Overview

Staff DFIR – COGNNA Jobs in Riyadh, Riyadh, Saudi Arabia at COGNNA

Title: Staff DFIR – COGNNA

Company: COGNNA

Location: Riyadh, Riyadh, Saudi Arabia

🔍 Who We Are

COGNNA is shaping the future of cybersecurity through innovation, intelligence, and a relentless drive to protect. Our platforms integrate cutting-edge AI, real-time threat detection, and deep security insights to help organizations proactively defend against evolving cyber threats.

Responsibilities

  • Own end-to-end forensic investigations across endpoints, cloud platforms, and network infrastructure — from initial triage to root cause, including IoC identification, data exfiltration, and unauthorized access
  • Coordinate and lead the DFIR team across active investigations, ensuring consistent methodology, evidence integrity, and investigative velocity
  • Pull and analyze logs from EDR/XDR, SIEM, DLP, IdP, and email gateway platforms to reconstruct precise attack and user activity timelines
  • Acquire forensic images from laptops, mobile devices, servers, and cloud repositories with full chain of custody
  • Go deep on artifacts — file systems, memory, registry, logs, config states — to reconstruct exactly what happened and when
  • Correlate endpoint, network, and identity telemetry into a coherent picture of attacker behavior and system access
  • Build AI-assisted workflows that automate evidence collection, pattern detection, and timeline generation to scale investigative capacity
  • Translate technical findings into clear, chronological narratives for executives and cross-functional stakeholders — no jargon, no ambiguity
  • Close the loop: feed investigation outcomes back into detection rules, access controls, and policy improvements

Requirements

🎓 Education & Experience

  • Bachelor's in Cybersecurity, International Relations, Computer Science, or related field
  • 5+ years in digital forensics, incident response, or security investigations, with a track record leading or coordinating DFIR engagements
  • Exceptional written and verbal communication in both English & Arabic
  • Hands-on proficiency with forensic tooling: FTK, X-Ways, Cellebrite, Axiom, or equivalent platforms
  • Strong command of network protocols (TCP/IP, HTTP/S, DNS) and log analysis across SIEM platforms
  • Scripting ability in Python, PowerShell, or Bash — used to automate evidence processing, not just theoretically
  • Deep working knowledge of Windows, macOS, and Linux/Unix environments at the artifact and system level
  • Proven experience integrating AI tools into investigative workflows to accelerate triage, pattern detection, or reporting
  • Clear, confident communicator — able to brief executives and work alongside legal, HR, and compliance teams without losing technical precision
  • Compliance: Ensuring all operations align with NCA ECC and SAMA CSF regulations
  • Previous leadership experience is a must

🏅 Certifications (Highly Preferred)

  • SANS / GIAC (GCFA, GCFE, GNFA, GCIA or similar)
  • IACIS CFCE
  • EC-Council CHFI
  • Offsec (OSDA, OSIR)

🤝 Soft Skills

  • Exceptional analytical thinking and creative problem-solving
  • Excellent communication (English & Arabic), including technical reporting
  • Strong mentorship abilities and a collaborative spirit
  • Self-motivated, focused, and passionate about cyber defense
  • Capable of juggling priorities under high-pressure situations

Benefits

🚀 Impact that Matters – Build products that shape the future of cybersecurity and protect organizations globally.

🏢 On-Site Collaboration – Be at the heart of innovation in our Riyadh office, working side by side with passionate experts.

💡 Continuous Growth – Access to certifications, trainings, and opportunities to sharpen your expertise.

📈 Ownership Mindset – Benefit from our ESOP program and grow with COGNNA's success.

🤝 Culture of Trust – We empower talent, encourage ownership, and celebrate real outcomes.

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.