Senior Forensics Investigator - Global Security Organization

- Investigate both insider threats with user behavior analysis and external threats with root cause analysis to determine intent, vector, scope, and affected assets.
- Acquire and preserve network, host, mobile, and cloud evidence using forensically sound techniques to support legal or disciplinary processes.
- Perform host-based forensic analysis of Windows, macOS, and Linux devices as well as iOS and Android mobile devices.
- Acquire and analyze cloud artifacts from Azure, AWS, Google Cloud and internal platforms.
- Analyze telemetry across EDR/HIDS, DLP, firewall/proxy/VPN/DNS/flow logs, and internal platform logs to identify staging, access, exfiltration, or misuse patterns.
- Correlate data across sources to build timelines, entity relationships, and causality chains that support findings.
- Produce technical findings that stand up to scrutiny.
- Produce and communicate executive-level findings and recommended actions to non-technical stakeholders such as Legal, Compliance, HR, and senior leadership.
- Drive proactive threat discovery and hunting by mining telemetry to surface suspicious behaviors and emerging patterns.
- Propose and refine detection rules, monitoring use cases, and investigation playbooks based on lessons learned during investigations.
- Maintain forensic lab equipment, imaging tools, and evidence storage procedures.
- Develop and maintain automation and scripts to speed evidence processing, parsing, and reporting.
- Coordinate large-scale or cross-functional forensic efforts and manage external vendors as needed.
- Mentor and train junior analysts and contribute metrics and post-incident reviews to improve response maturity.

Qualifications

Minimum Qualifications:
- Hands-on DF/IR or equivalent investigation experience across endpoints, network, cloud, and internal platform logs.
- Strong log analytics using SIEM or log-query platforms, with ability to query, pivot, and correlate large and noisy datasets.
- Practical experience with EDR/HIDS and endpoint telemetry interpretation.
- Experience identifying and investigating data exfiltration and data misuse across cloud, endpoint, network, and internal systems.
- Ability to acquire and preserve evidence with documented chain-of-custody and forensic controls.
- Ability to produce defensible, reproducible investigations with clear reasoning and evidence traceability.
- Scripting or automation skills such as Python, JQ, or SQL to accelerate investigations.
- Experience leading investigations, coordinating stakeholders, and driving cases to closure.
- Strong analytical skills for data mining and anomaly detection in large datasets.

Preferred Qualifications
- 5+ years in a Digital Forensics or Incident Response role.
- Experience with mobile forensics and cloud platform acquisition and analysis.
- Experience operating in regulated environments and supporting audits or evidence requests.
- Familiarity with AI-assisted investigation tools for triage, log summarization, report drafting, and automation.
- Advanced scripting and query skills for automation and custom parsing.
- Experience coordinating or providing evidence for legal or disciplinary processes, or testifying in legal settings.
- Relevant certifications such as GIME, GCFE, GCFA, EnCE, or similar.

Client-provided location(s): Singapore

Job ID: TikTok-7619354844582775045

Employment Type: OTHER

Posted: 2026-03-20T20:31:37