127 Incident Response jobs in Pakistan

Job Title: Cybersecurity Analyst

Location: Gulberg, Lahore (On-Site Role)

Experience: 3 to 5 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm); the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, Log Rhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data

Job Type: Full-time

Application Question(s):

• Are you comfortable with an on-site role, as this position is not remote or hybrid?
• Have you worked with vulnerability management tools?
• Are you familiar with any security compliance standards like ISO 27001, SOC 2, or NIST?
• Are you comfortable working onsite in any of the following SOC shift timings?
• Do you have experience working in a SOC (Security Operations Center)?
• Do you have strong written and verbal communication skills in English?

Work Location: In person

We are hiring for a " Cybersecurity Analyst" having 3+ years of experience.

Job Description:

• Implement and maintainsecure coding standards to mitigate secure coding vulnerabilities.

• Analyze, detect and respond to cyber threats through real-time monitoring and proactive defense strategies.

• Conduct vulnerabilities assessments, penetration testing and risk evaluations to identify and mitigate security issues.

• Develop and implement cybersecurity policies and frameworks based on NIST, ISO 27001, and other industry standards.

Essential Technical Skills:

• Proficient in Cyber Threat Intelligence (CTI)

• Experience with penetration testing and ethical hacking methodologies.

• Familiarity with Cybersecurity frameworks _e.g, NIST,MITRE, ATT & CK).

• Knowledge of network security tools such as firewalls, IDSIPS and SIEM platforms.

• Programming knowledge (e.g,Python, ava, C++) for secure software development.

Education and Experience:

• Bachelors in IT

• 3+ Years of Experience

Are you passionate about cyber threat detection and response? We are seeking a Cybersecurity Analyst to monitor, analyze, and triage security alerts, ensuring a proactive defense against evolving threats in a Digital Retail Bank (DRB) environment. This role involves SIEM monitoring, incident handling, vulnerability management, and compliance enforcement to maintain the highest security standards. If you have experience in threat intelligence, log analysis, and security policy implementation, this is the perfect opportunity to contribute to a dynamic and cutting-edge cybersecurity team.

Responsibilities

• Threat Monitoring & Detection:
• • Monitor and analyze SIEM alerts to detect potential security incidents.
• Conduct log analysis from firewalls, servers, applications, and endpoint security tools.
• Develop and refine correlation rules and use cases to improve threat detection.
• Utilize threat intelligence sources to enhance anomaly detection and response.
• Incident Response:
• • Perform initial triage and incident handling to assess potential threats.
• Conduct root cause analysis to determine the impact and scope of security events.
• Maintain detailed incident documentation for compliance and reporting purposes.
• Vulnerability Management:
• • Perform vulnerability scanning and risk assessment to identify security gaps.
• Support penetration testing efforts and assist in remediation strategies.
• Develop and implement risk mitigation plans to reduce attack vectors.
• Security Policy & Compliance:
• • Ensure adherence to regulatory security frameworks (PCI DSS, ISO 27001, SBP regulations).
• Conduct security awareness training for internal teams.
• Monitor compliance with security policies and recommend necessary improvements.
• Research & Continuous Improvement:
• • Stay updated on emerging threats, attack techniques, and cybersecurity trends.
• Continuously optimize SIEM correlation rules and fine-tune detection mechanisms.
• Enhance security operations processes to improve efficiency.
• Collaboration & Third-Party Security:
• • Work closely with internal security teams and third-party service providers to correlate threat intelligence.
• Collaborate with IT and business units to enhance overall cyber resilience.

Requirements

• Bachelor's degree in Computer Science, IT, Cybersecurity, or a related field.
• 4-6 years of experience in infrastructure security, SIEM monitoring, or threat intelligence.
• Strong understanding of network protocols, firewalls, VPNs, IDS/IPS, and endpoint security.
• Proficiency in using SIEM solutions (QRadar, Splunk, ArcSight, Wazuh, etc.).
• Expertise in vulnerability assessment, threat modeling, and risk analysis.
• Hands-on experience with security tools (Metasploit, Burp Suite, Nessus, etc.).
• Experience in policy development, security guidelines, and compliance frameworks.
• Proficiency in scripting languages (Python, PowerShell, SPL, SQL) for security automation.
• Professional certifications such as CISSP, CEH, OSCP, or vendor-specific security credentials are a plus.

