Senior Incident Response Engineer – Telecom Cybersecurity

We are looking for a highly skilled and proactive Incident Response Engineer with at least 5 years of hands-on cybersecurity experience, including a strong background in the telecom industry. This role is critical to ensuring rapid detection, investigation, containment, and resolution of security incidents. You will collaborate with cross-functional teams to improve the organization’s security posture and operational resilience in a fast-paced telecom environment.

Key Responsibilities:

• Monitor and triage security alerts from telecom-focused SIEM, EDR, and threat intelligence platforms.
• Investigate security incidents involving signaling networks (SS7, Diameter, SIP), subscriber data, and telecom infrastructure.
• Lead incident response lifecycle phases: detection, analysis, containment, eradication, recovery, and post-incident review.
• Utilize tools like Splunk, IBM QRadar, CrowdStrike, Palo Alto Cortex XDR, and Wireshark for forensic and packet analysis.
• Coordinate with SOC teams, NOC, IT Ops, and Core Network teams for effective incident resolution.
• Develop and maintain incident response runbooks specific to telecom use cases (e.g., network intrusions, signaling fraud, SIM cloning, BSS/OSS attacks).
• Conduct threat hunting and IOC correlation to detect stealthy attacks across telecom infrastructure.
• Analyze malware and conduct memory and disk forensics using tools such as Volatility, FTK, EnCase, and Autopsy.
• Stay current on threats to the telecom sector including APT groups, signaling layer exploits, and SS7/Diameter vulnerabilities.
• Support regulatory compliance (e.g., NCA, TRA, GDPR, SAMA) and law enforcement requests by providing forensic evidence and incident reports.
• Organize and lead tabletop exercises and breach simulations involving telecom-specific threat scenarios.

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or a related discipline.
• Minimum 5 years of cybersecurity experience, with at least 3 years in incident response.
• Mandatory experience in the telecom industry, including knowledge of core network architecture (4G/5G), VAS, BSS/OSS systems, and network signaling protocols (e.g., SS7, SIP, Diameter).
• Strong understanding of network security, TCP/IP, firewalls, proxies, and telecom-specific attack surfaces.
• Hands-on experience with SIEM tools (Splunk, QRadar), EDR platforms (CrowdStrike, SentinelOne, Cortex XDR), and forensic tools.
• Proficiency in Python, Bash, or PowerShell scripting for automation and custom parsing.
• Solid grasp of MITRE ATT&CK, NIST 800-61, ISO/IEC 27035, and telecom security best practices.
• Relevant certifications: GCIA, GCIH, CEH, CISSP, OSCP, or equivalent are highly preferred.

Key Skills & Tools:

• Telecom Cybersecurity
• Incident Detection & Response
• Threat Hunting & IOC Analysis
• SIEM (Splunk, QRadar), EDR (CrowdStrike, Cortex XDR)
• Signaling Protocols: SS7, Diameter, SIP
• Packet Analysis & Forensics (Wireshark, FTK, EnCase)
• Security Automation & Scripting (Python, PowerShell)
• Regulatory & Compliance (NCA, SAMA, GDPR)
• Malware Analysis & Reverse Engineering
• Security Documentation & Playbook Development