Regional Technical Lead DFIR

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

 

ABOUT THE ROLE:

The Technical Lead will act as the primary technical anchor and initial escalation point during complex cybersecurity incidents. Led by a Regional Head, this role is deeply rooted in 24/7 technical excellence and cross-domain coordination. You will guide the technical direction of the team, provide extensive quality assurance, and drive the skill-up and professional growth of team members.

This is a highly specialized, purely technical career path. It explicitly does not include team management, disciplinary leadership functions, or the responsibility to drive the overarching strategic vision of the DFIR teams. You are the ultimate technical authority, not the administrative manager.

The DFIR vision: Our ultimate goal is to fight cybercrime by constantly learning and staying one step ahead of the attackers. We do not just solve isolated puzzles; we bring different security experts together to build a complete and strong defense. By handling a large volume of cases, we gain real, practical experience that makes us better every day. Instead of just handing our clients a confusing list of technical data or "homework," we focus on providing clear, actionable answers that explain exactly what happened and what it means for their business. Furthermore, we are constantly researching and looking ahead to ensure we are fully prepared for the future of automated cyber threats

 

YOUR MISSION:

Normal DFIR Duties (24/7 Service)

• Provide continuous 24/7 service, which includes working on weekends.
• Conduct onsite engagements to support clients directly in critical situations.
• Apply hands-on technical expertise in default forensics fields: Windows, Linux, and Memory.
• Operate under the strategic guidance and leadership of a Regional Head.

Specific Technical Lead Duties:

• Incident Management & Technical Direction:
• Lead the technical direction during high-stakes cybersecurity incidents.
• Act as the initial escalation point for the team and the clients.
• Support the team in resolving challenging, complex, and non-discrete problems.
• Make sound decisions with incomplete data, constantly balancing analytical depth versus the speed of response.
• Research & Technological Foresight:
• Actively engage in academic research and encourage the publication of papers and articles to drive the industry forward.
• Stay up-to-date with the continuous adaptation of new technologies and modern methodologies.
• Maintain a deep understanding of emerging tech, such as integrating and properly automating non-deterministic systems like LLMs into the investigative workflow.
• Provide research advisory to guide the team's investigative and academic efforts.
• Mentorship & Team Growth:
• Actively drive the skill-up and professional growth of DFIR team members.
• Provide research advisory to guide the team's investigative efforts.
• Offer speaking and presenting advisory to help team members communicate their findings effectively.
• Leverage your training and education experience to elevate the team's capabilities.
• Quality Assurance & Technical Depth:
• Maintain a technical deep-dive expertise in at least one specific forensics-related field.
• Support Quality Assurance by reviewing technical documents, editing, and conducting review evaluations.
• Utilize advanced technical writing skills to ensure reports meet the highest standards.
• Cross-Functional Coordination & Planning:
• Coordinate seamlessly across different domains and cybersecurity disciplines.
• Apply process and project management skills to ensure efficient delivery.
• Support the Regional Head in project planning, specifically in defining project scope descriptions.
• Utilize strong social skills, specifically expertise in HUMINT (understanding interpersonal dynamics and communication), to foster collaboration.

 

WHAT WE ARE LOOKING FOR: 

• Previous 8 years experience in DFIR roles within cybersecurity organizations
• Strong knowledge of DFIR methodologies, tools, and industry standards.
• Strong stakeholder management and interdepartmental collaboration skills
• High-level decision-making skills in dynamic and high-pressure environments.
• Proficiency in process management including process design and optimization.

 

WHAT SETS YOU APART:

• Fluent in English; proficiency in an additional language is highly preferred.
• Experience in intelligence tradecraft across cyber and other domains is highly desirable.
• A proven track record in academic research is preferred.

 

WHY CHOOSE GROUP-IB  

Group-IB is a global leader in cybersecurity technologies that investigate, predict, prevent, and fight digital crime. We help organizations reduce risk and protect trust. Trusted by governments, major industries, and law enforcement, we deliver adversary-focused, predictive threat intelligence and cyber fraud fusion solutions that detect, analyse, and mitigate regional and country-specific digital crimes.

• Work with real stakes. Group-IB investigates active cybercriminal groups, responds to breaches affecting critical infrastructure, and develops technologies used by law enforcement agencies including INTERPOL, Europol, and Afripol across 60+ countries. We've conducted 1,550+ cybercrime investigations alongside 600+ enterprise customers globally. When you join Group-IB, your work directly disrupts digital crime.
• Grow your way. Choose your own path: deepen your craft as a technical expert, step into leadership, move across to another team, or relocate to one of our Digital Crime Resistance Centers across the Americas, Europe, the Middle East & Africa, Central Asia, and the Asia-Pacific. Your growth is our growth — Group-IB's expansion across 60+ active country operations means real career acceleration.
• We fund professional certifications at company expense — whether you're pursuing CEH, CISSP, OSCP, or specialized certifications in forensics and penetration testing. You don't have to choose between doing the job and advancing your credentials.
• Work alongside industry leaders. Our Unified Risk Platform — Threat Intelligence, Digital Risk Protection, Attack Surface Management, Managed XDR, and more — is recognized by Gartner, Forrester, KuppingerCole, and Datos Insights. Frost & Sullivan named us a 2025 Global Technology Innovation Leader. When you work here, you're building technologies that set the industry standard.
• Real challenges, real expertise. You'll take on complex, real-world problems alongside adversary-centric researchers and incident response experts spread across six continents. We've built 21+ years of proprietary telemetry through 1,500+ joint investigations. No two threats look alike — and neither do the skills you'll develop.
• A team that is genuinely international. Our people come from different countries, speak different languages, and bring different perspectives. What connects us is a shared mission: fighting cybercrime and making the world safer. We care about your wellbeing and happiness as much as your output.