Staff DFIR - COGNNA
Indexed description
Responsibilities
- Own end-to-end forensic investigations across endpoints, cloud platforms, and network infrastructure — from initial triage to root cause, including IoC identification, data exfiltration, and unauthorized access
- Coordinate and lead the DFIR team across active investigations, ensuring consistent methodology, evidence integrity, and investigative velocity
- Pull and analyze logs from EDR/XDR, SIEM, DLP, IdP, and email gateway platforms to reconstruct precise attack and user activity timelines
- Acquire forensic images from laptops, mobile devices, servers, and cloud repositories with full chain of custody
- Go deep on artifacts — file systems, memory, registry, logs, config states — to reconstruct exactly what happened and when
- Correlate endpoint, network, and identity telemetry into a coherent picture of attacker behavior and system access
- Build AI-assisted workflows that automate evidence collection, pattern detection, and timeline generation to scale investigative capacity
- Translate technical findings into clear, chronological narratives for executives and cross-functional stakeholders — no jargon, no ambiguity
- Close the loop: feed investigation outcomes back into detection rules, access controls, and policy improvements
- Bachelor's in Cybersecurity, International Relations, Computer Science, or related field
- 5+ years in digital forensics, incident response, or security investigations, with a track record leading or coordinating DFIR engagements
- Exceptional written and verbal communication in both English & Arabic
- Hands-on proficiency with forensic tooling: FTK, X-Ways, Cellebrite, Axiom, or equivalent platforms
- Strong command of network protocols (TCP/IP, HTTP/S, DNS) and log analysis across SIEM platforms
- Scripting ability in Python, PowerShell, or Bash — used to automate evidence processing, not just theoretically
- Deep working knowledge of Windows, macOS, and Linux/Unix environments at the artifact and system level
- Proven experience integrating AI tools into investigative workflows to accelerate triage, pattern detection, or reporting
- Clear, confident communicator — able to brief executives and work alongside legal, HR, and compliance teams without losing technical precision
- Compliance: Ensuring all operations align with NCA ECC and SAMA CSF regulations
- Previous leadership experience is a must
- SANS / GIAC (GCFA, GCFE, GNFA, GCIA or similar)
- IACIS CFCE
- EC-Council CHFI
- Offsec (OSDA, OSIR)
- Exceptional analytical thinking and creative problem-solving
- Excellent communication (English & Arabic), including technical reporting
- Strong mentorship abilities and a collaborative spirit
- Self-motivated, focused, and passionate about cyber defense
- Capable of juggling priorities under high-pressure situations
🏢 On-Site Collaboration - Be at the heart of innovation in our Riyadh office, working side by side with passionate experts.
💡 Continuous Growth - Access to certifications, trainings, and opportunities to sharpen your expertise.
📈 Ownership Mindset - Benefit from our ESOP program and grow with COGNNA's success.
🤝 Culture of Trust - We empower talent, encourage ownership, and celebrate real outcomes.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search