Information Security Engineer

We are urgently seeking an experienced Level 3 SOC Engineer to strengthen our clients Security Operations Center in Dubai, UAE. This senior technical role serves as the escalation point for complex cyber threats, leads advanced incident investigations, conducts proactive threat hunting, develops detection capabilities, and mentors L1/L2 analysts to enhance overall security posture and minimise threat dwell time.

Key Responsibilities

• Act as the primary escalation point for high-severity (P1/P2) security incidents escalated from L1/L2 teams; lead in-depth investigations, root-cause analysis, and advanced forensics across endpoints, networks, cloud, and applications.
• Perform proactive threat hunting using SIEM, EDR, threat intelligence feeds, and MITRE ATT&CK framework to identify hidden or persistent threats (APTs, zero-days, insider risks).
• Conduct malware reverse engineering, packet analysis (e.g., Wireshark), memory forensics, and behavioral analysis to understand adversary TTPs and develop containment/remediation strategies.
• Develop, tune, and maintain custom detection rules, correlation rules, use cases, and playbooks in SIEM/EDR platforms to improve alert quality and reduce false positives.
• Lead or support major incident response activities, including containment, eradication, recovery, and post-incident reporting; coordinate with internal teams, external IR partners, and authorities when required.
• Integrate threat intelligence (open-source, commercial feeds) into SOC workflows; enrich alerts and hunting hypotheses with IOCs and contextual data.
• Mentor and provide technical guidance to L1/L2 SOC analysts; conduct knowledge-sharing sessions, training, and skill development to elevate team capabilities.
• Contribute to SOC process improvements, tool optimization, automation (e.g., scripting in Python/PowerShell), and security engineering tasks such as tuning security controls and recommending enhancements.
• Participate in 24/7 on-call rotation for critical incidents and maintain detailed documentation of investigations, findings, and lessons learned.
• Collaborate with IT/security leadership on strategic initiatives, such as tool deployments, maturity assessments, and alignment of SOC operations with organizational risk priorities.

Qualifications & Experience

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent proven experience).
• Minimum 7+ years of hands-on cybersecurity experience, with at least 4+ years in a Level 3 / Senior SOC Analyst / Threat Hunter / SOC Engineer role within a 24/7 SOC environment.
• Proven expertise in advanced incident response, digital forensics, malware analysis, and proactive threat hunting.
• Strong knowledge of security technologies including SIEM (e.g., Splunk, QRadar, Elastic), EDR/XDR (e.g., CrowdStrike, Microsoft Defender, Carbon Black), firewalls/IDS/IPS, network packet analysis tools, and endpoint/network forensics.
• Deep understanding of MITRE ATT&CK framework, adversary TTPs, threat intelligence platforms, and common attack vectors (ransomware, phishing, APTs).
• Hands-on experience with scripting/automation (Python, PowerShell, or similar) for SOC tasks; familiarity with SOAR platforms is a plus.
• Excellent analytical, problem-solving, and investigative skills with a methodical approach to complex threats.
• Strong communication skills; ability to document technical findings clearly, brief senior stakeholders, and mentor junior team members.
• Relevant certifications highly preferred: GIAC (GCIH, GCFA, GCTI, GPEN), CISSP, CompTIA Security+, CEH, or equivalent.
• Experience in a high-compliance environment (e.g., finance, government, critical infrastructure) is advantageous.

This is a high-impact, technically deep role ideal for a senior SOC professional who thrives on tackling sophisticated threats, driving detections, and building team resilience.