Associate (Forensics Lead), Incident Response APACS-RM is seeking an Associate to work within the Cyber Security Team in Kuala Lumpur.
S-RM is a global intelligence and cyber security consultancy. Since 2005, we've helped some of the most demanding clients in the world solve some of their toughest information security challenges.
We've been able to do this because of our outstanding people. We're committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.
But we also know that work isn't everything. It's about the lives and careers it helps us build. We're immensely proud of this culture and we invest in our people's wellbeing, learning, and ideas every day.
We're excited you're thinking about joining us.
The roleOur Incident Response Associates are a critical part of our Cyber Security division's success.
As a Forensics Lead on our Incident Response team, you will deploy your expertise in a delivery role across our various incident response services, with a particular focus on forensic investigations into complex cyber incidents.
You will work across the full lifecycle of security incidents to help our clients respond and recover, including:
Supporting technical incident response from first contact through to closure: you will be a technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. You may also be supported by more senior technical team members where appropriate.
Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.
Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
Participating in an on-call rotation to provide 24x7x365 client incident coverage.
Other features of the role include:
Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.
What we're looking forDirect experience working in an Incident Response or Digital Forensics team is strongly preferred; however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.
A fundamental understanding of computer systems and networks, including:Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)
Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)
Endpoint Detection & Response solutions.The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.
Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
It is preferred, but not required, that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.
The successful candidate must have permission to work in Malaysia by the start of their employment.
BenefitsWe offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:
20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
Company-paid private medical and dental insurance. (Further details coming soon.)
Company-paid maternity, paternity and fertility treatment leave.
Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year.
The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.
Application ProcessThe application process includes:
A preliminary call which will be a chance for you to find out more about S-RM and the role.
First Interview – a remotely run skills focused interview.
Second interview - a remotely run skills focused interview.
An assessment – an incident response skill evaluation test.
Final interview - a remotely run skills focused interview.
S-RM nurtures a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.#J-18808-Ljbffr