Digital Forensics Incident Response Specialist

**About Blackpanda**:
Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from various specialisations military special forces, intelligence, forensics, and law enforcement. We are also a fully distributed team across the globe and ready to help manage crises. Join our elite team and make the internet a safer place

**About the Role**:

- Salary: USD $100K annum; ESOP $25K vesting over 5 years; 40 days paid leave (inclusive of public holidays at your choice); $5k/year professional development fund; no internal meetings on Fridays
- Based in Singapore (Level 1 Work from Anywhere Policy permits this role 30 days/year abroad to work remotely with the company)
- The individual contributing role will principally involve executing Digital Forensics Incident Response ("DFIR") forensic imaging, root cause analysis, and cyber investigation for Blackpanda's clients who have suffered a cyber attack. The job includes working with a team of motivated DFIR Specialists not only locally in Singapore, but also globally from best-in-class talent around the world that is aligned to become the most specialized and reliable DFIR company in Asia.
- While this role is intense and requires a strong constitution, Blackpanda endeavors to build a sustainable work-life balance for DFIR Specialists by supplementing the business with insurance revenue to ensure a sizable team with rest and training cycles, as well as a global posture for 24/7 Follow-the-Sun coverage.

**Responsibilities and duties**:

- Lead and/or act as the primary or secondary technical expert in cybersecurity DFIR investigations.
- Identify and validate breached and compromised systems and take action to stop attacks from spreading across the client infrastructures.
- Conduct forensic investigations to identify and document data, resources, processes, and people compromised via cybersecurity incidents and recommend actions to repair, restore, cleanse, or compensate affected assets, persons, or organizations.
- Stay current with the latest cybersecurity threat landscape and how developments in the threat actors could bring harm to policyholders.
- For clients/policyholders, actively recommend and execute cybersecurity hygiene and other actions to evade, build immunity, and preempt cyber attacks.

**Secondary responsibilities**:

- Build a personal reputation within Blackpanda and its partners as a highly credible, trusted expert whose advice and counsel should be heeded and acted upon with thoroughness and urgency.
- Develop the capability to produce (i) a regular cybersecurity threat and incident review; (ii) a periodic threat intelligence digest - that can be understood by non-technical persons and/or legal and compliance managers with mínimal editing and up-leveling.
- Assist clients in preparing contingency plans and checklists designed to expedite diagnosis and effective response to cybersecurity incidents and compromises.
- Evaluate, advise and make recommendations for acquisition of IT and cybersecurity products and services.
- Maintain the ability to short-notice respond to crisis during hours of duty and responsibility to respond to cybersecurity incidents and emergencies.

**Qualifications & experience**:

- At least three (3) years of experience in front line cybersecurity roles.
- Current holder of CISSP (Certified Information Systems Security Professional) and/or GIAC (Global Information Assurance Certification, such as GCIH or GCFA) - or equivalent. Additional cybersecurity-related certifications are advantageous.
- Familiarity with legal and/or compliance requirements related to cybersecurity incident response and reporting.
- Expert knowledge of tools and techniques used to conduct disk forensics, network forensics, log analysis and malware triage in support of incident response examinations.
- Recognize the tactics, technique and procedures (TTP) of threat actors and be able to develop scripts and create tools for quick identification of threat agents in a compromised network.
- Ability to quickly develop intimate knowledge of physical computing assets, software, and third party (i.e. “IaaS, PaaS and SaaS”) services deployed and consumed at client premises and their potential points of compromise and failure.
- Front line experience working with teams and programs in organizations of scale and business focus similar to Blackpanda.
- Ability to help with scoping prospective engagements, leading a complete incident lifecycle (i.e. Preparation, Detection & Analysis, Containment Eradication & Recovery, Post-Incident Activity) for all levels of Blackpanda’s clients.
- Ability to communicate highly technical, actionable information and develop reports to audiences ranging from technically astute peers to non-technical business managers, legal counsel and leaders (including C-Suite level persons).
- Mainta