Digital Forensics Specialist

Hong Kong /
Blackpanda /
Seeking a true cyber forensicator ready to take on a critical role in building out Asia’s premier 'cyber firefighting' team from its infancy with the agility, resourcefulness, and competency to operate independently with minimal guidance! Blackpanda operates in a highly decentralized fashion, with maximum free time to self-manage, and thus only the most mature, professional, and competent applicants need apply for screening through an elite and rigorous interview process.

As part of our Digital Forensics function we are looking for an experienced firefighter that can expertly own, manage, respond and investigate cyber security incidents by conducting digital forensics on client endpoints. The scope includes digital forensic investigation in combination with containment, remediation, root-cause analysis of security incidents and vulnerabilities. The role is also expected to develop elegant solutions to complex problems and apply appropriate technologies while following security engineering best practices.

The candidate must either possess or build out a personal reputation of trust and credibility within the cybersecurity DF industry. 

Being a modest, agile and fast-moving company, there will be a need for the candidate to be equally agile, and will be involved in associated tasks that leverage their skills to solve challenging intrusion cases for Blackpanda’s clients. 

This is an equity awarding position in combination with competitive salary, as Blackpanda only wants long-term stakeholding partners to join its elite tribe.

Roles and Responsibilities

    • Support the most complex forensic analyses handled by the firm.
    • Investigate network intrusions and other cybersecurity incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
    • Preserve, harvest and analyse data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.
    • Produce high-quality oral and written work products, presenting complex technical matters clearly and concisely.
    • Form and articulate expert opinions based on analysis.
    • Possess the experience, credibility, and integrity to perform as an expert witness.
    • Consult with and take direction from supervisors, engagement managers, and clients regarding case investigation and status.
    • Support the mentorship and technical development of junior Digital Forensics staff.
    • Investigate instances of malicious code and documents to determine attack vectors and payloads.
    • Develop and refine policies and procedures for forensic and malware analysis.
    • Research, develop, and recommend hardware and software needed for incident response and help develop and maintain policies and procedures to analyse digital evidence.
    • Participate in technical meetings and working groups to address issues related to cybersecurity and incident preparedness and ability to create targeted remediation plans for clients who have been compromised.

Qualifications and Experience

    • Degree in Computer Science or equivalent experience.
    • At least 8 years of experience in information security in particular cyber incident response and/or digital investigations.
    • Digital forensics certification(s) such as SANS certifications (GCFA, GCIH etc), CREST certifications (CPIA, CRIA etc.), or equivalent.
    • Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
    • Proficiency with industry-standard DF toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite, FTK and Volatility.
    • Experience with governance, compliance, auditing, and SOP development is a significant advantage.
    • Proficiency with database querying and analysis.
    • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
    • Experience with conducting log analysis of Windows Event Logs, Apache, IIS, and firewall logs.
    • Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
    • Familiarity with computer system hardware and software installation and troubleshooting.
    • Well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem-solving abilities.
    • Experience in digital forensics, incident response, or applicable technical field.


    • Top of market base pay system for position and locality every year.
    • Annual bonus based on performance.
    • 20 days paid leave and 26 public holidays, including no-meeting Fridays.
    • Future relocation opportunities to your office of choice.
    • Enrolment in the company health plan. Future travel and training opportunities.
    • This role requires at least 6-hour crossover with SGT/HKT work hours between 9-6pm and can be posted anywhere worldwide.
Due to the volume of applicants, only shortlisted candidates will be contacted. We appreciate your understanding.

About Blackpanda
BLACKPANDA is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from International military special forces, intelligence, forensics and law enforcement backgrounds. We are highly trained, ready to respond to and help manage crises on short notice, when and wherever needed. |