Apply now »

T&T Manager - Digital Forensics & Incident Response - SG

Date: 15 Oct 2025

Service Line / Portfolios: Cyber

Location:

Singapore, Singapore, SG

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve.

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices.

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals.

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

Work you'll do:

The Digital Forensics & Incident Response (DFIR) Analyst work to address security incidents, hunt down security risks or incidents within the environment. The work generally consists of the following:

Assist clients in developing a cyber incident strategy, assessing, and remediating weaknesses, and conducting exercises to better prepare clients in responding to and recovering from cyber incidents.

Conduct advanced computer and network incident investigations relating to various forms of malware, computer intrusion, theft of information, denial of service, data breaches, etc.

Provide clients guidance and advice with regards to cyber incidents, forensics, and incident response

Lead and/or support in-depth triage and investigations of urgent cyber incidents in cloud, traditional, and hybrid environments.

Perform incident response functions including but not limited to host-based analytical functions (e.g., digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).

Create and track metrics based on the MITRE ATT&CK Framework and other standard security-focused models.

Work with application and infrastructure stakeholders to identify key components and information sources such as environments (on-premises versus cloud), servers, workstations, middleware, applications, databases, logs, etc.

Participate in incident response efforts using forensic and other custom tools to identify any sources of compromise and/or malicious activities taking place.

Your role as a leader:

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves every day to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. Additionally, Managers across our Firm are expected to:

Actively seek out developmental opportunities for growth, act as strong brand ambassadors for the firm as well as share their knowledge and experience with others.
Understand the goals of our internal and external stakeholder to set personal priorities as well as align their teams’ work to achieve the objectives.
Constantly challenge themselves, collaborate with others to deliver on tasks and take accountability for the results.
Build productive relationships and communicate effectively in order to positively influence teams and other stakeholders.
Project integrity and confidence while motivating others through team collaboration as well as recognising individual strengths, differences, and contributions.

Requirements:

If you are someone with:

- Bachelor’s degree in the relevant field and approximately 5 years or more of related work experience.
- One or more GIAC (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.), CREST or other digital forensic and/or incident response certifications.
- 5+ years of professional experience in cybersecurity and/or information security or demonstrated equivalent capability.
- 5+ years hands-on working in cyber incident response and investigations in medium to large organizations with cloud and forensics components.
- Experience with response and analysis tools such as EnCase Forensic, EnCase Enterprise, AccessData FTK, Volatility, SANS SIFT, Carbon Black, Internet Evidence Finder, Magnet Axiom, Splunk, ElasticSearch or CrowdStrike
- Experience with programming languages such as Python, JavaScript, PHP, SQL etc.
- Experience with malware analysis and understanding attack techniques.
- Experience interpreting, searching, and manipulating data within enterprise logging solutions.
- Familiarity with threat intelligence and applications within incident response investigations.
- Hands-on Dev/Sec/Ops experience with cloud environments and underlying storage, compute and monitoring services.
- Prior experience with cloud common services
- Hands-on experience with forensic investigations or large-scale incident response in cloud environments.
- Hands-on experience with containerization methods and tools (e.g., Docker, Kubernetes) including incident response and digital forensics.

Due to volume of applications, we regret only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request money or your personal information. Kindly apply for roles that you are interested via this official Deloitte website.

#LI-AN

Requisition ID: 111018

In Singapore, the services are provided by Deloitte and other related entities in Singapore("Deloitte in Singapore"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Singapore, which is within the Deloitte Network, is the entity that is providing this Website.

Apply now »