We are seeking a senior Cyber and Digital Forensic Investigations practitioner to join our client in Singapore at Senior Director level. The ideal candidate will hold senior incident-response and digital-forensics credentials with at least 10 years of relevant experience, the most recent 3+ years at Director or equivalent senior-leadership level, and a track record of incident-command on bet-the-company breaches admissible in regulator and litigation review. The successful candidate will lead the most complex multi-jurisdictional cyber investigations, define the practice's incident-command doctrine and signed-off declaration practice, carry a meaningful named-account pipeline across the regional breach-coach and cyber-litigation bar, and contribute to the practice's strategy as an emerging Partner-track operator.

Confidential Client. Applying to this position means that you are interested to have an initial confidential discussion about how we can help you to identify and join a new cyber and digital forensic investigations practice. With your authorisation we will exclusively run the entire application and recruitment process for you, keeping you apprised at every step. With over 30 years' combined experience of helping the most talented cyber-investigations practitioners to make safe exits to launch rewarding new careers, we have the experience, network and ability to help you.

Key Responsibilities:

• Lead high-stakes breach-response engagements, typically running USD 750k - 4m, with full responsibility for incident-command, technical strategy, evidentiary discipline and stakeholder communication on bet-the-company cyber matters.
• Define the practice's incident-command doctrine on ransomware, BEC, advanced-persistent-threat, insider-threat, supply-chain, cloud-account-takeover and nation-state intrusion fact patterns; set the bar for what is - and is not - defensible against regulator and class-action review.
• Lead the most complex host, network, cloud and memory forensics on enterprise-scale investigations, including identity-provider compromise (Entra ID, Okta), Kubernetes / container-runtime intrusion, OT-and-IT convergence incidents, AI-system compromise and prompt-injection investigations, and ephemeral-messaging-platform-mediated insider threat.
• Take signed-off positions on threat-actor attribution, root-cause findings and lessons-learned reports at instructing-counsel and regulator level; engage on disclosure-and-notification timing under MAS cyber-incident-notification obligations, the Cybersecurity Act 2018 / 2024 (Amendment), IMDA Critical Information Infrastructure Code and PDPA obligations.
• Direct ransomware-response engagements on the most complex matters, including multi-stage extortion, exfiltration-only and double-extortion patterns, with sanctions-screening governance under OFAC, Singapore TSOFA and MAS Targeted Financial Sanctions advisory.
• Develop and own a sustained pipeline of named accounts at General Counsel, CISO, Chief Risk Officer and Chief Compliance Officer level, and at relevant law firm partner level; originate or co-originate USD 1.5m+ annually in qualified cyber-investigations opportunities.
• Convert reactive case work into multi-year retainer engagements covering incident-response retainer, managed-detection-and-response (MDR), threat-hunting, tabletop-exercise programmes and CISO-advisory work.
• Set methodology and tooling-strategy direction within the cyber-investigations sub-practice; define the framework on AI-assisted DFIR governance; directly supervise, mentor and advocate for Directors and Senior Managers - championing their advancement at promotion rounds, sponsoring sustained upskilling on emerging methodology and AI tooling, and shaping their external profile-building on incident-command depth.

Required Qualifications and Skills:

• Multiple senior incident-response and / or digital-forensics credentials, such as GCFA (GIAC Certified Forensic Analyst) plus GREM (GIAC Reverse-Engineering Malware) plus CISSP (Certified Information Systems Security Professional), or GNFA plus GCIH plus CISM - typically multiple at this level.
• At least 10 years of relevant experience in cyber investigations, incident response or digital forensics, with the most recent 3+ years at Director or equivalent senior-leadership level.
• Demonstrable track record of leading bet-the-company cyber-investigations matters with full incident-command and client-facing responsibility, including signed-off threat-actor-attribution and root-cause findings under regulator and litigation review.
• Direct experience operating with General Counsel, CISOs, Chief Risk Officers and Chief Compliance Officers, breach coaches at law-firm partner level and Singapore regulators (CSA, IMDA, MAS, PDPC).
• Working knowledge at supervisory-policy depth of the Singapore cyber-incident framework: the Cybersecurity Act 2018 and 2024 (Amendment) Act, IMDA Cybersecurity Code of Practice for Critical Information Infrastructure, MAS Technology Risk Management Guidelines and MAS cyber-incident-notification obligations, PDPA data-breach notification framework and Personal Data Protection Commission enforcement-decision pattern at post-2024 depth.
• Authority on NIST 800-61, NIST 800-86, the MITRE ATT&CK framework, MITRE D3FEND, the SANS DFIR methodology, the Cyber Kill Chain and the FOR578 / FOR508 incident-response curriculum.
• Familiarity with industry-standard DFIR tooling, including SIEM platforms (such as Splunk, Microsoft Sentinel, QRadar or Elastic), EDR (such as CrowdStrike Falcon, SentinelOne, Carbon Black or Microsoft Defender), forensic-imaging and analysis tools (such as EnCase, Magnet Axiom, X-Ways or FTK), memory-analysis tools (such as Volatility or Rekall), network-forensics tools (such as Wireshark, Zeek or Arkime), and reverse-engineering tools (such as IDA Pro, Ghidra or x64dbg).
• Demonstrable history of converting cyber-investigations engagement relationships into multi-year incident-response retainer, managed-detection-and-response or CISO-advisory work.
• Established relationships with law firm partners in cyber and data-breach practice, regulatory enforcement, white-collar crime, internal-investigations and class-action / privacy-litigation practices who refer and instruct cyber-investigations work; sustained named-account level engagement is the strongest evidence.
• High-agency operating style, calm and credible under live-incident and adversarial-challenge pressure, with the methodological discipline to ensure findings are evidence-based, structured and defensible.

Preferred Experience:

• Stacking credentials including offensive-security qualifications (such as OSCP, CRTO or CRTP) and reverse-engineering depth (GREM).
• Postgraduate qualification: Master's in computer science, information security, digital forensics, MBA, or LLM with cyber-law / privacy / regulatory relevance.
• Multilingual capability (Mandarin, Bahasa, Hokkien) for regional witness, custodian and threat-actor-communication contexts.
• Cross-border breach-response experience across Southeast Asia, Greater China, India and South Asia.
• Published authorship on incident-response, threat-hunting, ransomware-response or attribution themes; conference-level speaking on cyber investigations.
• Track record of testifying or signed-off declaration on cyber-investigations issues in arbitration, court or regulator proceedings.
• Tabletop-exercise design and CISO-advisory programme delivery at audit-committee level.
• Growth-mindset operating posture and visible engagement with the AI developments reshaping cyber and digital forensic investigations: candidates who track tooling shifts (such as AI-assisted DFIR via CrowdStrike Charlotte AI or Microsoft Sentinel Copilot, prompt-injection defence, AI-system-compromise investigations, or LLM-aided malware-analysis triage), share that knowledge with the Director and Manager bench under their supervision, and have a track record of building team-upskilling programmes on emerging methodologies.

Compensation:

Competitive package commensurate with seniority and experience, including base, performance-based bonus, long-term incentives and (where applicable) partner-track equity participation.

Next Steps:

This opportunity is open to Singaporeans, Singapore permanent residents, and qualified candidates with relevant work-rights status who match the above criteria. Please apply to receive prompt contact from an experienced and specialist cyber and digital forensic investigations recruitment consultant.

Search & Counsel is a trading style of Feltan Associates Pte Ltd; an international Executive Search, Recruitment and Consulting business based in Singapore, licensed and regulated by the Singapore Ministry of Manpower to conduct recruitment services for clients. UEN: 202225620G. EA Licence 23S1672. All rights reserved.