139 Incident Response jobs in Kuala Lumpur

Incident Response Specialist is part of the Kaspersky Global Emergency Response Team, which responds to incidents and investigates cyber threats worldwide.

Responsibilities:

• Deliver computer incident response and digital forensic projects for enterprise customers onsite and remotely
• Perform system and network forensics analysis of suspected or potential security incidents
• Conduct reverse engineering on discovered new suspicious samples during incident response process
• Report findings in technical reports

Main requirements:

• 3+ years experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
• Tool agnostic with an emphasis on knowing the forensic artifacts
  themselves versus relying on tool output
• Understanding of offensive security to include common attack methods
• Understanding of tactics, techniques and procedures associated with malicious actors and various threats including insider threat detection
• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event
• Knowledge of and the ability to use popular EDR technologies during DFIR engagements
• Knowledge of threat hunting and knowledge of the artifacts necessary to review during threat hunting
• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
• Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
• Experience identifying host anomalies via Windows Event logs, SysInternals Sysmon, Process Explorer/Monitor, Autoruns, etc.
• Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
• Knowledge of malware analysis concepts and methods
• Knowledge of models/frameworks such as Kill Chain and MITRE ATT&CK
• Knowledge of resources such as VirusTotal and their use for identifying contributing information for an event
• Proficient in either Python, Powershell or any other programming languages.
• Ability to perform root cause analysis
• Experience in reverse engineering various types of malicious files (executable x86/x64 for different platforms MS Windows ,Linux, MacOS as well as pdf, docs and other)

Nice to have:

• Availability of SANS certifications or other of the Security field such as GIAC, GSEC, GCIA, GCIH, GREM, GPEN or OSCP
• Experience with a variety of SIEM, such as RSA Security Analytics, Splunk, and ArcSight; as Firewalls, Intrusion Detection / Prevention Systems (Snort, Bro, Sourcefire), Proxies, WAF
• Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
• Reverse Engineering tools (IDA Pro, debuggers and etc.)
• Knowledge C, C++, C#, Java, ASM, PHP, PERL
• eDiscovery tools (NUIX, Relativity, Clearwell, etc.)

Incident Response Specialist is part of the Kaspersky Global Emergency Response Team, which responds to incidents and investigates cyber threats worldwide.

Responsibilities:

• Deliver computer incident response and digital forensic projects for enterprise customers onsite and remotely
• Perform system and network forensics analysis of suspected or potential security incidents
• Report findings in technical reports

Main requirements:

• 3+ years experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
• Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
• Understanding of offensive security to include common attack methods
• Understanding of tactics, techniques and procedures associated with malicious actors and various threats including insider threat detection
• Understanding of how to pivot across multiple datasets to correlate artifacts for a single security event
• Knowledge of and the ability to use popular EDR technologies during DFIR engagements
• Knowledge of threat hunting and knowledge of the artifacts necessary to review during threat hunting
• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
• Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
• Experience identifying host anomalies via Windows Event logs, SysInternals Sysmon, Process Explorer/Monitor, Autoruns, etc.
• Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
• Knowledge of malware analysis concepts and methods
• Knowledge of models/frameworks such as Kill Chain and MITRE ATT&CK
• Knowledge of resources such as VirusTotal and their use for identifying contributing information for an event
• Proficient in either Python, Powershell or any other programming languages.
• Ability to perform root cause analysis
• Experience in reverse engineering various types of malicious files (executable x86/x64 for different platforms MS Windows ,Linux, MacOS as well as pdf, docs and other)

Nice to have:

• Availability of SANS certifications or other of the Security field such as GIAC, GSEC, GCIA, GCIH, GREM, GPEN or OSCP
• Experience with a variety of SIEM, such as RSA Security Analytics, Splunk, and ArcSight; as Firewalls, Intrusion Detection / Prevention Systems (Snort, Bro, Sourcefire), Proxies, WAF
• Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
• Reverse Engineering tools (IDA Pro, debuggers and etc.)
• Knowledge C, C++, C#, Java, ASM, PHP, PERL
• eDiscovery tools (NUIX, Relativity, Clearwell, etc.)

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology

Overview

Associate (Forensics Lead), Incident Response — S-RM Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

The role focuses on forensic investigations within our Incident Response team, delivering delivery-focused support across incident response services and complex cyber incidents.

• Supporting technical incident response from first contact through to closure: act as a technical resource on response cases, deploying expertise, creating tailored strategies for response workstreams, and guiding project colleagues as needed.
• Overseeing host- and network-based incident response investigations: triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.
• Developing and sharing domain expertise: grow cyber expertise and share it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24x7x365 client incident coverage.
• Engaging in a variety of casework across public and corporate clients, with opportunities to broaden security awareness into testing and advisory projects, in addition to deepening incident response expertise.
• Flexible working practices to support wellbeing, with options to balance on-site and remote work.

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred; candidates with exposure to IR teams or roles with IR aspects will be considered.
• Fundamental understanding of computer systems and networks, including:
  • Windows systems (e.g., domain services, standard build templates, SCCM, PowerShell)
  • Networking (firewall rules, network segmentation, DNS)
  • Virtualization technologies (ESXi, Hyper-V)
  • Endpoint Detection & Response solutions
• Experience conducting forensic investigations, particularly on Windows systems; Linux and MacOS investigation experience is preferred.
• Understanding of core incident response workstreams, including containment and restoration/recovery, is a benefit.
• Critical and investigative mindset with the ability to solve problems with limited information and guidance.
• Knowledge of cyber threat actors and their TTPs.
• Strong communication skills, comfortable speaking to individuals at all levels of an organization.
• Certifications (or equivalent) such as GCFE, GCFA, GCIH, GNFA are preferred; beneficial certifications include EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+.
• Working proficiency in another language (e.g., Malay, Tamil, Mandarin, Cantonese, Vietnamese) is beneficial but not required.
• Must have permission to work in Malaysia by the start of employment.