Objectives & KPIs

• Mean Time to Detect (MTTD): Average time taken to detect, analyze, and escalate security incidents.
• Incident Resolution Rate: Percentage of incidents resolved within predefined SLAs.
• Alert Accuracy: Ratio of false positives vs. true positives identified in SIEM alerts.
• SIEM Optimization: Percentage of correlation rules and use cases updated or improved.
• Root Cause Analysis (RCA) Completion: Percentage of incidents with a thorough RCA report.
• Rule Tuning Frequency: Regular enhancements to improve SIEM efficiency and reduce unnecessary alerts.
• Regulatory Compliance: Percentage of adherence to SBP regulations, PCI DSS, ISO 27001, and security standards.

We are seeking a highly skilled Information Security Analyst to join our growing team. In this role, you will play a crucial role in safeguarding our sensitive financial data and ensuring compliance with industry regulations. The ideal candidate will have a deep understanding of information security principles and best practices, with experience in the fintech or financial services sector. ensuring the protection of our digital assets from unauthorized access and breaches. Additionally, the analyst will be responsible for creating detailed security reports, updating incident response plans and educating employees on best security practices.

Key Responsibilities:

· Monitor and analyze security events and incidents to identify potential threats and vulnerabilities, with a focus on protecting sensitive financial data

· Conduct regular security assessments and audits to ensure compliance with regulatory requirements such as PCI DSS, ISO 27001 and

· Collaborate with cross-functional teams to implement security controls and measures to mitigate cyber risks and safeguard our systems and infrastructure

· Develop and update incident response plans to manage and mitigate the impact of security breaches efficiently.

· Ensure third-party vendors comply with security requirements and standards, mitigating external risks

· Conduct security awareness training and education programs for employees to promote a culture of security awareness.

· Assist with the implementation and management of security tools and technologies, such as firewalls, intrusion detection/prevention systems, and endpoint security solutions.

Desired Skills and Experience:

· In-depth knowledge of cybersecurity, firewalls, network security, information assurance, Linux, UNIX, security information and event management (SIEM), application security, security engineering, and security architecture.

· Proficiency in ethical hacking to expose vulnerabilities and protect against malicious attacks.

· Certifications such as CISSP, CISM, CSSP are a plus

· 3 years of experience in information security roles, with a focus on security analysis and incident response.

· Strong analytical skills for assessing and mitigating security risks.

· Extensive experience in conducting penetration tests on a variety of systems and applications to identify security vulnerabilities.

Interested candidates apply

Application Security Engineer / InfoSec Engineer - Onsite - Karachi

Company Overview:

Hiring for one of our Tech Solution providers in Karachi.

Job Description:

1. Develop and implement security strategies to safeguard our
   Cloud infrastructure,

on-prem systems, applications, and data.

1. Perform risk
   assessments, vulnerability scans, and penetration testing;
   provide

actionable insights to mitigate risks.

1. Collaborate with Product and Engineering teams to embed security best practices

into the software development lifecycle
(SDLC).

1. Manage and enhance our incident response plans, ensuring timely and effective

resolution of security incidents.

1. Lead initiatives to achieve and maintain compliance with industry standards and

regulations
(e.g., ISO 27001, PCI-DSS, SOC 2, GDPR).

1. Conduct security awareness trainings and workshops for Employees across the

organization.

1. Implement and manage
   SIEM tools, IDS/IPS, WAFs, Firewalls,
   and other security

technologies.

1. Monitor and analyze security alerts, logs, and data from both cloud and on-prem

environments to proactively address potential threats.

1. Work with stakeholders to prioritize and remediate vulnerabilities promptly.

2. Maintain and secure critical
   on-prem infrastructure
   , ensuring alignment with overall security policies and practices.

3. Stay updated on emerging threats, vulnerabilities, and technologies to improve our security posture continuously.

Qualifications

1. Experience:
   4+ years in InfoSec, Cyber Security, or Cloud Security roles

2. Education: Bachelors degree in Computer Science, Information Technology, or a

related field (or equivalent experience).

1. Certifications: Relevant certifications such as CISSP, CISM, CEH, AWS Security

Specialty, or Azure Security Engineer are highly desirable.

Technical Skills

1. Hands-on experience with Public Cloud platforms (AWS, Azure, or GCP) and on-

prem infrastructure.

