Techfellow Limited
Senior Incident Response & Digital Forensics Engineer (DFIR) | Technology-Driven
Techfellow Limited, New York, New York, us, 10261
[c. $400-550k Comp Package | Hybrid Working]
Role Overview We’re working with one of the most technically rigorous investment firms in the world as they continue to build out a global, elite cyber defence capability. This role sits within a highly trusted security function and focuses on hands‑on incident response and digital forensics at serious scale - not policy writing, not box‑ticking, and not people management per say. This is a senior individual contributor position for someone who thrives in complex investigations, is deeply comfortable at the command line, and wants real ownership over how DFIR is executed in a modern, high‑performance environment. You’ll work directly with senior security leadership to investigate incidents across global systems, improve tooling and automation, and help define how advanced response and forensic work is done long‑term...
Key Responsibilities
Lead and execute end-to-end incident response investigations, from initial signal through containment, root cause analysis, and post-incident learning
Perform deep forensic examinations across endpoints, servers, and enterprise platforms to reconstruct attacker activity and determine true scope and impact
Conduct detailed post-incident analysis, translating technical findings into actionable insights and long‑term defensive improvements
Build, extend, and automate DFIR workflows - particularly in Windows-heavy environments, with scripting used to scale response capability
Partner closely with the incident commander and senior security engineers to evolve global IR processes, playbooks, and tooling
Communicate clearly and credibly with both highly technical peers and senior non-technical stakeholders during high-pressure incidents
Contribute to custom detection and protection controls informed by real investigation experience, not theoretical threat models
What You’ll Bring…
5-10+ years of hands‑on experience in incident response, digital forensics, or advanced security operations within complex environments
Proven ability to independently run serious DFIR investigations, including determining attacker techniques, timelines, and blast radius
Strong command-line proficiency (this is explicitly assessed during interview) across Windows and Linux systems
Deep familiarity with Windows internals, endpoint artefacts, memory/disk analysis, and enterprise logging sources
Comfort working in mixed Windows/Linux estates at scale
Demonstrated interest and capability in automation and scripting, using code to improve response speed, accuracy, and repeatability
Confidence operating as a senior individual contributor, influencing outcomes without formal management responsibility
Ability to write clear, defensible incident reports and explain complex findings to non-security audiences under pressure
Intellectual curiosity - someone who wants to understand why something happened, not just close the ticket
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology, Finance, and Engineering
Industries Financial Services, Capital Markets, and Investment Management
#J-18808-Ljbffr
Role Overview We’re working with one of the most technically rigorous investment firms in the world as they continue to build out a global, elite cyber defence capability. This role sits within a highly trusted security function and focuses on hands‑on incident response and digital forensics at serious scale - not policy writing, not box‑ticking, and not people management per say. This is a senior individual contributor position for someone who thrives in complex investigations, is deeply comfortable at the command line, and wants real ownership over how DFIR is executed in a modern, high‑performance environment. You’ll work directly with senior security leadership to investigate incidents across global systems, improve tooling and automation, and help define how advanced response and forensic work is done long‑term...
Key Responsibilities
Lead and execute end-to-end incident response investigations, from initial signal through containment, root cause analysis, and post-incident learning
Perform deep forensic examinations across endpoints, servers, and enterprise platforms to reconstruct attacker activity and determine true scope and impact
Conduct detailed post-incident analysis, translating technical findings into actionable insights and long‑term defensive improvements
Build, extend, and automate DFIR workflows - particularly in Windows-heavy environments, with scripting used to scale response capability
Partner closely with the incident commander and senior security engineers to evolve global IR processes, playbooks, and tooling
Communicate clearly and credibly with both highly technical peers and senior non-technical stakeholders during high-pressure incidents
Contribute to custom detection and protection controls informed by real investigation experience, not theoretical threat models
What You’ll Bring…
5-10+ years of hands‑on experience in incident response, digital forensics, or advanced security operations within complex environments
Proven ability to independently run serious DFIR investigations, including determining attacker techniques, timelines, and blast radius
Strong command-line proficiency (this is explicitly assessed during interview) across Windows and Linux systems
Deep familiarity with Windows internals, endpoint artefacts, memory/disk analysis, and enterprise logging sources
Comfort working in mixed Windows/Linux estates at scale
Demonstrated interest and capability in automation and scripting, using code to improve response speed, accuracy, and repeatability
Confidence operating as a senior individual contributor, influencing outcomes without formal management responsibility
Ability to write clear, defensible incident reports and explain complex findings to non-security audiences under pressure
Intellectual curiosity - someone who wants to understand why something happened, not just close the ticket
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology, Finance, and Engineering
Industries Financial Services, Capital Markets, and Investment Management
#J-18808-Ljbffr