• 20 days paid holiday each year, plus public holidays and additional leave accrual up to 5 days.
• Flexible working: minimum two days in the office per week; remote work option; flexible hours between 7am and 7pm.
• Pension scheme: EPF contributions in accordance with legislative requirements.
• Life insurance; company-paid private medical and dental insurance.
• Company-paid maternity, paternity and fertility treatment leave.
• Employee Assistance Programme: 24/7 access to specialist support services and resources.

The role will be based in our office in Kuala Lumpur with flexible working arrangements available.

ASSOCIATE (FORENSICS LEAD), INCIDENT RESPONSE APAC
Who we are
S-RM is a global intelligence and cyber security consultancy. Since 2005, we've helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We've been able to do this because of our outstanding people. We're committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn't everything. It's about the lives and careers it helps us build. We're immensely proud of this culture and we invest in our people's wellbeing, learning, and ideas every day.

We're excited you're thinking about joining us

The role
Our Incident Response Associates are a critical part of our Cyber Security division's success.

As a Forensics Lead on our Incident Response team, you will deploy your expertise in a delivery role across our various incident response services, with a particular focus on forensic investigations into complex cyber incidents.

You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Supporting technical incident response from first contact through to closure: you will be a technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. You may also be supported by more senior technical team members where appropriate.

Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.

• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24x7x365 client incident coverage.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.

We're looking for:

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.

• A fundamental understanding of computer systems and networks, including:

• Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)

• Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
• Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)

• Endpoint Detection & Response solutions.

• The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.

• Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
• A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
• Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
• It is preferred, but not required, that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
• A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.

The successful candidate must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS
We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you.
• Company-paid private medical and dental insurance.
• Company-paid maternity, paternity and fertility treatment leave.

Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a yea

The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.

Location: Malaysia (Kuala Lumpur), Hong Kong, Singapore

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Lead Consultant (FortiGuard Incident Response) to contribute to the success of our rapidly growing business.

You will work directly with members of a world-class incident response and forensics team. Our team is comprised of individuals with strong knowledge in malware hunting and analysis, reverse engineering, multiple scripting languages, forensics and threat actors TTPs.

• Lead IR engagements and mentoring/training junior analysis.
• Continue to focus on process improvement for the customer-facing incident response services.
• Conduct host-based analysis and forensic functions on Windows, Linux, and Mac OS X systems.
• Review firewall, web, database, and other log sources to identify evidence and artifacts of malicious and compromised activity.
• Leverage our FortiEDR Platform to conduct investigations to rapidly detect and analyze security threats.
• Perform basic reverse engineering of threat actor’s malicious tools.
• Develop complete and informative reports and presentations for both executive and technical audience.
• Availability during nights/weekends as needed for IR engagements.
• Perform memory forensics and file analysis as needed.
• Monitor underground forums, our FortiGuard Threat Labs, along with other open-source intelligence outlets to maintain proficiency in latest actor tactics and techniques.

An insightful and influential collaborator to join our team. We encourage you to apply for this position if you have the following qualities:

• Experience with at least one scripting language: Shell, Ruby, Perl, Python, etc.
• Ability to data mine using YARA, RegEx or other techniques to identify new threats.
• Experience with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump, and open source forensic tools a plus.
• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger.
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques and Procedures (TTPs), memory injection techniques, static and dynamic malware analysis and malware persistence mechanism.
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel.
• Static and dynamic malware and log analysis.
• Excellent written and verbal communication skills a must.
• Reading and writing skills of non-English languages such as Chinese and Russian a plus.
• Analysis of Linux and MAC binary files and the understanding of MAC internals is a plus but not required.
• Highly motivated, self-driven and able to work both independently and within a team.
• Able to work under pressure in time-critical situations and occasional nights and weekends work.
• A good understanding of Active Directory a plus.
• Bachelor’s Degree in Computer Engineering, Computer Science or related field.
• Or 10+ years’ experience with incident response and or Forensics.

At Fortinet, we embrace diversity and inclusivity. We encourage applications from diverse backgrounds and identities. Explore our welcoming work environment designed for a rewarding career journey with an attractive Total Rewards package to support you with your overall health and financial well-being. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

We will only notify shortlisted candidates.

about the company
You will be working for a major organisation within the finance industry

about the job

• Lead and manage all phases of cybersecurity incident response (containment, eradication, recovery).
• Develop and refine incident response plans, playbooks, and procedures.
• Oversee and conduct advanced digital forensic investigations (endpoints, servers, networks, cloud).
• Lead, mentor, and develop the CFIR team.
• Stay updated on cyber threats and vulnerabilities relevant to the financial sector.
• Communicate technical findings and reports to stakeholders (technical/non-technical, management, regulatory bodies).
• Evaluate, recommend, and implement CFIR tools and technologies.
• Ensure CFIR activities comply with internal policies, industry best practices, and BNM regulations.
• Lead post-incident reviews for continuous improvement.
• Collaborate with SOC, IT, legal, risk, and other departments.

• Salary up to RM15,000
• Must have working rights in Malaysia
• Performance bonus
• Allowances
• Medical and life insurance

skills

Cyber forensics, digital forensics, incident response, cybersecurity, IT security

qualifications

- 3-5 years hands on experience within Cyber Forensics and Incident Response

education

Associate Degree/Diploma