60 Incident Response jobs in Hong Kong

Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by over 280 million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world.

We’re looking for a security engineer with hands-on experience in Data Loss Prevention (DLP) and incident response, ideally within fintech, crypto, or high-security environments. The role goes beyond using commercial tools you’ll also design and build custom solutions, leverage automation, and adapt to emerging threats, including those driven by recent LLM/AI advancements.

Responsibilities

• Design, deploy, and optimize DLP solutions across network, endpoint, and cloud.
• Build and refine data classification schemes for sensitive assets (wallets, trading algorithms, customer PII).
• Configure DLP policies to prevent data exfiltration while minimizing false positives.
• Monitor, analyze, and tune alerts and incidents for continuous improvement.
• Lead investigations of DLP incidents and insider threats.
• Conduct threat hunting and forensic analysis of data exfiltration attempts.
• Integrate DLP monitoring into broader SOC workflows and incident response playbooks.
• Build custom DLP tools and integrations (e.g., macOS Swift endpoint protection, Unix socket monitoring).
• Develop automation scripts, APIs, regexes and integrations to enhance detection and response.
• Explore AI/LLM-driven methods for anomaly detection and response efficiency.
• Ensure controls align with crypto and financial regulations (AML, KYC, GDPR, CCPA).
• Support audits and regulatory reviews related to data protection.
• Assess and mitigate data loss risks across trading platforms, onboarding systems, and blockchain infrastructure.

Requirements

• 4+ years in a SOC or security operations role with incident response focus.
• Proven experience with DLP design, deployment, and monitoring.
• Strong programming skills (macOS Swift, Unix socket programming, scripting).
• Hands-on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data classification methods.

Nice-to-have

• 4+ years in a SOC or security operations role with incident response focus.
• Proven experience with DLP design, deployment, and monitoring.
• Strong programming skills (macOS Swift, Unix socket programming, scripting).
• Hands-on threat hunting, forensic analysis, and APT detection experience.
• Familiarity with SIEM, EDR, and cloud security architectures.
• Knowledge of encryption, tokenization, and data classification methods.

Why Binance

• Shape the future with the world’s leading blockchain ecosystem
• Collaborate with world-class talent in a user-centric global organization with a flat structure
• Tackle unique, fast-paced projects with autonomy in an innovative environment
• Thrive in a results-driven workplace with opportunities for career growth and continuous learning
• Competitive salary and company benefits
• Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team)

Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success.

By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice.

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Technology, Information and Internet

Referrals increase your chances of interviewing at Binance by 2x

Get notified about new Cyber Security Engineer jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Minimum qualifications:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, related technical field, or equivalent practical experience.
• 3 years of experience assessing and developing cybersecurity solutions across multiple security domains.
• 1 year of experience leading Incident Response investigations, analysis, or containment actions and any three of the following: network or log forensic analysis, malware triage analysis, disk, or memory forensics, with experience in information security domain.
• Ability to communicate in English and Mandarin or Cantonese fluently, as this is a client-facing role that requires interactions in English and Mandarin/Cantonese with local stakeholders.

Preferred qualifications:

• Experience with enterprise security architecture and security controls.
• Experience with cloud incidents or forensic responses.
• Experience with malware triage analysis and disk or memory forensics in one or more of the following: Windows, macOS, or Linux.
• Experience in cybersecurity in one of the following areas: network security, wireless security, web application assessments, social engineering, scripting, cloud security, reverse engineering, or incident response.
• Excellent time and project management skills.

About the job
As an Incident Response Consultant, you will provide industry-leading incident response, assessment, transformation, managed detection and response, and training services with tactical support. You will help organizations detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident. You will be able to resolve security incidents quickly, and at scale with complete incident response including investigation, containment, remediation, and crisis management. In this role, you will work on engagements including assisting clients in navigating technical and profile incidents, performing forensic analysis, threat hunting, and malware triage.Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

Responsibilities

• Collaborate with internal and customer teams to investigate and contain incidents.
• Support specific workstreams for a variety of client-facing investigations including the examination of cloud, endpoint, and network-based sources of evidence.
• Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations.
• Develop comprehensive and accurate reports and presentations for technical and non-technical audiences.

Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Google's EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form .

