Senior Incident Response & Digital Forensics Engineer; DFIR | Technology-Driven Quantitative T

[c. $400-550k Comp Package | Hybrid Working]

We’re working with one of the most technically rigorous investment firms in the world as they continue to build out a global, elite cyber defence capability. This role sits within a highly trusted security function and focuses on hands‑on incident response and digital forensics at serious scale - not policy writing, not box‑ticking, and not people management per say. This is a senior individual contributor position for someone who thrives in complex investigations, is deeply comfortable at the command line, and wants real ownership over how DFIR is executed in a modern, high‑performance environment.

You’ll work directly with senior security leadership to investigate incidents across global systems, improve tooling and automation, and help define how advanced response and forensic work is done long‑term...

• Lead and execute end-to-end incident response investigations, from initial signal through containment, root cause analysis, and post-incident learning
• Perform deep forensic examinations across endpoints, servers, and enterprise platforms to reconstruct attacker activity and determine true scope and impact
• Conduct detailed post-incident analysis, translating technical findings into actionable insights and long‑term defensive improvements
• Build, extend, and automate DFIR workflows - particularly in Windows-heavy environments, with scripting used to scale response capability
• Partner closely with the incident commander and senior security engineers to evolve global IR processes, playbooks, and tooling
• Communicate clearly and credibly with both highly technical peers and senior non-technical stakeholders during high-pressure incidents
• Contribute to custom detection and protection controls informed by real investigation experience, not theoretical threat models

• 5-10+ years of hands‑on experience in incident response, digital forensics, or advanced security operations within complex environments
• Proven ability to independently run serious DFIR investigations, including determining attacker techniques, timelines, and blast radius
• Strong command-line proficiency (this is explicitly assessed during interview) across Windows and Linux systems
• Deep familiarity with Windows internals, endpoint artefacts, memory/disk analysis, and enterprise logging sources
• Comfort working in mixed Windows/Linux estates at scale
• Demonstrated interest and capability in automation and scripting, using code to improve response speed, accuracy, and repeatability
• Confidence operating as a senior individual contributor, influencing outcomes without formal management responsibility
• Ability to write clear, defensible incident reports and explain complex findings to non-security audiences under pressure
• Intellectual curiosity - someone who wants to understand why something happened, not just close the ticket

Mid‑Senior level

Full‑time

Information Technology, Finance, and Engineering

Financial Services, Capital Markets, and Investment Management