1. Broad experience across different Operating Systems and environments (Cloud, on- prem, VMs, etc.).

2. Strong understanding of networks, network architecture, and networking concepts.

3. Hands-on practitioner proficient in security tools such as SIEMs, IDS/IPS, WAFs,

Network Firewalls, vulnerability scanners, and endpoint protection.

1. Strong understanding of network security, cryptography, and application security.

2. Practical knowledge of and experience with ISO/IEC 27001, OWASP, NIST, CIS, and

PCI-DSS standards and frameworks.

1. Experience with DevSecOps practices and CI/CD pipelines.

2. Knowledge of on-prem server security, network configurations, and physical access

controls.

1. Bonus points for being hands-on with Python and shell scripting.

Other Details:

Experience:
4+ years in InfoSec - Cyber sec

Location: Shahre Faisal

Salary: Market Competitive

Timings: Monday to Friday

About HR Ways:
HR Ways is an Award winning Technical Recruitment Firm helping software houses and IT Product companies internationally and locally to find IT Talent. HR Ways is engaged by 300+ Employers worldwide ranging from worlds biggest SaaS Companies to most competitive Startups. We have entities in Dubai, Canada, US, UK, Pakistan, India, Saudi Arabia, Portugal, Brazil and other parts of the world.

Company Description

Stafflink is the all-in-one platform designed to simplify global team management. From onboarding and culture to local payroll and compliance, we handle every aspect, allowing you to focus on growth. Our powerful HR and payroll tools, combined with global mobility services and deep compliance expertise, drive businesses to scale quicker and smarter. Additionally, our talent marketplace connects you with top professionals worldwide, ready to join your team. Hire, manage, and pay your team anywhere effortlessly.

Role Description

This is a full-time remote role for a Cyber Security Analyst. The Cyber Security Analyst will be responsible for monitoring and analyzing system vulnerabilities, performing malware analysis, and ensuring application and network security. Daily tasks will also include conducting security assessments, implementing security measures, and responding to security threats. Additionally, the analyst will be expected to stay up-to-date with the latest cybersecurity trends and technologies.

Qualifications

• Application Security and Network Security skills
• Experience in Cybersecurity and Malware Analysis
• Strong Analytical Skills
• Excellent problem-solving and critical-thinking abilities
• Effective communication and collaboration skills
• Ability to work independently in a remote environment
• Relevant certifications such as CISSP, CEH, or equivalent are a plus
• Bachelor's degree in Computer Science, Information Security, or related field

Job description:

Job Title:
Cybersecurity Analyst

Location:
Gulberg, Lahore (On-Site Role)

Experience:
3 to 5 Years

Responsibilities:

Tech Bridge Consultancy seeks experience in security monitoring solutions, incident response and other cybersecurity tools and technologies implementation capabilities. In your role, your duties will include the following:

• SOC monitoring coverage for any of the following shifts: 
  EST Time 8:00am – 4:00pm (PST 5:00pm – 1:00am), 4:00pm – 12:00am (PST 1:00am – 9:00am), 12:00am – 8:00am (PST 9:00am – 5:00pm)
  ; the work week is considered a minimum of 40 hours each week. Day to day security logging and monitoring solutions; identifying false positives and detecting potential or real threats
• In-depth analysis of security events, alerts and incidents
• Promptly responding to customer enquiries via emails and/or phone calls; responding to security incidents and threats
• Analyzing logs, network traffic and data to identify potential threats and vulnerabilities
• Development security dashboards and reporting; compile threat intelligence reports and manage log data
• Configuration of security tools and technologies (e.g. SIEM, EDR, VM, etc.)
• Configuration of network and security appliances (e.g. Firewalls, routers, switches, HIDS, NIDS, etc.)
• Endpoint security configuration (Defender, CrowdStrike, SentinelOne, Webroot, Kaspersky, etc.)
• Firewall rules configuration and optimization
• SIEM rules configuration (Sentinel, Splunk, Log Rhythm, etc.)
• Technical writing and security policy development
• Staying current on industry trends, keeping up-to-date with relevant CVE's and the evolving threat landscape
• Conducting vulnerability scans of network and applications
• Keeping company systems up-to-date with current security patches
• Recommending security improvements to line managers or senior management

Requirements:

• Strong understanding of cybersecurity principles and the SOC environment
• Bachelor's degree in cyber security, computer sciences or equivalent
• Good understanding of vulnerability management tools and techniques
• Good understanding of Windows, Linux and macOS operating systems and endpoints
• Knowledge of modern problem-solving skills, and keen attention to detail
• Good understanding of the modern security in SDLC practices
• Capable of Balancing multiple priorities and remaining flexible in a changing environment
• Good communication and interpersonal skills
• Familiarity with regulatory compliance and security standards (ISO27001, SOC 2 TYPE 1 and TYPE 2, NERC CIP, IE 62443, NIST CSF, etc.)