Minimum qualifications:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, related technical field, or equivalent practical experience.
• 3 years of experience assessing and developing cybersecurity solutions across multiple security domains.
• 1 year of experience leading Incident Response investigations, analysis, or containment actions and any three of the following: network or log forensic analysis, malware triage analysis, disk, or memory forensics, with experience in information security domain.
• Ability to communicate in English and Mandarin or Cantonese fluently, as this is a client-facing role that requires interactions in English and Mandarin/Cantonese with local stakeholders.

Preferred qualifications:

• Experience with enterprise security architecture and security controls.
• Experience with cloud incidents or forensic responses.
• Experience with malware triage analysis and disk or memory forensics in one or more of the following: Windows, macOS, or Linux.
• Experience in cybersecurity in one of the following areas: network security, wireless security, web application assessments, social engineering, scripting, cloud security, reverse engineering, or incident response.
• Excellent time and project management skills.

About the job

As an Incident Response Consultant, you will provide industry-leading incident response, assessment, transformation, managed detection and response, and training services with tactical support. You will help organizations detect and respond to threats and reduce the overall impact of business risk before, during, and after an incident. You will be able to resolve security incidents quickly, and at scale with complete incident response including investigation, containment, remediation, and crisis management. In this role, you will work on engagements including assisting clients in navigating technical and profile incidents, performing forensic analysis, threat hunting, and malware triage.Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.Responsibilities

• Collaborate with internal and customer teams to investigate and contain incidents.
• Support specific workstreams for a variety of client-facing investigations including the examination of cloud, endpoint, and network-based sources of evidence.
• Recognize and codify attacker Tools, Tactics, and Procedures (TTPs) and Indicators of Compromise (IOCs) that can be applied to current and future investigations.
• Develop comprehensive and accurate reports and presentations for technical and non-technical audiences.

Cyber & Strategic Risk

We help clients address various aspects of Cyber and other strategic risks to their organizations to inform risk-based strategic choices, prepare to respond to disruption, assess and manage full-lifecycle enterprise risks, as well as strategize and respond to risks associated with the reliability and protection of data, associated processes and technology. We provide advisory and managed services to help senior executives spot, assess, manage, and respond to risks and/or catastrophic unforeseen incidents that could undermine their competitive position or jeopardize their critical assets, reputation and/or financial standing.

Our objective is to help clients develop and implement strategies for IT risk management and aim to help clients find the appropriate balance between risk management and cost containment. Our integrated solutions covering: Cyber Strategy, Cyber Security, Cyber Vigilance, Cyber Resilience.

• Assist in cyber incident response & investigation related projects
• Own technical cyber incident investigations processes, tools and strategies
• Collaborate with the Deloitte Digital Forensics and Financial Crime teams to participate in cross service line client engagements
• Support the broader Cyber Risk team in skills and knowledge transfer activities for cyber incident response & investigation
• Work with multi-level of our clients from C-level executives and management staff to on-the-ground professionals
• Establish cyber IR framework for our clients including strategies, organizations, policies, processes, standards and guidelines, etc.
• Review and analyze client's IT environment from infrastructure, databases to applications
• Review and analyze client's existing technical workflows and processes
• Work with other internal teams to deliver complex engagements both locally and overseas
• Professionally advice and work with client's key stakeholders to design best-of-breed solutions to our clients

During your tenure with us, you will demonstrate and develop your leadership and professional capabilities in the following areas: Inspiring, Creating purpose, Driving agility, Building diverse capability, Influencing, Collaborating, Delivering value, Building the business, Analytical acumen, Effective communication, Engagement management/delivery excellence, Managing change, Managing quality & risk, Sales excellence, Strategic thinking and problem solving, and Tech savviness.

• Bachelor degree or above in Information Security, Computer Science, Information Technology, Risk Management, Management Information Systems or related disciplines
• Ideally 3 or more years of working experience in cyber incident response or digital forensics investigation. Deep hands-on experience of cyber threat hunting, threat intelligence and/or data analytics can be a substitute
• Familiarity with cyber incident response processes and methodologies and advanced investigative, compliance, and/or regulatory analytics
• Fluent in Python is compulsory
• Possess one or more of cyber security, incident response or digital forensics certification(s) such as CISSP, CISM, CEH, CHFI, GCIH, OSCP, OSCE, EnCE, GCFA, GCFE, GREM etc.
• Specific capabilities and experience should be heavily weighted towards cyber incident response, cyber forensics and compliance/investigation analytics including the use of advanced automation, predictive algorithms, and dynamic reporting using digital and mobile delivery channels
• Strong project management skills with the ability to lead and manage multiple significant client engagements simultaneously
• Demonstrated leadership and ability to drive successful execution of strategic objectives
• Cyber / disaster recovery, incident and crisis management
• Ability to build relationships with clients, also be able to work under tight deadlines, prioritize, handle multiple tasks, utilize strong leadership and technical skills, and communicate effectively both orally and in writing
• Strong analytical mind and problem solving skills
• Excellent project management and interpersonal skills
• Strong consultation and communication skills with highly proficiency in both spoken and written English and Chinese

