Jobfoundry
Jobfoundry
OCBC

Digital Forensics & Incident Response (DFIR) Analyst (Manager/AVP)

OCBC
BankingOCBC SingaporeOnsitePosted 1 month ago
Apply on company site

About the role

The Digital Forensics & Incident Response (DFIR) Manager/AVP leads the investigation and remediation of complex security incidents across corporate and manufacturing technology environments. The role focuses on performing deep-dive forensic analysis, managing the end-to-end incident lifecycle, and mentoring junior analysts to ensure organizational resilience.

BankingOnsite

Key Responsibilities

  • Lead and manage the end-to-end incident response lifecycle for critical security breaches and cyber threats
  • Conduct thorough digital forensic examinations of workstations, servers, and mobile devices to identify root causes
  • Analyze malware samples and malicious artifacts to determine capabilities, intent, and indicators of compromise (IOCs)
  • Manage and maintain forensic lab environments and specialized investigation tools
  • Coordinate with legal, human resources, and internal audit teams during sensitive internal investigations
  • Develop and refine incident response playbooks and standard operating procedures (SOPs)
  • Perform memory forensics and deep-packet network traffic analysis to detect sophisticated lateral movement
  • Produce comprehensive forensic reports and executive summaries for technical and non-technical stakeholders
  • Mentor junior DFIR analysts and provide technical leadership during high-pressure emergency response situations

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, or a related technical discipline
  • Minimum of 6 years of professional experience in Digital Forensics and Incident Response (DFIR)
  • Proven expertise with forensic software including EnCase, FTK, Magnet AXIOM, or X-Ways
  • Advanced proficiency in operating system internals for Windows, Linux, and macOS platforms
  • Hands-on experience with SIEM and EDR platforms such as Splunk, CrowdStrike, or SentinelOne
  • Strong understanding of forensic imaging techniques and strict chain-of-custody procedures
  • Ability to script in Python, PowerShell, or Bash to automate forensic workflows and data collection
  • Professional certifications such as GIAC Certified Forensic Analyst (GCFA) or Certified Forensic Examiner (GCFE)
  • Demonstrated ability to lead technical teams through complex, multi-faceted security incidents
  • Solid understanding of network protocols and deep packet analysis using Wireshark
  • Excellent communication skills with the ability to translate technical findings into business risk context