Incident Response Engineer

Responsibilities

• Act as part of the ETMSA / Cyber Fusion Centre team to manage the full incident response lifecycle: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned.
• Respond to security incidents escalated from 24/7 SOC and other channels, assess scope, risk and impact, and lead technical remediation.
• Perform deep-dive analysis across endpoints, network, and cloud environments using EDR, NGFW, IDS/IPS, SIEM and other log sources.
• Develop, maintain and improve incident response runbooks, playbooks and SOPs to meet regulatory and compliance requirements.
• Participate in tabletop exercises, red/purple team simulations and readiness assessments to validate response capabilities.
• Conduct root cause analysis and digital forensics to identify sources of compromise and track attacker activity; document investigative findings for stakeholders.
• Provide stakeholder communication, recommendations for containment and eradication, and lead post-incident lessons-learned and follow-up actions.
• Automate response tasks and workflows where possible, leveraging scripting and AI tools to improve efficiency and detection.

Requirements

• Minimum 2 years experience in cybersecurity or incident response
• Strong technical and analytical skills
• Hands-on incident response experience (endpoints, network, cloud)
• Experience with EDR, NGFW, IDS/IPS, DLP and SIEM/log management platforms
• Proficiency with scripting for automation and investigation (Python, Bash, PowerShell, Go, etc.)
• Familiarity with Windows, Linux and macOS environments
• Knowledge of MITRE ATT&CK and common intrusion techniques
• Experience performing digital forensics and log analysis
• Familiarity with regulatory and compliance reporting requirements
• Awareness of AI tools and their application to automate security tasks
• Security certifications are a plus (e.g., CISSP, GCIH, GCIA, GCFA, GNFA, GREM, cloud certs)

Preferred Qualifications

• Fast learner with a hands-on, can-do attitude
• Strong team player with collaborative communication skills
• Confident handling incidents and managing senior and technical stakeholders
• Sense of ownership, accountability, urgency and prioritisation
• Business acumen when making critical decisions

Benefits

• Competitive compensation package
• Health and medical insurance
• Paid leave and annual leave entitlements in line with local regulations
• Hybrid working arrangement
• Training and development opportunities, including certifications and exercises

About the Company

Crypto.com is a global payments, trading and financial services platform focused on accelerating the world's transition to cryptocurrency. The Cyber Fusion Centre / ETMSA team is responsible for threat detection, incident response and security operations across a distributed global environment. This role is based in the United Arab Emirates and works closely with international security teams to protect critical assets and maintain regulatory compliance.