Forensic Technology - Cyber Response

Location: Bangkok, Thailand

Rank: All levels

KPMG Thailand’s Forensic Technology Advisory professionals assist our clients in collecting, recovering and analyzing digital information from laptops, mobiles, virtual machine, cloud storage, electronic devices and network appliances to help our clients address concerns of cyber incidents, potential fraud as well as misconducts. We are looking for someone to join our team to focus on the following:


  • Acting as the subject matter expert lead for clients in cyber incident response and data breach engagements and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents.
  • Conduct cyber forensic investigations and electronic discovery requests for legal and corporate clients.
  • Perform digital forensic evidence collection throughout the incident response phases, extensive log analysis and meta-data analysis.
  • Perform operating system and hard drive digital forensic evidence analysis.
  • Analyze results from tools and determine indicators of compromise (IOCs), root cause of compromise, possible attack vectors, potential threat actors and the overall risk/threat the client is facing.
  • Provide recommendations and advise on steps to mitigate the current attack, present risks and remediate the potentially vulnerable environment and remove the ability of ongoing/future attacks.
  • Analyze results of assessment and create technical accurate and articulate reports in a business professional language, to be shared with technical stakeholder, executive stakeholders and potentially third parties.
  • Implement and manage SIEM/SOAR platform.
  • Support other forensic team members including fraud investigation, eDiscovery and data analytics.


  • 1-4 years of experience in Information Technology with at least 1 year in security operation (4-6 years for Assistant Manager).
  • Bachelor’s degree or higher in Computer Forensics, Cyber Security, Computer Science, Information Systems, or Information Technology related fields.
  • Proficient knowledge of overall IT infrastructure, including operating systems; information systems security; network architecture; hardware and software troubleshooting.
  • Basic understanding of cyber security frameworks (MITRE ATT&CK, NIST, SANS, etc.)
  • Broad knowledge of Security Operation Center (SOC), Security Information and Event Management (SIEM), threat actors and techniques used to compromise organizations.
  • Good knowledge of scripting languages e.g., PowerShell, Python, SQL
  • Familiarity with forensic imaging tools (EnCase, FTK, Cellebrite, Paladin, etc.) and eDiscovery tools (Intella, NUIX, Relativity, etc.) is a plus.
  • Capable of working independently to solve problems under deadlines and to manage multiple projects/priorities under time constraints.
  • Ability to independently undertake moderate domestic/overseas travel with short notice.
  • Proficiency in spoken and written English and Thai.
  • Beneficial certificates: GCFE, GCFA, GCIH, EnCE, CFSR, CISSP, Security+ and CySA+