Other duties may include:

· Contribute to the preparation of technical documentation, including proposals, tenders, RFPs (Requests for Proposals), and RFIs (Requests for Information)

· Participate in business development activities directly related to the sale of cybersecurity services and other tasks supporting the delivery of cybersecurity products and services

· Personnel are required to work on-site; remote or hybrid work options will not be available

· Personnel must strictly use company-provided computer assets, hardware, and licensed software to perform all assigned services

· Personnel must not work more than 12 consecutive hours per shift

· Personnel are required to adhere to internal cybersecurity and IT policies and standards

· Personnel are required to strictly uphold confidentiality and integrity clauses while dealing with all customer data

Are you passionate about cyber threat detection and response ? We are seeking a Cybersecurity Analyst to monitor, analyze, and triage security alerts, ensuring a proactive defense against evolving threats in a Digital Retail Bank (DRB) environment. This role involves SIEM monitoring, incident handling, vulnerability management, and compliance enforcement to maintain the highest security standards. If you have experience in threat intelligence, log analysis, and security policy implementation , this is the perfect opportunity to contribute to a dynamic and cutting-edge cybersecurity team.

Responsibilities

• Threat Monitoring & Detection:
• Monitor and analyze SIEM alerts to detect potential security incidents.
• Conduct log analysis from firewalls, servers, applications, and endpoint security tools.
• Develop and refine correlation rules and use cases to improve threat detection.
• Utilize threat intelligence sources to enhance anomaly detection and response .
• Incident Response:
• Perform initial triage and incident handling to assess potential threats.
• Conduct root cause analysis to determine the impact and scope of security events.
• Maintain detailed incident documentation for compliance and reporting purposes.
• Vulnerability Management:
• Perform vulnerability scanning and risk assessment to identify security gaps.
• Support penetration testing efforts and assist in remediation strategies.
• Develop and implement risk mitigation plans to reduce attack vectors.
• Security Policy & Compliance:
• Ensure adherence to regulatory security frameworks (PCI DSS, ISO 27001, SBP regulations).
• Conduct security awareness training for internal teams.
• Monitor compliance with security policies and recommend necessary improvements .
• Research & Continuous Improvement:
• Stay updated on emerging threats, attack techniques, and cybersecurity trends .
• Continuously optimize SIEM correlation rules and fine-tune detection mechanisms.
• Enhance security operations processes to improve efficiency.
• Collaboration & Third-Party Security:
• Work closely with internal security teams and third-party service providers to correlate threat intelligence.
• Collaborate with IT and business units to enhance overall cyber resilience .

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or a related field.
• 4-6 years of experience in infrastructure security, SIEM monitoring, or threat intelligence.
• Strong understanding of network protocols, firewalls, VPNs, IDS/IPS, and endpoint security .
• Proficiency in using SIEM solutions (QRadar, Splunk, ArcSight, Wazuh, etc.).
• Expertise in vulnerability assessment, threat modeling, and risk analysis .
• Hands-on experience with security tools (Metasploit, Burp Suite, Nessus, etc.).
• Experience in policy development, security guidelines, and compliance frameworks .
• Proficiency in scripting languages (Python, PowerShell, SPL, SQL) for security automation.

• Professional certifications such as CISSP, CEH, OSCP , or vendor-specific security credentials are a plus.

Objectives & KPIs

• Mean Time to Detect (MTTD): Average time taken to detect, analyze, and escalate security incidents.
• Incident Resolution Rate: Percentage of incidents resolved within predefined SLAs.
• Alert Accuracy: Ratio of false positives vs. true positives identified in SIEM alerts.
• SIEM Optimization: Percentage of correlation rules and use cases updated or improved.
• Root Cause Analysis (RCA) Completion: Percentage of incidents with a thorough RCA report.
• Rule Tuning Frequency: Regular enhancements to improve SIEM efficiency and reduce unnecessary alerts .
• Regulatory Compliance: Percentage of adherence to SBP regulations, PCI DSS, ISO 27001, and security standards .

