Senior DFIR & Threat Hunting Engineer

We are seeking an experienced Senior DFIR & Threat Hunting Engineer with 6–8 years of hands-on expertise to join our cybersecurity team. The ideal candidate will have strong capabilities in digital forensics, threat hunting, cloud incident response, and advanced analysis across hybrid environments. If you excel in identifying, analyzing, and containing sophisticated cyber threats, we welcome your application.

Key Responsibilities

• Monitor and analyze threat intelligence feeds, industry alerts, and security reports to identify emerging threats.
• Lead digital forensic investigations for incidents such as APT attacks, ransomware, insider threats, and major breaches.
• Utilize forensic tools (FTK, EnCase, Cellebrite, Oxygen, Volatility, etc.) to collect, preserve, and analyze digital evidence while maintaining proper chain-of-custody.
• Conduct deep technical analysis of events sourced from SIEM, IDS/IPS, firewalls, EDR solutions, and network traffic logs.
• Develop and execute advanced threat-hunting queries, detection logic, and custom rules to identify sophisticated threats.
• Perform host-based forensics across Windows, Linux, macOS, and mobile platforms.
• Conduct network forensics using NDR tools, including Security Onion and other network analysis platforms.
• Perform initial malware analysis to determine behavior, intent, and potential impact.
• Proactively hunt threats using indicators of compromise (IOCs) and adversary TTPs aligned to MITRE ATT&CK.
• Develop and maintain threat-hunting playbooks and runbooks.
• Prepare detailed investigation reports for internal stakeholders and leadership.
• Contribute to remediation strategies and support recovery operations during incident response.
• Automate forensic and incident analysis workflows using Python, PowerShell, or similar scripting languages.
• Execute cloud incident response activities across Microsoft Azure and AWS.
• Ensure incidents are managed and closed within SLA time frames in alignment with security governance procedures.

Qualifications & Experience

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related field.
• 6–8 years of hands-on experience in DFIR, Incident Response, or Threat Hunting.
• Mandatory: DFIR-related certifications.
• Preferred: SANS certifications (GCFA, GCFE, GCIH).

Core Competencies

• Strong expertise in Digital Forensics, Threat Hunting, and Incident Response.
• Proficiency with forensic tools such as EnCase, FTK, Oxygen, Cellebrite, and Volatility.
• Experience using SIEM platforms (Splunk, Microsoft Sentinel) and EDR technologies.
• Ability to develop advanced KQL queries for threat detection and investigation.
• Skilled in host, network, and mobile forensics, including PCAP analysis and log investigation.
• Hands-on experience with cloud forensics across AWS and Azure.
• Strong scripting abilities (Python, PowerShell).
• Excellent written and verbal communication skills for conveying technical findings.
• Ability to work effectively under pressure and manage multiple concurrent investigations.
• Strong analytical thinking, attention to detail, and problem-solving skills.

Working Relationships

• Collaborate closely with internal Technology, Cyber Defense, SOC, Threat Intelligence, and Engineering teams.
• Limited and controlled interaction with external customers or stakeholders.

Job Type: Full-time

Pay: AED20,000.00 - AED27,000.00 per month

Application Question(s):

• How many years of hands-on experience do you have in DFIR or Threat Hunting?
• Do you hold any DFIR-related certifications (GCFA, GCFE, GCIH, CHFI, etc.)?
• How many complete digital forensic investigations have you personally led (not assisted)?
• Have you worked with any of the following forensic tools? (Select all that apply)

EnCase

FTK

Cellebrite

Oxygen

Volatility

None of the above

• Do you have experience writing advanced KQL queries for threat detection or hunting?
• How many years of experience do you have with cloud incident response (Azure or AWS)?
• Have you conducted memory forensics using Volatility or similar tools in real investigations?
• Which SIEM tools have you worked with? (Select all that apply)

Microsoft Sentinel

Splunk

QRadar

Elastic

None

• Do you have hands-on experience with host, network, and mobile forensics?