For more than 100 years of history, Deloitte witnessed also had the honor to be part of the economic boom in China by providing industry-leading audit & assurance, consulting, risk advisory, financial advisory, tax & business advisory services to nearly 90% of the Fortune Global 500 Chinese companies and thousands of private companies. Deloitte China today carries on our centenary professionalism and strives to become the undisputed leader in professional services in China with strong responsibility and capabilities in digitalization and multidisciplinary services.

Deloitte has been named China's Top Employer since 2006, Universum's Most Attractive Employer in China since 2008, and the Best Workplaces in Greater China since 2019.

All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte China or by their external third-party provider.

Ready to take on new challenges? Apply now

Stay connected for the latest career opportunities, follow us on Deloitte China Social Media.

Service Line Overview

KPMG Forensic leverages our vast industry experience and leading technologies to help clients handle fraud and misconduct investigations, address complex regulatory compliance issues, and provide dispute advisory support in financial disputes that are likely to lead to litigation, arbitration, expert determination or mediation.

Our team have qualifications and experience in forensic accounting, big data analytics, technology, anti-money laundering/Sanctions compliance, law enforcement and research. We have dedicated Forensic Technology labs in Shanghai and Hong Kong and are equipped with capability and experience to analyze and host terabytes of data in local jurisdictions. We have leading hardware equipment and are keeping learning and strengthening our technique capacity to address rising market needs on big data analytics, computer forensics and cyber incident responses.

We have worked with industry professionals in Asia Pacific, and worldwide through the KPMG International Forensic network of over 3,000 professionals to provide one-stop solution for complex projects across numerous jurisdictions.

Key Responsibilities

• Lead a core group of Cyber incident response professionals, reporting to the Forensic Hong Kong partnership team
• Manage a portfolio of clients e.g. banking sector, logistics, critical infrastructure providers and consumer retails in Hong Kong, Mainland China and ASPAC, and closely monitor the scope, timelines, budget and resources of the project, to support our existing teams with specific analytic skills to identify market intelligence, potential threats and insights across the service areas
• Provide thought leadership and constant innovation to develop cyber incident response services in line with our KPMG global brand to cater to our existing clients and to develop opportunities and referrals in adjacent non-competing market spaces
• Direct end-to-end investigations of major incidents for KPMG's clients, ensuring minimal operational impact and full documentation of findings.
• Lead advanced analysis of complex cybersecurity events and incidents, delivering
• Assist with the day-to-day operations on projects, oversea engagements (client deliverables, timelines), provide mentorship and guidance to the cyber response team members

Experience & Background

• A passion for cyber security, computer systems and networks;
• Direct end-to-end investigations of major incidents, ensuring minimal operational impact and full documentation of findings
• In depth understanding of how operating systems work, computer networks and appliances like - firewalls, web proxy, system event logs, web applications, web servers etc. with hands on experience for analysis of forensic artifacts
• A bachelor's degree holder or above in Computer Science, Information Security, Information Management or equivalent or related disciplines.
• 5+ years of relevant working experience, computer forensic or incident response/incident management/ crisis management / Security Operations Center (SOC)/ digital forensics related experience
• Good understanding of SIEM, SOAR, UEBA, EDR/XDR tools, and their use in monitoring and incident handling
• Knowledge of MITRE ATT&CK, Cyber Kill Chain, and other adversary behaviour models for detection engineering
• Overseas work or education background is a plus.
• Quick learner, ability to work under pressure and deliver high quality work
• You will be leading the team to perform cyber investigations, assist in developing proposals/ responding to RFP's, lead engagements related to building cyber readiness for clients (involving cyber crisis exercises, IR policy reviews and playbooks, conducting trainings, blue team exercises ), collaborate on engagements with other service teams of KPMG etc.
• Good communication skills in English and team player
• Willingness to travel within China and the Asia Pacific region
• Proficiency in spoken/written Chinese and English
• Candidates with one or more of following certificates will be given added preference - EC Council Certified Ethical hacker, EC-Council Certified Hacking Forensics Investigator, SANS GCFA, SANS GCFE, CREST, EC-Council Certified Incident Handler, OSCP, LPT, SANS GCTI, CTIA - EC-Council Certified Threat Intelligence Analyst, CISSP - Certified Information Systems Security Professional etc.