Overview

The Senior Cyber Security Analyst will play a key leadership role within the Perimeter Security team, focusing on network perimeter defense for our public web, API, and partner platforms. The Senior Analyst will be responsible for identifying and prioritizing edge threats, managing cybersecurity incidents, performing advanced threat hunting, and maintaining system integrations. The role requires collaboration with Security Engineering, Application Engineering, Site Reliability (SRE), and infrastructure teams to safeguard the organization's application perimeter, leveraging tools such as Splunk, native database queries, CDN defensive systems, WAFs, and internal security tools.

• Incident Response & Mitigation:
  • Lead responses to traffic and perimeter-related security incidents, ensuring the accurate identification and prioritization of edge threats.
  • Leverage CDN defenses, WAFs, and internal tooling to quickly implement effective mitigations.
  • Focus on reducing false positive rates by refining detection and mitigation techniques to ensure defensive systems have minimal operational impact while maintaining robust security.
  • Detect, analyze, and investigate incidents involving customer traffic interference, bot activity, scanners, and malicious actors.
  • Utilize native database queries, Splunk, and other monitoring platforms to identify patterns and anomalies indicative of security risks.
  • Manage the prioritization and escalation of incidents based on severity, working closely with Web Engineering, SRE, and infrastructure teams to drive rapid mitigation.
• Threat Monitoring, Hunting & False Positive Reduction:
  • Proactively monitor traffic patterns using Splunk, internal databases, and other security tools to identify and assess threats within cloud environments.
  • Track and analyze threat actors, scanner activities, and IP reputation to distinguish between legitimate threats and benign anomalies, with a strong emphasis on reducing false positives.
  • Investigate traffic anomalies to proactively mitigate operational impacts on engineering teams and ensure optimized security controls.
  • Collaborate closely with Web Engineering and SRE teams to minimize customer impact and refine mitigation processes for greater accuracy.
• System Integration & Maintenance:
  • Ensure seamless integration, patching, and ongoing maintenance of security controls for cloud perimeter systems, including CDNs, WAFs, SigSci, and NGINX.
  • Lead efforts to identify and address vulnerabilities related to API endpoints and cloud services.
  • Maintain continuous monitoring of cloud-based perimeter security applications, ensuring resilience against emerging threats.
• Collaboration with Engineering and Operations Teams:
  • Partner with Security Engineering, Application Engineering, Web Engineering, and SRE teams to embed security into new systems, endpoints, and integrations from the start.
  • Lead cross-functional efforts to optimize security controls, reduce alert noise, and minimize operational impacts while ensuring strong perimeter defenses.
  • Document, communicate, and prioritize security incidents, recommended actions, and resolutions clearly to both technical and non-technical stakeholders.
• Reporting & Documentation:
  • Generate and present executive-level reports on traffic mitigation, including metrics such as sessions impacted by mitigation systems, financial savings from bot/attack prevention, and availability impacts due to traffic anomalies.
  • Maintain comprehensive documentation on incidents, threat patterns, system changes, and mitigation strategies to support continuous improvement.
  • Regularly report on efforts to reduce false positives and improve the operational impact of mitigation technologies.

• Exceptional proficiency in the English language, both written and verbal, with a demonstrated ability to craft detailed, engaging, and audience-appropriate reports for peers and leadership.
• Strong analytical skills with a proven ability to quickly identify and mitigate complex threats in high-volume environments.
• Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent work experience.
• Minimum of 6 years of experience in cybersecurity or public application software engineering, with a focus on CDN Management, cloud technologies and perimeter security.
• Extensive experience in incident response, cloud-native threat hunting, and mitigation in public/private/hybrid cloud environments (e.g., AWS, Azure, GCP).
• Strong hands-on experience with traffic and threat monitoring tools such as Splunk, native database queries, and cloud-native security solutions.
• Deep knowledge of CDNs, WAFs, firewalls, IDS/IPS, and API security, particularly in cloud-based architectures.
• Proficiency with web and API systems such as NGINX, Kubernetes, Apache, Web Servers, along with cloud-native edge defense platforms.