Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

The role

Our Incident Response Technical Leads are a critical part of our Cyber Security division's success. As a Technical Lead, and a subject matter expert, you will deploy your incident response expertise in a senior delivery role across our incident response services. You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Supporting technical incident response from first contact through to closure: you will be the primary technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team.
• Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.
• Technical evidence collection from clients’ environments to prepare for forensic investigations.
• Providing containment and recovery advice to Client’s during and after cyber incidents.
• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing your expertise with the wider cyber team through internal initiatives and programs.
• Occasionally, you may also be required to provide overarching project management support, including coordinating non-technical workstreams, and providing verbal or in-person client updates.
• Participating in an on-call rotation with the rest of the global cyber team to provide 24x7x365 client incident coverage.

Other features of the role include:

• Leadership: As a senior technical lead, you’ll have an opportunity to help lead the rest of the APAC incident response team, act as an escalation point for more junior colleagues, and help ensure work produced by the team meets quality standards.
• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients. You will have exposure to both regional and international cyber incidents.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.

We're looking for:

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.
• Strong domain knowledge across computer systems and networks, including:
• Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)
• Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
• Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)
• Endpoint Detection & Response solutions.
• The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.
• Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
• You are comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so, e.g. through your own research projects or prior experience.
• A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
• Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
• It is preferred (but not required) that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is also beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
• A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.

The successful candidate must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
• Company-paid private medical and dental insurance. (Further details coming soon.)
• Company-paid maternity, paternity and fertility treatment leave.
• Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year.

The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.

MULTILINGUAL RESEARCH ANALYST, KUALA LUMPUR 

WHO ARE WE

S-RM is a corporate intelligence and risk consulting firm that works with leading businesses, government agencies, financial services and law firms worldwide. As an APAC-focused Due Diligence Analyst, you will be part of our Investment Migration team, helping government agencies that run citizenship and residency-by-investment programmes understand and manage their exposure to money laundering and corruption concerns, meet legal and regulatory requirements, and safeguard their commercial reputations.

THE ROLE

At S-RM, we’re proud to say our investigative training is amongst the best in the industry. You’ll have some of the brightest colleagues to support you - former journalists, economists, lawyers, financial analysts, scientists, military and intelligence professionals. Collectively, our people speak more than 40 languages.

Working as a part of an experienced team, you will research, analyse and write up complex, and sometimes controversial, media and human source insight to aid our investment migration and banking clients in making impactful decisions at the investor onboarding stage.

We are looking for someone who is adaptable, can be part of a team and wants to grow with the business. In this role, you are likely to take on the following tasks on a day-to-day basis:

Researching and writing English-language compliance and intelligence reports on companies and individuals for due diligence and investigatory purposes;

Providing subject matter expertise on the political, regulatory and corporate risk environments in major economies in the APAC region, with a focus on China;

Conducting research in Chinese; and

Presenting to managers and clients.

The role will be based at our Kuala Lumpur office. However, we have flexible working arrangements available.

WHAT WE’RE LOOKING FOR

We think candidates with the following skills and experience are likely to succeed as a Due Diligence Analyst at S-RM.

That said, if you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

We’re looking for someone that is able to adapt to change and work comfortably in a fast-paced environment, this person will have some or all of these skills:

• Excellent research and investigative skills;
• Fluency in English;
• Professional working proficiency (i.e. ability to read and research) in Chinese is highly desirable. Professional working proficiency in Vietnamese, Indonesian, Thai, or Burmese is desirable but not essential;
• As a minimum, a bachelor’s degree. Relevant degrees may include but are not limited to: economics, international relations, law, finance, political science, or similar; or equivalent work experience.
• Experience working in the corporate intelligence, due diligence, or investigations sector is highly desirable.

All candidates must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 20 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 25 days in total);
• Hybrid working and flexible working hours;
• EPF (Employees Provident Fund with a contribution rate of 12% employer & 11% employee;
• Life Insurance 4X annual salary.
• Parental Support:
• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Various Health and Medical Benefits including:
• Private dental and medical insurance (taxable benefit) for you and your family;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app

THE APPLICATION PROCESS

To apply for this role, please submit an up-to-date CV and a cover letter tailored to this job description, outlining why you think you are a great fit for the Due Diligence Analyst role, our team and S-RM, through this ad directly.

The application process will include:

1. A preliminary call, which will be a chance for you to find out more about S-RM and the role.
2. A written research and assessment task. This will assess your analytical and writing skills and give you a better sense of the work we do.
3. First Interview – a remotely run skills focussed interview.
4. Second interview - a remotely run skills focussed interview.

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.

WHO WE ARE

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped we’ve helped companies, governments and private individuals solve some of their most complex challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing bright, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

Our Investment Migration team helps government agencies that run citizenship and residency-by-investment programmes to understand and manage their exposure to money laundering and corruption, meet legal and regulatory requirements, and safeguard their reputations.

THE ROLE 

We have a new and exciting Associate role available within our Corporate Intelligence division in Kuala Lumpur. The successful candidate will join S-RM’s APAC-specialist Investment Migration team, managing a diverse and complex caseload and supporting the development of a team of high performing Analysts. This team services some of S-RM’s largest clients globally and contributes to the growth and success of the business. Our casework touches on some of the most challenging money laundering and compliance issues at play in the APAC region today.

The successful candidate for the Associate role will be highly focused on case management and team development. You will be expected to promote best practice relating to research, assessment and methodology and ensure delivery aligns with the high expectations of our clients.

