Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.
This is a hybrid role (3 days in office / 2 days remote).
About your team:
We are seeking an experienced SOC Specialist to help strengthen, modernize, and optimize our Security Operations capabilities. This role sits at the intersection of security operations, detection engineering, security automation, and incident response.
The ideal candidate is passionate about improving SOC effectiveness through better detection logic, SIEM/XDR optimization, automation, threat detection engineering, and operational process improvements. You will play a key role in reducing alert fatigue, improving signal-to-noise ratio, accelerating response times, and enhancing overall security visibility across the enterprise.
This position requires hands-on experience with enterprise security technologies, log analytics, threat detection, incident investigations, and security automation platforms.
What will be your responsibilities within IBKR:
- Security Monitoring & Incident Response
- Monitor, analyze, investigate, and respond to security alerts and incidents across enterprise environments.
- Perform triage and escalation of security events in accordance with incident response procedures.
- Conduct root cause analysis and document findings, containment actions, and remediation recommendations.
- Participate in incident response activities, including malware investigations, insider threat investigations, and account compromise incidents.
- Support threat hunting and proactive detection activities.
- Develop, tune, and optimize SIEM detection rules, correlation searches, analytics, and alerting mechanisms.
- Create and maintain high-fidelity detections mapped to MITRE ATT&CK techniques and adversary behaviors.
- Continuously improve detection coverage across endpoints, cloud platforms, identity systems, networks, and applications.
- Measure and improve detection effectiveness through detection engineering metrics and validation exercises.
- Reduce false positives and improve alert quality through continuous tuning and optimization.
- Administer and optimize security monitoring platforms including SIEM, XDR, EDR, NDR, and cloud security tooling.
- Maintain log ingestion pipelines, data normalization, parsing, enrichment, and retention strategies.
- Validate health, performance, and scalability of security monitoring infrastructure.
- Collaborate with infrastructure, cloud, and application teams to onboard new log sources and security telemetry.
- Design, develop, and maintain SOAR playbooks and automated response workflows.
- Automate repetitive SOC tasks to improve analyst efficiency and reduce response times.
- Integrate security tools using APIs, scripting, and workflow orchestration platforms.
- Develop automated enrichment, containment, and investigation processes.
- Leverage threat intelligence feeds and indicators of compromise (IOCs) to improve detection capabilities.
- Conduct threat hunting activities using endpoint, network, cloud, and identity telemetry.
- Research emerging threats, attacker techniques, and vulnerabilities affecting the organization.
- Assist with purple team exercises and detection validation efforts.
- Identify opportunities to improve SOC processes, workflows, runbooks, and operational metrics.
- Develop and maintain SOC documentation, playbooks, and standard operating procedures.
- Support vulnerability management initiatives and risk-based remediation efforts.
- Contribute to SOC maturity improvements aligned with industry frameworks and best practices.
- Overall 8+ years of experience of which 3+ years of experience in a Security Operations Center (SOC), Detection Engineering, Incident Response, or Cyber Defense role.
- Strong understanding of incident detection, triage, investigation, containment, and response processes.
- Experience analyzing security events from multiple data sources including endpoints, network devices, cloud platforms, and identity providers.
Hands-on experience with one or more SIEM platforms:
- Splunk Enterprise Security
- Sentinel One Singularity Data Lake
- Microsoft Sentinel
- QRadar
- LogRhythm
- Elastic Security
- Google Chronicl
Which skills are required:
- Palo Alto Networks
- Cisco Security products
- Fortinet
- Check Point
- Zscaler
Experience monitoring and securing cloud environments:
- AWS
- Microsoft Azure
- Google Cloud Platform (GCP)
Understanding of:
- Cloud-native security controls
- IAM
- Cloud logging and monitoring
- Cloud threat detection
Strong working knowledge of:
- Windows Server
- Active Directory
- Microsoft Entra ID (Azure AD)
- Linux administration and security
Experience developing automation using:
- Python
- PowerShell
- Bash
- C#
Ability to:
- Consume APIs
- Automate security workflows
- Build integrations between security platforms
Knowledge of:
- MITRE ATT&CK
- Cyber Kill Chain
- NIST Cybersecurity Framework
- Incident Response Lifecycle
- Detection Engineering principles
Preferred Qualifications (Nice to Have)
- Experience building and maintaining SOAR platforms such as:
- Cortex XSOAR
- Splunk SOAR
- Microsoft Sentinel Automation
- Tines
- Swimlane
- Experience with threat hunting methodologies and purple team exercises.
- Experience with adversary emulation and detection validation tools.
- Familiarity with:
- AttackIQ
- SCYTHE
- Atomic Red Team
- Caldera
- Experience supporting:
- Vulnerability management programs
- Exposure management initiatives
- Security control validation
- Experience with cloud security tooling:
- Microsoft Defender for Cloud
- Wiz
- Orca
- Prisma Cloud
- Lacework
- Familiarity with Identity Threat Detection and Response (ITDR) technologies.
- Experience supporting zero trust security initiatives.
- Exposure to DevSecOps, CI/CD security, and container security technologies.
- Knowledge of Kubernetes, Docker, and modern application security concepts.
- Experience working within regulated industries such as financial services, healthcare, or critical infrastructure.
Preferred certifications include:
- CompTIA Security+
- CySA+
- GCIH
- GCIA
- GCFA
- GMON
- CISSP
- SC-200 (Microsoft Security Operations Analyst)
- SC-100 (Microsoft Cybersecurity Architect)
- Splunk Certified Cybersecurity Defense Analyst
- CrowdStrike Certified Falcon Administrator
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, or a related field, or equivalent practical experience.
To be successful in this position, you will have the following:
- Self-motivated and able to handle tasks with minimal supervision
- Superb analytical and problem-solving skills
- Excellent collaboration and communication (verbal and written) skills
- Outstanding organizational and time management skills
Company Benefits & Perks
- Competitive salary, annual performance-based bonus, and stock grant
- Retirement plan 401(k) with competitive company match
- Excellent health and wellness benefits, including medical, dental, and vision benefits, and a company-paid medical healthcare premium
- Wellness screenings and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
- Paid time off and a generous parental leave policy
- Daily company lunch allowance provided, and a fully stocked kitchen with healthy options for breakfast and snacks
- Corporate events, including team outings, dinners, volunteer activities, and company sports teams
- Education reimbursement and learning opportunities
- Modern offices with multi-monitor setups
This role's anticipated base salary range is $110,000 to $140,000 annually, based on skills and experience. The offered salary is just part of the total compensation package. In addition to a competitive salary, the company offers both a discretionary cash bonus and a stock award, as well as a wide range of benefits, including health care, tuition reimbursement, and much more.
Interactive Brokers Chicago, Illinois, USA Office
209 S La Salle St, , Chicago, IL , United States, 60604
Similar Jobs
What you need to know about the Chicago Tech Scene
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory
