About Blackpanda
Blackpanda is a Lloyd's of London–accredited insurance coverholder and Asia's leading local cyber incident response firm, delivering end-to-end digital emergency support across the region. We are pioneering the A2I (Assurance-to-Insurance) model in cybersecurity — uniting preparation, response, and insurance into a seamless pathway that minimizes financial and operational impact from cyber attack.
Through expert consulting services, response assurance subscriptions, and innovative cyber insurance, we help organisations get ready, respond, and recover from cyber attacks — all delivered by local specialists working in concert. Our mission is clear: to bring complete cyber peace of mind to every organisation in Asia, from the first moment of breach through full recovery and beyond.
How We Work
Blackpanda is a tech-enabled services team. We invest heavily in AI and are constantly pushing to do better, faster, and at scale. You are given freedom to use the approved tools in the team, but you are to take ownership of outcomes. We prefer smart work over hard work, welcome good ideas regardless of where they come from, and have deliberately kept red tape out of the way of innovation. If you want to join a team building the best response practice in Asia — and shaping the tools and methods that get us there — you'll be in good company.
A note on levelling
This posting reflects a single role title; however, we hire across a range of seniority levels from this brief. The final title, whether DFIR Analyst, DFIR Specialist, or an adjacent level, will be determined by the depth and breadth of cybersecurity and incident response capabilities demonstrated throughout the interview process. If your experience sits near the edge of these levels, we encourage you to apply regardless.
Your Mission: Junior Incident Responder
As a Junior Incident Responder, you will work alongside senior responders on live engagements — helping clients contain, investigate, and recover from real cyber attacks. This is a delivery-focused role: your job is to do the work, learn the craft, and grow into a fully fledged responder under direct mentorship.
We hire for attitude and aptitude. We don't expect you to have seen everything yet — we expect you to be curious, coachable, and serious about building a career in incident response. The right candidate can demonstrate a genuine interest in IR through their experience, side projects, study, or community involvement, and shows up ready to learn fast in a real-world environment.
Core Responsibilities
Delivery Alongside Senior Responders
- Support senior consultants on active incidents — assisting with containment, evidence collection, forensic analysis, and reporting.
- Acquire and triage forensic artifacts across Windows, Linux, macOS, and cloud environments under the guidance of more experienced team members.
- Analyse logs, endpoint telemetry, network data, and malware artifacts, and contribute findings to investigation timelines.
- Use scripting (Python, Bash, or PowerShell) to assist with collection, parsing, and automation tasks where useful.
Client-Ready Professionalism
- Document findings clearly and accurately, contributing sections to client deliverables under senior review.
- Maintain a calm, professional posture in client-facing settings — even when the situation around you is anything but calm.
- Follow operational procedures, chain-of-custody requirements, and quality standards as taught and reinforced through mentorship.
Learning and Growth
- Take ownership of your own development — ask questions, study actively, and apply feedback quickly.
- Participate in instructor-led training, internal exercises, and on-the-job mentoring designed to accelerate your tradecraft.
- Contribute observations, ideas, and improvements back to the team — innovation is welcomed regardless of seniority.
Minimum Requirements
- 1+ year of experience in cybersecurity, IT, or an adjacent technical field (e.g. SOC analysis, sysadmin, helpdesk, network engineering, software engineering).
- Demonstrable, genuine interest in incident response — through study, side projects, CTFs, home labs, community involvement, or prior work.
- Working comfort with at least one of Windows, Linux, or macOS, and a willingness to become competent across all three.
- Basic scripting ability in Python, Bash, or PowerShell — enough to read and adapt scripts, with the appetite to grow further.
- Clear written and verbal English; able to take notes, write up findings, and communicate professionally with teammates and clients.
- Coachable, curious, and resilient — willing to be wrong, learn fast, and try again.
- Calm under pressure, with a professional posture in client-facing settings.
Preferred Qualifications
- Started or completed a relevant certification (e.g. Security+, Network+, GCIH, GCFA, GFACT, CEH, BTL1) — in progress is just as welcome as completed.
- Hands-on exposure to EDR, SIEM, or forensic tooling, even in a learning context.
- Participation in CTFs, security communities, open-source projects, or personal labs.
- Background in an adjacent field — IT operations, SOC, sysadmin, network engineering, software engineering, intelligence analysis — and a clear desire to move into IR.
- Additional languages relevant to the regions Blackpanda serves.
How You'll Grow
You will be paired with senior responders on real engagements from day one. Your development will be supported through direct, hands-on mentorship and a structured instructor-led training program — not a sink-or-swim environment.
You'll join a diverse team of teammates from around the world, where who you are, the quality of your work, and your character are what matter. Trying and failing is ok. Failing to try is not.
Why This Role
If you're early in your career, hungry to learn, and want to spend the next phase of it doing real incident response under people who will invest in your growth — this is the seat for you. We're not looking for a finished product. We're looking for the right attitude, the right aptitude, and the willingness to put in the work.
