Incident Response Specialist

Remote /
Blackpanda /
Full-time
Seeking a true cyber incident responder. This candidate should be ready to take on a critical role in building out Asia’s premier 'cyber firefighting' team from its infancy with the agility, resourcefulness, and competency to operate independently with minimal guidance. Blackpanda operates in a highly decentralized fashion and thus only the most mature, professional, and competent applicants are recommended to apply for this role.

We are seeking an experienced, Senior Incident Responder to be the “boots on the ground” that manages and responds to live incidents using skills in digital forensics, incident response, IT security, and incident handling. The candidate is expected to be a senior level hire and should be considered a subject matter expert in the IR field. 

The candidate must either possess or build out a personal reputation of trust and credibility within the cybersecurity IR industry in their respective location. Blackpanda is a modest, agile, and fast-moving company, meaning the candidate should be equally agile, and will be involved in associated tasks that leverage their skills to solve challenging cases for Blackpanda clients. This is an equity awarding position in combination with competitive salary, as Blackpanda is looking for long-term, stakeholding partners to join our elite tribe.

Roles and Responsibilities

    • Conduct advanced computer and network forensic investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.
    • Lead and coach small teams depending on the incident size and scope.
    • Assist clients in identifying and remediating gaps as identified throughout the investigation.
    • Provide clients guidance and advice in regard to cyber incidents, forensics, and incident response.
    • Document findings and create well written reports.
    • Investigate a variety of systems from Cloud to Corporate Networks to IoT.
    • Lead incident response on a local and regional scale.
    • Drive continuous improvement and increase efficiency through standardization and automation.
    • Conduct research and analysis on local and global cyber threat streams.

Qualifications and Experience

    • Ability to conduct an investigation from start to finish given a wide variety of available tools and resources.
    • At least eight (8) years of experience in front line cybersecurity roles.
    • 5+ years of information security experience in one or more of the following areas: IT security, incident handling and response, exploit analysis, network intelligence gathering, vulnerability management, digital forensics methods and procedures.
    • Must have Linux/Unix technical experience including creation and modification, administration, troubleshooting, and/or forensic and Incident Response experience.
    • 2+ years of experience with at least two of the following tools: X-ways Forensics, Forensic Explorer, EnCase Forensic, EnCase Enterprise, AccessData FTK, Volatility, SANS SIFT, EDR (Crowdstrike, SentinelOne, CarbonBlack), Internet Evidence Finder/Axiom.
    • Familiarity with threat intelligence and applied use within incident response and forensic investigations.
    • Experience with malware analysis and understanding of typical attack techniques.
    • Experience interpreting, searching, and manipulating data within enterprise logging solutions.
    • Experience working with network, host, and user activity data.
    • Ability to demonstrate an investigative mindset. Not just the ability to execute a task, but also to understand the reason for that task, and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process.
    • Outstanding written and oral communication skills. Experience in conducting investigations within Cloud/SaaS platforms and logging tools.
    • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
    • Experience in conducting investigations using scripts (python, powershell, etc) and automation.
    • Working knowledge in operating SIEM, SOAR and CTI Solutions, Host-based Security Investigation, Mobile OS, Application Security, and Web Services.
    • Working knowledge of malware analysis (deobfuscation) and malware reverse engineer is a bonus.
    • BA/BS in computer science, management information systems or related field or significant industry experience preferred.
    • CISSP, CISM, EnCE, CEH, GCFA, GCFE, GCIH, or equivalent certification required.

Benefits

    • Top of market base pay system for position and locality every year.
    • Annual bonus based on performance.
    • 20 days paid leave and 26 public holidays, including no-meeting Fridays.
    • Future relocation opportunities to your office of choice.
    • Enrolment in the company health plan.
    • Future travel and training opportunities.
    • This role requires at least 6-hour crossover with SGT/HKT work hours between 9-6pm and can be posted anywhere worldwide.
Due to the volume of applicants, only shortlisted candidates will be contacted. We appreciate your understanding.

About Blackpanda
BLACKPANDA is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from International military special forces, intelligence, forensics and law enforcement backgrounds. We are highly trained, ready to respond to and help manage crises on short notice, when and wherever needed.

www.blackpanda.com | hello@blackpanda.com