About KPMG

At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.

We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity - and how we make a positive impact on our people, environment and society.

We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.

You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively " Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.

If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted ( see here ).

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you'll translate insights into action and reveal opportunities for all-our teams, our clients and our world.

Service Line Overview

KPMG China has experienced forensic resources based in Beijing, Shanghai and Hong Kong. We provide clients with commercial and financial expertise in the areas of Anti-money Laundering/ Counter Terrorist Financing and Sanctions Compliance Services, Fraud Risk Management, Forensic Technology, Investigations, Cyber Response and Forensic Accounting services. We worked with industry professionals in Asia Pacific, and worldwide through the KPMG International Forensic network of over 3,600 professionals to conduct successful enquiries and analyze financial information across numerous jurisdictions.

Key Responsibilities

Do you have a passion for cyber security? Do you want to investigate complex cyber attacks?

The successful candidate will have an opportunity to work with a highly skilled team and assist our clients in investigating complex cyber security attacks, hacker activity and be part of cyber drills.

• Support all cyber security related reviews and investigations undertaken by the firm and assist our clients
• Support and participate in the team investigating cyber attacks
• Interact and guide management teams during cyber games & drills
• Assist client to preserve and analyze data from electronic data sources like laptops and desktop computers, servers, and mobile devices'
• Assist team members in analyzing and processing of files and documents
• Perform log analysis and correlation (as needed) to detect malicious activity in client's network;
• Produce high-quality oral and written work product, presenting complex technical matters clearly and concisely internally and to clients;

Experience & Background

• A passion for cyber security, computer systems and networks;
• Basic understanding of how operating systems work, computer networks and appliances like - firewalls, web proxy, system event logs, web applications, web servers etc.
• A bachelor's degree holder or above in Computer Science, Information Security, Information Management or equivalent or related disciplines.
• 1-3 years of relevant working experience, computer forensic or incident response/incident management/ Security Operations Center (SOC)/ digital forensics related experience
• Overseas work or education background is a plus.
• Quick learner, ability to work under pressure and deliver high quality work
• Good communication skills in English and team player
• Willingness to travel within China and the Asia Pacific region
• Proficiency in spoken/written Chinese and English
• Candidates with one or more of following certificates will be given added preference - EC Council Certified Ethical hacker, EC-Council Certified Hacking Forensics Investigator, SANS GCFA, SANS GCFE, CREST, EC-Council Certified Incident Handler, OSCP, LPT etc.

About KPMG

At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and

professional level.

We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity - and how we make a positive impact on our people, environment and society.

We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.

You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively " Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking

platform.

If you have any questions regarding the information you provided in the form or you our job application in general, please contact KPMG China's HR personnel in the location where your application is submitted ( see here ).

A leading multinational servicing company is looking to strengthen their cybersecurity team by recruiting a Security Analyst. This role reports to the Security Architecture Manager and will be responsible for supporting global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments.

Candidates should have exposure in the following:

• Minimum 2 to 4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, Data Loss Prevention (DLP), Identity and Access Management (IAM), vulnerability scanning, and incident response
• Proven ability to detect and respond to network anomalies and malware events across multiple security platforms
• Experience managing and monitoring DLP solutions, email filtering systems, and application whitelisting
• Skilled at investigating and managing SIEM alerts and overseeing cybersecurity configuration compliance via vulnerability management tools
• Bachelor's degree in Information Systems, Computer Science, or equivalent experience

This role requires strong collaboration skills to work closely with security engineers, architects, and IT teams to ensure compliance and resilience across the organization's digital infrastructure.

For more information, please contact OR WhatsApp

Associate Manager @ PureSoftware Malaysia

Job Description:

• Minimum of 2 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world’s top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

• Associate

• Full-time

• Information Technology, Other, and Analyst

• Insurance, Banking, and Financial Services