img
Contract TypeFull-time
Workplace typeOn-site
LocationRiyadh

Job Description

About the Role

SITE is seeking a proactive and detail-oriented Mobile Threat Hunter & Digital Forensics Analyst to join its mobile security team in Riyadh, Saudi Arabia. This role involves both the proactive hunt for signs of compromise across mobile environments and supporting incident response investigations. The analyst will work under the mentorship of senior consultants, gaining hands-on exposure to forensic analysis, adversary detection, and threat hunting techniques to identify, trace, and recover from mobile-focused cyberattacks.

Key Responsibilities

  • Proactively hunt for signs of mobile compromise using threat intelligence, behavioral indicators, and log analysis.
  • Develop, tune, and maintain detection logic and hunting queries for mobile threats, including MDM/MTD anomalies, sideloading, and policy violations.
  • Support incident response engagements involving mobile devices, assisting with triage, containment, eradication, and recovery.
  • Perform forensic acquisition and analysis of iOS and Android devices to identify indicators of compromise (IOCs), malicious apps, and attacker activity.
  • Analyze suspicious mobile applications and malware to understand their behavior and capabilities.
  • Review logs from MDM/EMM platforms and mobile threat defense tools to investigate threats.
  • Analyze mobile artifacts such as app data, system logs, and network connections to reconstruct incident timelines.
  • Document findings and contribute to technical and executive incident reports.
  • Follow and help maintain playbooks, hunt methodologies, and standard operating procedures for mobile incidents.
  • Stay current with emerging mobile threats, vulnerabilities, and forensic techniques.

Qualifications and Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, or a related technical field, or equivalent practical experience.
  • 1-3 years of hands-on experience in incident response, digital forensics, or a related security role, with demonstrated exposure to mobile platforms. Candidates with less experience but strong lab work, certifications, internship experience, or a demonstrated passion for mobile security are encouraged to apply.
  • Familiarity with iOS and Android architectures, file systems, app sandboxing, and platform security models.
  • Understanding of common mobile threats, including malicious apps, spyware, smishing/phishing, jailbreaking/rooting.
  • Basic scripting ability in Python, Bash, or PowerShell for automation and analysis.
  • Understanding of the cyber kill chain and the MITRE ATT&CK framework, including the Mobile matrix.
  • Strong analytical, documentation, and communication skills.

Technical Skills and Tools

  • Threat Hunting: Threat Intelligence, Behavioral Indicators, Log Analysis, MDM/MTD anomalies, Sideloading, Policy Violations.
  • Incident Response & Forensics: Incident Response, Forensic Acquisition, Forensic Analysis, Indicators of Compromise (IOCs), Malicious Apps Analysis, Attacker Activity Analysis, Timeline Reconstruction.
  • Mobile Specifics: iOS and Android architectures, file systems, app sandboxing, platform security models, malicious apps, spyware, smishing/phishing, jailbreaking/rooting.
  • Tools & Technologies: Familiarity with forensic tools such as Cellebrite, Magnet AXIOM, MSAB XRY, or open-source equivalents (MVT, ALEAPP/iLEAPP). Basic scripting ability (Python, Bash, PowerShell). Understanding of SIEM query languages (Splunk, Elastic, Azure Sentinel) for building mobile-focused detection logic.
  • Frameworks & Methodologies: Cyber Kill Chain, MITRE ATT&CK framework (including the Mobile matrix), Playbooks, Hunt Methodologies, Standard Operating Procedures (SOPs).
  • Emerging Threats & Analysis: Emerging Mobile Threats, Mobile Vulnerabilities, Forensic Techniques, Mobile Malware Analysis.
  • Preferred Skills: Industry certifications such as GASF, CMFE, GCIH, GCFA, EnCE, or equivalent (or actively working toward them). Exposure to mobile malware reverse engineering or dynamic instrumentation tools (*, Frida, Jadx, Hopper). Experience with mobile threat defense (MTD) solutions or enterprise mobility management (EMM) platforms. Familiarity with threat intelligence platforms and operationalizing IOCs for mobile environments.

Work Environment and Location

This is a full-time position based in Riyadh, Saudi Arabia. The role is part of a fast-paced, highly experienced mobile security team.


Requirements

  • No experience required

Similar Jobs