Digital Forensics & IR Analyst

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

Position Overview:

We are seeking an experienced Digital Forensics & IR Analyst to join our Cyber Defense capability, with a primary focus on Digital Forensics and Incident Response (DFIR). This role is responsible for conducting in-depth forensic investigations, evidence preservation, attack reconstruction, and root cause analysis, while supporting the SOC and Incident Response teams during complex and high severity incidents.

Key Responsibilities

Digital Forensics & Investigations

• Run and execute forensic investigations involving endpoints, servers, network traffic, cloud platforms, and authentication systems
• Perform forensic data acquisition and preservation, ensuring proper chain-of-custody and evidentiary integrity
• Conduct timeline reconstruction, artifact analysis, and attack path analysis to determine scope, impact, and root cause
• Analyze disk, memory, logs, and security telemetry to identify attacker techniques and dwell time
• Support post incident‑ root cause analysis (RCA) and contribute to long term remediation recommendations

Incident Response & SOC Operations

• Support incident response activities for security events including malware, phishing, endpoint compromise, suspicious access, and network based‑ attacks
• Perform alert triage and investigation using SIEM and EDR platforms, escalating complex cases to senior IR or DFIR personnel
• Execute incident response playbooks during active incidents, following defined investigation and escalation procedures
• Perform deep dive log analysis across Windows, Linux, network, and cloud environments
• Validate and enrich Indicators of Compromise (IOCs) using internal tools and threat intelligence sources
• Correlate activity across SIEM, EDR, network, and authentication logs to identify scope and impact

 Documentation & Reporting

• Produce high quality forensic reports, investigation summaries, and executive level-incident documentation
• Ensure investigations meet internal, regulatory, and audit requirements
• Support legal, compliance, and regulatory teams by providing defensible forensic evidence when required
• Maintain accurate incident and investigation documentation within the incident management system
• Assist in preparing incident reports, forensic summaries, and lessons learned documentation
• Ensure investigations meet internal quality, audit, and compliance expectations

 Learning & Collaboration

• Work closely with SOC analysts, Incident Responders, and senior DFIR engineers
• Continuously build DFIR skills through hands-on investigations and training.
• Stay current with attacker techniques, forensic methods, and SOC best practices

Required Skills & Experience

• 2+ years of hands-on experience in DFIR, Incident Response, and Security Investigations
• Strong experience with Host, memory and network-based forensics.
• Proficiency with SIEM and EDR platforms for investigation and correlation
• Solid understanding of Windows, Linux, and networking.
• Experience handling complex and high severity security incidents
• Strong analytical and documentation skills with attention to evidentiary detail

Preferred Qualifications

• Hands-on experience with forensic tooling (disk, memory, log, or network analysis tools)
• Forensics Tools: Encase, FTK, X-Ways, Autopsy, Magnet Axiom, Nuix, Cellebrite etc.
• Malware Analysis Tools: DA Pro, Yara, volatility, Ghidra, etc.
• Familiarity with legal hold, eDiscovery, and regulatory response workflows
• Relevant certifications: GCFE, GCED, GCIH, GCIA, GNFA

Key Competencies

• Analytical thinking: Ability to perform root cause analysis (RCA).
• Communication: Ability to communicate technical risks to stakeholders.
• Collaboration: Working with IT teams to improve security posture. 

 Technical Environment:

• SIEM platforms
• EDR solutions
• Network monitoring tools
• Incident management systems

 Work Requirements:

• Willingness to work outside of standard working hours.
• Incident response handling
• Alert triage and escalation
• Documentation and reporting
• Team collaboration

 Growth Path:

• Advanced IR certification support
• Threat hunting training
• Technical skill development
• Senior analyst progression