The responsibilities of the successful candidate will likely include:

• Conducting and managing open source and human source-led due diligence investigations;
• Editing reports written by analysts for factual accuracy, technical analysis, and narrative flow;
• Scoping projects and tasking source enquiries;
• Responding to client queries about submitted deliverables, and providing clients with ad hoc insights on relevant regional trends;
• Delivering constructive feedback and managing performance;
• Training and development of more junior members of the team; leading best practice on research and source analysis.

We’re looking for someone that is able to adapt to change and work comfortably in a fast-paced environment, with the following experience and qualifications:

• Ideally direct experience in the Corporate Intelligence industry, however we will consider demonstrable equivalent experience in a relevant industry, which includes but is not limited to: law, finance, political science, journalism, economics, or international relations;
• Experience of working on investigative/due diligence projects on subjects in the APAC region;
• In-depth understanding of political and commercial dynamics in one or more APAC jurisdictions;
• Excellent written and spoken English;
• Excellent understanding of research and investigative skills required to conduct open-source investigations;
• Proven ability to effectively plan, staff, and manage projects of varying complexities within budget and timelines, as well as being accountable for the work of other team members, quality assurance, and client deliverables;
• A working knowledge of financial and commercial concepts, as well as an understanding of money laundering, financial crime, and corruption (desirable)
• Professional competence in an Asia-Pacific language, particularly Chinese, would be desirable but not essential.

All candidates must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 20 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 25 days in total);
• Hybrid working and flexible working hours;
• EPF (Employees Provident Fund with a contribution rate of 12% employer & 11% employee;
• Life Insurance 4X annual salary.
• Parental Support:
• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Various Health and Medical Benefits including:
• Private dental and medical insurance (taxable benefit) for you and your family;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

Working in cyber at S-RM

Our Cyber Security team is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Managed Services, Risk & Resilience, and Incident Response practices are in more demand than ever.

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

The role

Our Offensive Security Consultants support our delivery consultants running our offensive security services. They help to interpret client challenges, innovate solutions, and deliver findings. Our aim is to become trusted advisors to our clients.

You will work across the full spectrum of our pen testing services, whether point in time or continuous, as well as participate in larger engagements such as red teams. You will help our clients to build cyber resilience, enhance their understanding of the threat landscape and become better prepared to face dynamic and evolving security risks.

1.1 MAIN DUTIES AND RESPONSIBILITIES

Client Engagement and Account Management

• Engage with clients to understand their cyber security challenges

• Translate client challenges into solutions that fit S-RM’s Offensive Security service offering and value proposition

• Develop an understanding of delivery timelines, project resourcing requirements and pricing

• Understand S-RM’s proposal process and lead on proposal writing and presentations in some cases

• Contribute to the expansion of client accounts and winning of new business

• Gain an understanding of S-RM’s target sectors and industries

Offensive Security 

• Penetration testing

  • Vulnerability assessments and monitoring

  • External infrastructure

  • External Attack Surface Management

  • Web application

  • API pentesting

  • Phishing and spear phishing

  • Internal pentesting

  • Mobile application pentesting (Android and iOS)

  • OT Pentesting

  • IOT Pentesting

  • Cloud Pentesting

  • Open-Source Intelligence (OSINT) gathering

• Configuration Reviews

  • Cloud configuration review

  • Application configuration review

  • Hardware build review

  • Firewall review

• Delivery & Client communications

  • Deliver findings in a range of formats, including written reports, presentations, and verbal briefings

• Threat Intelligence

  • Keep abreast of threat intelligence developments, threat actor activity and security industry developments in mitigations and tooling

  • Develop and deliver client threat profiles, threat assessments and dark web analysis

Project Management

• Support vCISO engagements, accessing the full range of S-RM’s resources and expertise

• Collaborate with incident response, ethical hacking, and digital forensics teams to integrate our services and support to clients

• Support the delivery of retainer relationships

• Support the delivery of the Attack Surface Management (ASM) service

Internal Initiatives and Strategy

• Support internal initiatives on product development, process management, tech enablement, efficiency and exploring different ways to support clients

• Contribute to the adaption of security frameworks to create innovative products

• Challenge received wisdom and existing products and services. Suggest alternative approaches where appropriate

  • Develop documentation and evolve the testing methodologies where applicable

Professional Development and Domain Knowledge

• Commit to continuous professional development and personal knowledge improvement across the full range of cyber security competencies, in line with personal utilisation targets (see Objectives)

• Complete up to one formal training course over the financial year. This is beyond internal training sessions

• Share knowledge with the wider team in line with company values, including contributing to internal training initiatives and programmes

Our benefits

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
• Company-paid private medical and dental insurance. (Further details coming soon.)
• Company-paid maternity, paternity and fertility treatment leave.
• Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year.
  
  The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.

ASSOCIATE (FORENSICS LEAD), INCIDENT RESPONSE APAC

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us

The role

Our Incident Response Associates are a critical part of our Cyber Security division's success.

As a Forensics Lead on our Incident Response team, you will deploy your expertise in a delivery role across our various incident response services, with a particular focus on forensic investigations into complex cyber incidents.

You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Supporting technical incident response from first contact through to closure: you will be a technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. You may also be supported by more senior technical team members where appropriate.

Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses..

• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24x7x365 client incident coverage.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.

We're looking for:

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.
• A fundamental understanding of computer systems and networks, including:
  • Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)
  • Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
  • Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)
  • Endpoint Detection & Response solutions.
• The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.
• Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
• A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
• Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
• It is preferred, but not required, that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
• A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.

The successful candidate must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. 
• Company-paid private medical and dental insurance. 
• Company-paid maternity, paternity and fertility treatment leave.

Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a yea

The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.