Senior Incident Response Specialist (+AI)

• Bachelor's degree in Information Technology, Computer Science, Information Security, or an equivalent field
• At least 5 years of experience in information security or a related technology field
• Proven expertise in cybersecurity incident response, threat hunting, and forensic analysis
• Competence in analyzing log files from host, network traffic, and firewall or IDS sources
• Familiarity with defense-in-depth principles and the collection of intrusion artifacts (source code, malware, Trojans)
• Proficiency in real-time incident handling, intrusion correlation, and direct system remediation
• Knowledge of threat intelligence correlation and cybersecurity reporting
• Ability to work within, or in close proximity to, UAE business hours

Nice to have:

• CEH (Certified Ethical Hacker)
• GIAC Certified Intrusion Analyst, GIAC Certified Incident Handler, or GIAC Certified Forensics Analyst
• Certified Computer Forensics Examiner or Certified Reverse Engineering Analyst
• CompTIA Cybersecurity Analyst (CySA+) or CompTIA Security+

• Coordinate and deliver expert technical assistance to enterprise-wide cybersecurity technicians for resolving cyber defense incidents
• Correlate incident data to pinpoint specific vulnerabilities and provide recommendations enabling rapid remediation
• Perform analysis of log files from multiple sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to detect potential threats to network security
• Perform cybersecurity incident triage, including assessing scope, urgency, and potential impact, pinpointing the specific vulnerability, and recommending actions for rapid remediation
• Conduct forensically sound initial image collection and examine them to identify possible mitigation/remediation on enterprise systems
• Receive and evaluate network alerts originating from various enterprise sources and ascertain the possible causes behind such alerts
• Manage real-time cybersecurity incidents (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) to support deployable Incident Response Teams (IRTs)
• Track and document cybersecurity incidents from initial detection through to final resolution, and author and publish cybersecurity techniques, guidance, and reports on incident findings to relevant audiences
• Apply approved defense-in-depth principles and practices, gather intrusion artifacts (e.g., source code, malware, Trojans), leverage discovered data to facilitate mitigation of potential cybersecurity incidents, and author and publish 'after action' reviews
• Monitor external data sources to stay current on cybersecurity threats and determine which security issues may affect the organization
• Work with threat intelligence analysts to correlate threat assessment data and report cyber incidents to the client
• Build and sustain effective business relationships with internal functions, departments, and external entities including shareholders, government authorities, service providers, and vendors
• Provide technical expertise for conducting market analysis on new technological developments and lead the creation of RFPs and RFQs related to Enterprise Architecture, including the negotiation of contractual terms and Service Level Agreements (SLA)

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.