Digital Forensics and Incident Response (DFIR) Specialist

DFIR Specialist

Location: Manila, Kuala Lumpur, Hong Kong, Singapore or APAC Remote

About Us

At Theos, security is not an afterthought. It is our foundation.

Our mission is to empower businesses to thrive in the digital security age by defining and executing practical strategies that build true cyber resilience. We believe in disciplined execution over silver bullets. Real outcomes over noise.

We deliver premium cybersecurity services across Asia and beyond, supporting SMEs and enterprises with capabilities traditionally reserved for global Tier-1 firms. Our expertise spans Penetration Testing, Red Teaming, Managed Detection and Response, and Digital Forensics and Incident Response. We combine deep technical capability with commercial discipline and operational maturity.

Our culture is grounded in five core values:

Security as Our Foundation

We build everything on trust, protecting what matters most to our clients.

Global Collaboration and Respect
We work across borders, roles and perspectives to achieve shared success.

Embrace Change and Innovate
We challenge the status quo and continuously evolve how we deliver impact.

Integrity and Accountability
We hold ourselves to the highest standards and deliver on our commitments.

Strive for Excellence
We push boundaries and raise the bar, for our clients and for each other.

We are experiencing strong growth and momentum. As we scale, we are building a culture that moves from heroics to process, from reaction to discipline, and from surviving to thriving. We value ownership, clarity, and execution. We expect excellence and support each other in achieving it.

If you are serious about cybersecurity, serious about impact, and serious about raising your standard, Theos may be the right place for you.

Job Summary

As an Incident Response Specialist at Theos, you will lead client-facing engagements across the full incident response lifecycle, working closely with diverse customers and senior stakeholders to deliver critical outcomes and guide organisations through complex forensic investigations. Your role will be central in managing the engagement process, containing security incidents with precision, and providing clear, actionable remediation plans that strengthen client resilience and enhance overall security posture.

Key Responsibilities

• Lead end-to-end incident response engagements, guiding clients through investigation, containment, and long-term remediation.

• Conduct host-based forensic analysis across Windows, Linux, and Mac OS X systems to identify Indicators of Compromise (IOCs).
• Analyse firewall, web, database, and other log data to detect evidence of malicious activity and system compromise.
• Apply advanced tools (e.g., CrowdStrike, FTK, NGSIEM, Axiom) to investigate breaches, determine root cause, and assess scope of impact.
• Collaborate with clients and internal stakeholders to communicate findings, provide timely updates, and deliver comprehensive reports.
• Mentor junior staff, sharing expertise in incident response and digital forensics best practices.
• Travel as required (approximately 20%) to support client and business needs through on-site engagement.

Qualifications

Required Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Digital Forensics, Cyber Security, or a related discipline, or equivalent professional experience.

• Minimum 2 years of direct experience in incident response and/or digital forensics.
• Strong proficiency in host-based forensics, data breach response, and evidence handling procedures.
• Practical experience with forensic and incident response tools.

Preferred Qualifications:

• Prior experience in a client-facing incident response consulting role.

• Prior experience developing and delivering tabletop exercises.
• Strong executive presence with the ability to present complex technical findings to C-level stakeholders.
• Demonstrated external visibility through public speaking, conference presentations, or industry publications.
• Proven capability to build collaborative relationships with internal teams, external partners, and clients.

About Your Application

• Answers to the screening questions matter a lot!
• If you do not specify a desired pay and date available, your application will be disregarded.
• No visa or relocation is provided for this role.