Incident Response Manager

About Blackpanda

Blackpanda is Asia’s premier cyber crisis response firm, founded by former elite military special operations forces and cyber defense experts. Headquartered in Singapore, we specialize in incident response and digital forensics across the Asia-Pacific region.

Our mission is bold: to democratize cyber resilience by providing organizations of all sizes with best-in-class incident response and insurance solutions, ensuring they can operate securely and sustainably in an increasingly hostile digital world.

But we’re not stopping there.

We are building the world’s first Cyber In-Extremis Force (CIF), a no-fail, elite digital crisis response unit modeled after the most advanced special operations capabilities in the world. Inspired by Tier-1 military readiness, our team doesn’t just respond to cyber threats.

We dominate them.

We live by the following core values:

• Sincerity: We believe in open, honest, and ethical conduct in all interactions.
• Unity: Collaboration is key; we operate as a team with mutual respect and shared goals.
• Efficiency: We prioritize smart, effective problem-solving over unnecessary complexity.
• Humility: Continuous learning and adaptability are at the heart of our growth.
• Grit: Cybersecurity is tough, and we embrace the challenge with determination and resilience.

Your Mission: Incident Responder

You will manage high-profile cybersecurity investigations, coordinate with executives, clients, and stakeholders, and guide organizations through their most urgent moments of digital crisis. This role demands exceptional hands-on technical ability, strategic leadership, and the calm, decisive mindset required in fast-moving, high-stakes environments.

But remember, this is the real world. Not every case will be complex or cinematic. Some will be routine. Others will be chaotic, even frightening—where you truly see how far many organizations are from real cyber resilience. You’ll realize that companies are not well-oiled machines; they’re messy, human, and often unprepared. Your mission is to bring clarity to that chaos, to lead with calm under fire, and to transform disorder into operational control.

You are not just technically sharp, but adaptable, open-minded, and ready to thrive under pressure. You’re someone who sees chaos as opportunity, who stays cool when others panic, and who finds solutions when the stakes are highest. Unlike traditional consulting environments, Blackpanda eliminates red tape in favor of speed, precision, and decisive action. We move fast. We train relentlessly.

And we deliver excellence. Every single time.

Core Responsibilities

• Lead and execute high-stakes cyber incident response investigations, ensuring rapid containment, eradication, and recovery in mission-critical environments.
• Analyze forensic artifacts, attacker TTPs, and malware across complex hybrid infrastructures: including Windows, Linux, macOS, and cloud platforms.
• Perform full-spectrum DFIR operations, including disk imaging, memory acquisition, log analysis, threat hunting, and lateral movement investigations.
• Utilize scripting languages (Python, Bash, PowerShell) to automate response workflows, simulate adversarial techniques, and enhance investigative efficiency.
• Communicate strategic insights and technical findings to clients, executives, regulators, and law enforcement with clarity, confidence, and precision.
• Collaborate with engineering and R&D teams to refine internal tools, enhance proprietary tech, and accelerate operational readiness.
• Coordinate directly with external stakeholders: including legal teams, insurers, vendors, and government agencies, throughout incident lifecycles.
• Partner with sales consultants to scope potential engagements, provide technical insight during pre-sales, and contribute to internal upskilling, ensuring our commercial team is equipped to position Blackpanda CIF capabilities with precision.
• Train, mentor, and uplift junior analysts, instilling elite tradecraft, professional discipline, and the Blackpanda standard of operational excellence.

Minimum Requirements – This Is Your Entry Ticket to CIF

• 3+ Years of Hands-On Experience in cybersecurity incident response, security operations as an analyst, digital forensics, or threat intelligence (consulting or in-house).
• Strong Technical Foundations across enterprise networks, security architecture, and cloud environments.
• Proficiency with Key DFIR Tools including EDR platforms, SIEMs, firewalls, and forensic toolkits (e.g., Splunk, ELK, SentinelOne, Checkpoint, Velociraptor, EnCase).
• Operating System Mastery – Comfortable navigating and investigating across Windows, Linux, and macOS environments.
• Scripting and Automation Skills – Proficient in at least one scripting language (Python, Bash, or PowerShell), with a mindset for automating workflows and simulating adversary behavior.
• Calm Under Fire – Proven ability to lead or contribute to high-pressure, customer-facing IR engagements with poise and precision.
• Communication – Able to translate complex technical findings into strategic guidance for senior stakeholders, boards, and regulators.

Preferred Qualifications – What Sets You Apart

• Certifications – GCFA, GNFA, GREM, OSCP, or equivalent.
• Real-World Adversary Experience – Deep exposure to ransomware/extortion cases, dark web intelligence, and threat actor tracking.
• OT/ICS Proficiency – Experience working in air-gapped or critical infrastructure environments.
• Builder Mindset – Demonstrated experience in building cybersecurity tools, writing custom scripts, or contributing to open-source security projects.
• Backgrounds of Honor – Prior experience in military, law enforcement, or intelligence agencies is a strong plus.

We know, it’s a big list. But we’re not here to check boxes. At Blackpanda, what matters most is your mindset: the grit, discipline, and calm-under-fire required to operate when others freeze. If you've been forged through experience, sharpened by adversity, and you're ready to push even further, we want you on this team.