Cyber Forensics Senior Investigator - Vice President

Cyber Forensics Senior Investigator (Vice President) – Jacksonville, FL

At Deutsche Bank, the Information Security Threat Operations (ISTO) team defends a global enterprise against thousands of daily intrusion attempts. You will join the Advanced Threat Response (ATR) group, an elite unit of specialists in digital forensics, malware analysis, and threat hunting. As a Senior Investigator for Cyber Forensics & Incident Response, you will investigate sophisticated cyber threats—including advanced persistent threats (APTs) and insider risk scenarios—to strengthen the Bank’s resilience against evolving threats.

• A diverse and inclusive environment that embraces change, innovation, and collaboration
• A hybrid working model with flexibility to work in‑office or from home, generous vacation, personal and volunteer days
• Employee Resource Groups supporting an inclusive workplace and community engagement
• Competitive compensation packages including health and wellbeing benefits, retirement savings plans, parental leave, and family‑building benefits
• Educational resources, matching gifts and volunteer programs

• Conduct and oversee complex, forensically sound investigations into security incidents such as network intrusions, malware infections, data exfiltration, and insider threats
• Execute expert‐level collection and analysis of digital evidence from volatile memory (RAM), disk images (Windows, Linux, macOS), network packet captures, and enterprise‑wide log data
• Serve as a key technical lead during critical security incidents, partnering with SOC, malware analysts, and threat hunters to identify threat actor TTPs, contain threats, and support remediation efforts
• Translate complex technical findings into clear, concise reports for technical peers and senior non‑technical stakeholders, including Legal, HR/Employee Relations, and Compliance
• Enhance the team’s forensic capabilities by developing new analytical techniques and automating workflows and documentation in line with industry best practices

• Act as a local lead and technical advisor/mentor for junior forensic investigators, malware analysts, and threat hunters, ensuring high‑quality forensic analysis and fostering technical excellence
• Drive cross‑functional collaboration between the ATR group and interfacing functions such as Threat Intelligence and Red Team to ensure a unified response to threats
• Serve as the local point of contact for the ATR group in the USA, coordinating effectively with partners across the Bank to manage expectations and deliver clear, impactful results

• Significant, proven experience conducting full‑life‑cycle digital forensics and incident response (DFIR) investigations in an enterprise environment
• Hands‑on expertise with industry‑standard forensic tools (e.g., EnCase, FTK, X‑Ways, SIFT Workstation) and methodologies for disk, memory, and log analysis; strong command of Windows artifacts is essential
• Deep understanding of the incident response lifecycle, threat actor methodologies (MITRE ATT&CK Framework), and the interplay between forensics, threat intelligence, and security operations
• Ability to independently scope and manage complex investigations from start to finish, demonstrating persistence and a hypothesis‑driven approach
• A bachelor’s degree in computer science, Information Security, or a related field, or equivalent professional experience; preferred certifications include GCFA, GCFE, GCIH, GREM, CFCE, OSCP, or similar

• Experience with scripting (Python, Power Shell) for automation and analysis, malware reverse engineering, or forensic analysis of non‑Windows systems (Linux, macOS)
• Ability to distill highly complex technical concepts into clear, impactful summaries for executive leadership and non‑technical partners
• Demonstrated composure and decisive leadership during high‑pressure, high‑visibility security incidents
• Natural tendency to partner with and learn from subject matter experts across the security organization, contributing to a stronger, more integrated team

Employees hired into this role will work in the…