SOC Specialist

Company Overview Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment. IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments. Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology. This is a hybrid role (3 days in office / 2 days remote). About your team: We are seeking an experienced SOC Specialist to help strengthen, modernize, and optimize our Security Operations capabilities. This role sits at the intersection of security operations, detection engineering, security automation, and incident response. The ideal candidate is passionate about improving SOC effectiveness through better detection logic, SIEM/XDR optimization, automation, threat detection engineering, and operational process improvements. You will play a key role in reducing alert fatigue, improving signal-to-noise ratio, accelerating response times, and enhancing overall security visibility across the enterprise. This position requires hands-on experience with enterprise security technologies, log analytics, threat detection, incident investigations, and security automation platforms. What will be your responsibilities within IBKR: Security Monitoring & Incident Response Monitor, analyze, investigate, and respond to security alerts and incidents across enterprise environments. Perform triage and escalation of security events in accordance with incident response procedures. Conduct root cause analysis and document findings, containment actions, and remediation recommendations. Participate in incident response activities, including malware investigations, insider threat investigations, and account compromise incidents. Support threat hunting and proactive detection activities. Detection Engineering Develop, tune, and optimize SIEM detection rules, correlation searches, analytics, and alerting mechanisms. Create and maintain high-fidelity detections mapped to MITRE ATT&CK techniques and adversary behaviors. Continuously improve detection coverage across endpoints, cloud platforms, identity systems, networks, and applications. Measure and improve detection effectiveness through detection engineering metrics and validation exercises. Reduce false positives and improve alert quality through continuous tuning and optimization. SIEM, XDR & Security Platform Management Administer and optimize security monitoring platforms including SIEM, XDR, EDR, NDR, and cloud security tooling. Maintain log ingestion pipelines, data normalization, parsing, enrichment, and retention strategies. Validate health, performance, and scalability of security monitoring infrastructure. Collaborate with infrastructure, cloud, and application teams to onboard new log sources and security telemetry. Security Automation & SOAR Design, develop, and maintain SOAR playbooks and automated response workflows. Automate repetitive SOC tasks to improve analyst efficiency and reduce response times. Integrate security tools using APIs, scripting, and workflow orchestration platforms. Develop automated enrichment, containment, and investigation processes. Threat Intelligence & Threat Hunting Leverage threat intelligence feeds and indicators of compromise (IOCs) to improve detection capabilities. Conduct threat hunting activities using endpoint, network, cloud, and identity telemetry. Research emerging threats, attacker techniques, and vulnerabilities affecting the organization. Assist with purple team exercises and detection validation efforts. Security Operations Improvement Identify opportunities to improve SOC processes, workflows, runbooks, and operational metrics. Develop and maintain SOC documentation, playbooks, and standard operating procedures. Support vulnerability management initiatives and risk-based remediation efforts. Contribute to SOC maturity improvements aligned with industry frameworks and best practices. Security Operations Overall 8+ years of experience of which 3+ years of experience in a Security Operations Center (SOC), Detection Engineering, Incident Response, or Cyber Defense role. Strong understanding of incident detection, triage, investigation, containment, and response processes. Experience analyzing security events from multiple data sources including endpoints, network devices, cloud platforms, and identity providers. SIEM & Security Monitoring Hands-on experience with one or more SIEM platforms: Splunk Enterprise Security Sentinel One Singularity Data Lake Microsoft Sentinel QRadar LogRhythm Elastic Security Google Chronicl Which skills are required: Palo Alto Networks Cisco Security products Fortinet Check Point Zscaler Cloud Security Experience monitoring and securing cloud environments: AWS Microsoft Azure Google Cloud Platform (GCP) Understanding of: Cloud-native security controls IAM Cloud logging and monitoring Cloud threat detection Operating Systems Strong working knowledge of: Windows Server Active Directory Microsoft Entra ID (Azure AD) Linux administration and security Scripting & Automation Experience developing automa