Job Description Job Purpose The ICE Cybersecurity Digital Forensics and Incident Response (DFIR) team safeguards critical financial infrastructure from global cyber threats. We utilize a dynamic arsenal of controls demanding technical expertise, tenacity, professionalism, and strong communication skills. This role includes advanced analysis, threat hunting, and enhancing the quality of detection and response mechanisms. You will join the Global Information Security Team in a “follow the sun” environment. Responsibilities Security Analytics: Extract actionable insights from extensive data sets for reporting, threat hunting, and detecting anomalies. Incident Management: Detect, document, investigate, and resolve security incidents. Endpoint Forensics: Create detailed incident timelines through forensic artifact analysis. Counter Measures: Design and implement preventive and corrective controls to address emerging threats. Proactive Threat Hunting: Develop and execute strategic plans to identify advanced threats that bypass traditional security measures. Behavioral Analysis: Establish and apply criteria to detect anomalous user behaviors that suggest insider threats. Intrusion Detection: Develop and refine network anomaly detection capabilities to provide reliable, actionable data. Knowledge and Experience University degree in Cybersecurity, Engineering, MIS, CIS, or related discipline. Strong analytical and communication skills to document processes and actions taken to complete each assignment. Ability to work well within a team environment and an interest in deepening knowledge of Information Security principles. Experience or working knowledge of SIEM engineering, Security Monitoring, Threat Hunting, Incident Response, Forensics, and related areas of expertise. Experience in an Exchange, Trading Facility, or Financial Services - a plus. Relevant industry certifications such as GIAC Certified Incident Handler (GCIH), Certified Forensic Analyst (GCFA), Certified Forensic Examiner (GCFE), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), or equivalent certifications is a plus. Schedule This role offers work from home flexibility of one day per week.