Skip to content
FluidstackFluidstackSan Francisco, CA

Manager, Incident Response

Lead incident response as senior commander and escalation lead for AI compute infrastructure. Build and manage 24/7 IR team and on-call program from scratch, handling cross-domain (cyber/physical/OT) incidents with executive, legal, and regulatory communications.

300k – 400k
On-site7+ YOESecurity Engineering

About the role

Role Scope

  • Lead incidents as a senior incident commander in the on-call rotation, and serve as the escalation backstop when a case rises above the responders on call.
  • Own the 24/7 coverage model, rotation discipline, and response SLAs for your US region, keeping the program humane and the bar high at the same time.
  • Build and develop a team of senior incident responders, setting the on-call expectations and quality bar they operate to.
  • Drive executive, legal, and customer communications during declared incidents, including regulated reporting and disclosure timelines.
  • Own the joint operating relationship with Physical Security and Data Center Operations for incidents that cross cyber, physical, and OT surfaces.
  • Run the post-incident review cadence and drive remediation to completion across detection, response, and infrastructure.
  • Hold the bar on the agentic triage layer, defining what the agent escalates and feeding incident learnings back to detection engineering and threat intelligence.

Requirements

  • Led material incidents end to end as a senior incident commander at organizations with sophisticated, well-resourced threat actors.
  • Managed and grown a team of senior responders while staying in the on-call rotation yourself.
  • Designed or run a 24/7 on-call program: coverage models, rotation discipline, acknowledgement and response SLAs, and escalation chains.
  • Move between technical containment and executive, legal, or customer-facing communications during a declared incident without losing the thread.
  • Made disclosure-grade calls under regulatory and customer reporting clocks.
  • Built operating relationships across security, infrastructure, and physical or facilities teams, and led incidents that crossed those boundaries.
  • Well-founded opinions on what makes an on-call program humane and an incident response process effective, and ready to build one from a small senior core.

Nice-to-Haves

  • Incident response bridging cyber, physical, and OT or ICS surfaces.
  • Experience at critical-infrastructure operators, data centers, or 24/7 high-availability environments.
  • Standing up or scaling an IR team and on-call program from scratch.
  • Operating under FedRAMP, SEC, or similar regulated incident-reporting regimes.
  • Agent-augmented IR, including triage, investigation, or response automation.

Skills

Incident ResponseIncident CommandOn-Call ManagementThreat IntelligenceRegulatory ReportingOt SecurityIcs SecurityFedRAMPPhysical SecurityDetection Engineering
Fluidstack

Regional Site Security Lead, Deployment & Ops

FluidstackSan Francisco, CA +2

Lead physical security operations and teams across multiple regional sites including data centers. Own incident response, vendor management, audits, and standardization of security procedures.

300k – 400k
On-site8+ YOESecurity Engineering
Replit

Security Operations Lead

ReplitFoster City, CA

Lead and scale Replit's 24/7 global SOC, owning SIEM, detection engineering, AI-powered triage/automation, and threat response across multi-cloud, Kubernetes, SaaS, endpoints, and AI workloads. Requires 7+ years in security operations with 3+ years leading SOC functions, deep cloud/SIEM expertise, and hands-on detection engineering.

295k – 385k
Hybrid7+ YOESecurity Engineering
OpenAI

Security Preparedness Lead, Coding Agents

OpenAISan Francisco, CA

Lead security efforts to protect OpenAI's internal AI coding agents from advanced cyber threats including APTs and insider risks. Requires strong hands-on technical skills in threat modeling, prototyping defenses, and coordinating cross-team security initiatives.

293k – 405k
HybridSecurity Engineering
OpenAI

Secure Manufacturing & Stealth Investigator

OpenAISan Francisco, CA

Lead complex investigations into leaks, insider risks, supply chain compromises, and adversarial activity affecting OpenAI's secure manufacturing, stealth programs, unreleased hardware, and prototypes. Requires 8+ years investigative experience across cyber, physical, and operational domains.

288k – 425k
Hybrid8+ YOESecurity Engineering
Anthropic

Platform Security Engineering, Auditor

AnthropicSan Francisco, CA +2

Audit and secure low-level platform components including firmware, secure boot chains, attestation systems, and hardware roots of trust for Anthropic's AI infrastructure. Requires deep expertise in systems security, vulnerability assessment, and ownership of fixes through production.

320k – 405k
Hybrid8+ YOESecurity Engineering