Jobfoundry
Jobfoundry
OCBC

Digital Forensics & Incident Response (DFIR) Analyst (Manager/AVP)

OCBC
BusinessOCBC SingaporeFull-time1 months ago
Apply Now

About the role

AI summarised

This is a Digital Forensics & Incident Response (DFIR) Analyst role at a bank or financial institution, at the Manager/AVP level. The role involves leading incident response investigations, performing digital forensics analysis, and enhancing the organization's cyber defense capabilities. The ideal candidate has strong technical skills in forensics and incident response, along with experience in managing teams and communicating with stakeholders.

BusinessFull-timeGeneral

Key Responsibilities

  • Lead and manage the Digital Forensics and Incident Response (DFIR) team in responding to cybersecurity incidents.
  • Conduct in-depth digital forensics investigations on endpoints, networks, and cloud environments.
  • Perform malware analysis, memory forensics, and log analysis to identify root cause and impact.
  • Develop and maintain incident response playbooks, runbooks, and standard operating procedures.
  • Collaborate with threat intelligence, SOC, and other security teams to improve detection and response capabilities.
  • Provide expert guidance and mentorship to junior analysts in the team.
  • Prepare detailed incident reports and present findings to senior management and stakeholders.
  • Stay current with emerging threats, attack techniques, and forensic tools to enhance team capabilities.
  • Participate in tabletop exercises and red team/blue team simulations to test incident response readiness.
  • Ensure compliance with regulatory requirements and internal policies during investigations.

Requirements

  • Bachelor's degree in Computer Science, Information Security, Cybersecurity, Digital Forensics, or a related field.
  • Minimum 5-10 years of experience in digital forensics and incident response, with at least 2 years in a leadership role.
  • Strong knowledge of forensic acquisition and analysis techniques for Windows, Linux, and macOS systems.
  • Proficiency in using forensic tools such as EnCase, FTK, Volatility, Wireshark, and similar.
  • Experience with SIEM platforms (e.g., Splunk, Elasticsearch) and EDR solutions.
  • Understanding of network protocols, log analysis, and memory forensics.
  • Familiarity with cloud forensics in AWS, Azure, or GCP environments.
  • Scripting skills in Python, PowerShell, or Bash for automation and analysis.
  • Excellent communication and presentation skills, with the ability to explain technical findings to non-technical stakeholders.
  • Relevant certifications such as GCFA, GCFE, GNFA, GCIH, CISSP, or CISM are preferred.
  • Knowledge of regulatory frameworks (e.g., MAS, GDPR, SOX) and incident response best practices.
  • Ability to work under pressure and manage multiple incidents simultaneously.