Cybersecurity DFIR Specialist FREELANCE


Hong Kong


Mar 16

This job is no longer accepting applications.

Seeking a true ninja of a cyber forensicator and incident responder ready to take on a critical role in building out Hong Kong’s premier 'cyber firefighting' team from its infancy with the agility, resourcefulness, and competency to operate independently with minimal guidance! Blackpanda operates in a highly decentralized fashion, with maximum free time to self-manage, and thus only the most mature, professional, and competent applicants need apply for screening through an elite and rigorous interview process.

The role will principally involve adding capacity in during times of surge, assisting in building the Cybersecurity Incident Response ("IR") capability for Blackpanda Limited ("Blackpanda"). The mission will involve maintaining deep, up-to-the-minute knowledge of latest developments in the global cybersecurity threat environment, and taking action upon activation to remediate cybersecurity attacks on our insurance-brokered cybersecurity insurance policy-holders’ business processes, data, infrastructure, and stakeholders.

The candidate must either possess or build out a personal reputation of trust and credibility within the cybersecurity IR industry.

Being a modest, agile and fast-moving company, there will be a need for the candidate to be equally agile, and will be involved in associated tasks that leverage his/her skills to solve challenging intrusion cases for Blackpanda’s clients.

This is an equity awarding position in combination with competitive salary, as Blackpanda only wants long-term stakeholding partners to join its elite tribe.

Primary Responsibilities

  • Supplement Blackpanda’s cybersecurity incident response capability in Hong Kong, and if appropriate across the Blackpanda business footprint.
  • Assist in cybersecurity incident response investigations.
  • Stay current with the latest cybersecurity threat landscape and how developments in threat actors could bring harm to policyholders.
  • For clients/policyholders, actively recommend and execute cybersecurity hygiene and other actions to evade, build immunity and preempt cyber attacks.
  • Identify and validate breached and compromised systems and take action to stop attacks from spreading across the client infrastructures.
  • Conduct forensic investigations to identify and document data, resources, processes, and people compromised via cybersecurity incidents and recommend actions to repair, restore, cleanse, or compensate affected assets, persons, or organizations.

Secondary Responsibilities

  • Assist in producing (i) a regular cybersecurity threat and incident review; (ii) a periodic threat intelligence digest, that can be understood by non-technical persons and/or legal and compliance managers with minimal editing and up-leveling.
  • Assist clients in preparing contingency plans and checklists designed to expedite diagnosis and effective response to cybersecurity incidents and compromises.
  • Evaluate, advise and make recommendations for acquisition of IT and cybersecurity products and services.
  • Reasonably maintain 24x7 personal availability to respond to cybersecurity incidents and emergencies.


  • Expert knowledge of tools and techniques used to conduct of disk forensics, network forensics, log analysis and malware triage in support of incident response examinations.
  • Recognize the tactics, technique and procedures (TTP) of threat actors and able to develop scripts and create tools for quick identification of threat agents in a compromised network.
  • Ability to quickly develop intimate knowledge of physical computing assets, software, and third party (i.e. “IaaS, PaaS and SaaS”) services deployed and consumed at client premises and their potential points of compromise and failure.
  • Front line experience working with teams and programs in organizations of scale and business focus similar to Blackpanda.
  • Ablility to help with scoping prospective engagements, leading a complete incident lifecycle (i.e. Preparation, Detection & Analysis, Containment Eradication & Recovery, Post-Incident Activity) for all levels of Blackpanda’s clients.
  • Ability to communicate highly technical, actionable information and develop reports to audiences ranging from technically astute peers to non-technical business managers, legal counsel and leaders (including C-Suite level persons).
  • Maintains social, ethical, professional and organizational standards and values, always honors commitments.


  • At least eight (8) years of experience in front line cybersecurity roles.
  • Cantonese business fluency is required; Mandarin equivalency is a strong plus.
  • Bachelor’s or Master’s degree in computer science, electronic engineering, or equivalent subject areas with formal coursework or training in cybersecurity, digital forensics, and/or data protection.
  • Current holder of CISSP (Certified Information Systems Security Professional) and/or GIAC (Global Information Assurance Certification, such as GCIH or GCFA) – or equivalent. Additional cybersecurity-related certifications are advantageous.
  • Familiarity with legal and/or compliance requirements related to cybersecurity incident response and reporting.

About Blackpanda

BLACKPANDA is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from International military special forces, intelligence, forensics and law enforcement backgrounds. We are highly trained, ready to respond to and help manage crises on short notice, when and wherever needed. |

You must be logged in to to apply to this job.


Your application has been successfully submitted.

Please fix the errors below and resubmit.

Something went wrong. Please try again later or contact us.

Personal Information


View resume



Asia’s Premier Digital Forensics & Incident Response Firm.