# Sr. Security Engineer, Incident Response

**Company:** [Navan](https://hotfix.jobs/companies/navan)
**Location:** Austin, TX
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** Crowdstrike Falcon, Edr, SIEM, Soar, Tines, Mitre Att&Ck, Cyberhaven Dlp, IAM, Incident Response, Security Engineering
**Posted:** 2026-06-18

> Technical lead for incident response, owning containment, remediation, and automation across multi-cloud environments. Requires 5+ years in IR/SOC roles and strong experience with CrowdStrike and SIEM platforms.

## Job Description

## What You’ll Do

**Incident Response Leadership:** Act as the primary Incident Lead during high-severity events. Own the end-to-end response lifecycle: driving triage, containment, evidence capture, and post-incident root-cause analysis.

**Automation & SOAR Engineering:** Use Tines to build and design workflows that automate triage, enrichment, and containment actions, significantly reducing operational toil and improving time-to-contain.

**Detection & Endpoint Monitoring:** Manage and fine-tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high-precision, low-latency coverage against modern adversary tradecraft.

**Data Protection & Visibility:** Monitor and respond to data risks across endpoints, identity, and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes.

**Architecture Partnership:** Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry, encryption, authentication, and response playbooks from day one.

**Emergent Threats:** Evaluate and design response strategies for frontier security concerns, such as automated agents or bots operating across infrastructure at scale.

**On-Call Rotation:** Actively participate in the scheduled Incident Response on-call rotation, ensuring reliable coverage and operational readiness for emergent threats.

## What We’re Looking For

- 5+ years of experience in a dedicated Incident Response, SOC, or Security Engineering role, with a proven track record of leading high-severity incident containment in fast-paced environments
- Strong familiarity with the MITRE ATT&CK framework, modern adversary tactics, techniques, and procedures (TTPs), and common attack vectors targeting SaaS platforms
- Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms
- Excellent leadership skills with the ability to remain calm under pressure, coordinate cross-functional teams (Engineering, Legal, PR), and clearly communicate complex technical risks to stakeholders

## Similar roles

- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Software Security Engineering Manager, Secure Frameworks](https://hotfix.jobs/jobs/26e1ecde-76c2-491f-951c-78e9c075c076) - Anthropic - San Francisco, CA - $405k – $485k/yr
- [Founding Security Engineer](https://hotfix.jobs/jobs/6deb6526-e0c3-42a9-9c29-360c4354d869) - Forus - New York, NY
- [Manager, Supply Chain Protection & Loss Intelligence](https://hotfix.jobs/jobs/9e3a84ce-58cf-480f-bf1d-6fefa2cf89bf) - Flexport - Miami, FL
- [Physical Security Manager](https://hotfix.jobs/jobs/053f4772-7be2-438c-b890-e7752ae44a12) - Crusoe - Dallas, TX

**Apply:** https://hotfix.jobs/jobs/5cabde53-ae9e-4c8e-b82f-f763986860d9
**Canonical:** https://hotfix.jobs/jobs/5cabde53-ae9e-4c8e-b82f-f763986860d9