contribute to the development and refinement of incident response playbooks for telecom environments.Improve investigation workflows for host-based and large-scale incident scenarios.7. Reporting, Collaboration & Knowledge Transfer:Produce clear technical reports detailing findings, impact, and remediation actions.Brief stakeholders, SOC teams, and leadership on incident scope and risk.Share investigation techniques and lessons learned to strengthen detection capabilities.Qualifications & Skills:Background in telecommunications incident response and is familiar with telecom concepts and protocols.Prior investigation experience on Unix-based systems.Investigation background with direct experience in host-based investigations.Practical experience in using or customizing UAC script.Prior experience in conducting compromise assessments and large-scale artifact triage across both Windows and Linux environments.#J-18808-Ljbffr