About Blackpanda

Blackpanda is a Lloyd’s of London–accredited insurance coverholder and Asia’s leading local cyber incident response firm, delivering end-to-end digital emergency support across the region. We are pioneering the A2I (Assurance-to-Insurance) model in cybersecurity — uniting preparation, response, and insurance into a seamless pathway that minimizes financial and operational impact from cyber attack.

Through expert consulting services, response assurance subscriptions, and innovative cyber insurance, we help organisations get ready, respond, and recover from cyber attacks — all delivered by local specialists working in concert.

Our mission is clear: to bring complete cyber peace of mind to every organisation in Asia, from the first moment of breach through full recovery and beyond.

We live by the following core values:

• Sincerity: If we say we’ll do it, it’s as good as done.
• Unity: Debate fiercely, then commit fully. We all row in the same direction.
• Efficiency: Timing beats speed, precision beats power, and leverage beats strength.
• Humility: Humility forms the basis of honor. We listen, then we act, and then we listen again.
• Grit: We don’t sugarcoat setbacks or bad news. We face challenges head-on and don’t quit when things get tough.

Your Mission: Senior Software Engineer – Blackpanda Technology & Response Platform

You will build the core technology that powers Blackpanda's cyber incident response capability across Asia. This is fundamentally a systems and backend engineering mission—designing robust, scalable components, services, and indexing systems to transform raw forensic and log data into structured, queryable evidence under extreme time pressure. You will also build the surrounding platform, including the AWS infrastructure and the core web application that orchestrates our end-to-end response. Your work will directly and materially shorten the time between a customer activating IR-1 and our responders having a fully-populated, searchable investigation environment. You will be building a platform that brings clarity and operational control to chaos, directly supporting our mission of cyber peace of mind.

About the Role and Core Responsibilities

Location: Hong Kong

Department: Technology / Engineering

Employment Type: Full-Time

• Platform Backend Engineering — Developing and owning backend services and APIs for the IR-1 platform, built on TypeScript/Next.js. This includes core business logic, integration with downstream response infrastructure, callback handling, async job orchestration, and admin UI surfaces.
• Event Processing Systems — Designing and operating high-throughput systems for ingesting, classifying, and processing forensic and log data, including parsing, transformation, and event routing.
• Go-based Service Development — Writing and maintaining performance-critical backend services in Go, including parsers for binary/semi-structured data and log normalisation tools.
• Search and Data Indexing — Implementing robust bulk-indexing strategies into OpenSearch, focusing on schema design, query optimization, retention, and data quality.
• System Reliability and Observability — Ensuring high throughput, reliability, and operability of all systems, including designing for retry semantics, dead-lettering, and graceful handling of malformed inputs.
• AWS infrastructure — Maintaining and extending AWS response stack: ECS Fargate task definitions, S3 with versioned storage, IAM, OpenSearch sizing, EC2 file servers, all managed through Terraform / OpenTofu Infrastructure-as-Code.
• Forensic collection tooling — automated generation of host data collection configurations tailored to per-case scope (Velociraptor offline collectors are the current example; you do not need prior Velociraptor experience).
• Working directly with responders — Sitting close enough to the people using what you build to understand their workflows, remove manual steps, and iterate on what they actually need.

Minimum Requirements – This Is Your Entry Ticket

• 5+ years of professional software engineering experience (or 3–5 years if strong across the stack and clearly motivated by the work).
• Strong Backend Systems Instincts: comfort with structured and semi-structured event data, schema design, bulk ingestion patterns, and reasoning about throughput, reliability, and security under load.
• Production experience with AWS — ECS, S3, IAM, RDS, Secrets Manager.
  • Infrastructure-as-code experience with Terraform or OpenTofu.
• Strong Golang for backend services — or equivalent depth in another systems-level language.
• Strong TypeScript with production experience in Node.js, Next.js, or a comparable server-side TypeScript framework.
• Strong written and verbal English.

Preferred Qualifications – What Sets You Apart

• Deep production experience with PostgreSQL, Redis, and async job systems (BullMQ, Sidekiq, Celery, SQS, or similar) used within a modern web application stack.
• Hands-on experience building or operating robust, high-volume backend services, event-driven architectures, or complex systems integration.
• Familiarity with systems for structured/semi-structured event processing or search/analytics backends like OpenSearch / Elasticsearch / Splunk / Datadog.
• Familiarity with general systems tooling like Kafka, Kinesis, Vector, or similar high-throughput queueing or stream processing systems.
• Scripting experience (e.g., Python, Bash) for ad-hoc automation, tooling, or AWS glue code.
• Domain exposure to security work — DFIR, SOC tooling, SIEM/SOAR, EDR/XDR, MDR, threat detection, or similar. We can teach you the domain if you bring the engineering.
• Familiarity with Velociraptor, Timesketch, or other open-source DFIR tooling.
• Experience handling offline forensic collections (memory captures, disk images, triage packages).
• Prior time at an MSSP, MDR provider, IR consultancy, EDR/XDR vendor, or DFIR product team.

What You'll Get

• High-impact ownership of the engineering that directly accelerates Blackpanda's incident response delivery across APAC.
• Modern stack and clean architecture on the response-tooling side — you build it, you ship it.
• Small, senior engineering team. Short feedback loops, real autonomy, no committee-driven design.
• Competitive base salary, benefits, and learning budget. Compensation calibrated to local market.

How We Work

• We use Claude/ Cursor and modern AI tooling heavily; we expect engineers to be comfortable working with AI as part of their daily flow.
• Engineering work is tracked in Jira with clear acceptance criteria and PR-linked tickets.
• Code review is standard, not optional. Small, reviewable PRs preferred over big drops.
• Continuous deployment to AWS via GitHub Actions.

We know, it’s a big list. But we’re not here to check boxes. At Blackpanda, what matters most is your mindset: the grit, discipline, and calm-under-fire required to operate when others freeze. If you've been forged through experience, sharpened by adversity, and you're ready to push even further, we want you on this team.