Responsibilities
- Define and execute approaches to detecting, containing, and mitigating security threats and incidents.
- Own incident response and investigation outcomes, leading end-to-end response across identification, containment, eradication, and recovery.
- Shape team operations, evolving models, guiding execution during incidents, and scaling through automation and engineering.
- Define and drive strategy for modern incident response function, ensuring high-quality investigations and improvements in detection/response.
- Assess capabilities and chart path forward across people, process, and technology for global response.
- Scale function through automation, tooling, and improved workflows.
- Serve as key voice to senior leadership on incident trends, risks, and strategic direction; partner to turn learnings into security improvements.
- Lead and mentor team of ~5+ senior engineers.
- Partner with Security Platform, Detection Engineering, Infrastructure Security, Application Security, Infrastructure, Legal, Privacy, Global Safety and Security, and Engineering teams.
- Coach and develop team members in careers, technical expertise, and collaboration.
- Act as senior escalation point during high-severity incidents.
- Ensure consistent, high-quality investigations with strong root cause analysis.
- Establish priorities balancing speed, depth, and risk reduction.
- Improve escalation paths, ownership clarity, and cross-functional coordination.
- Use incident data to influence security priorities and investments.
- Share incident learnings with Information Security teams for roadmaps.
- Drive remediation with infrastructure, product, and engineering teams.
- Define and track metrics like MTTD, MTTR, incident severity, and recurrence.
- Communicate clearly during incidents to senior/executive leadership on insights, patterns, trends, and risks.
Requirements
- 9+ years industry experience in threat detection and incident response, with 3-5 years in engineering management.
- Experience shaping/evolving incident response programs in complex environments.
- Exceptional people management, mentorship, recruiting, developing, and retaining top talent.
- Strong understanding of attacker behavior and frameworks like MITRE ATT&CK.
- Experience with technologies: EDR, SIEM, cloud environments, investigation workflows.
- Experience in cloud-native environments (AWS, GCP, Azure).
- Ability to analyze ambiguous situations and make timely decisions.
- Comfort partnering with engineering teams for scalable solutions.
- Operate at strategic and tactical levels, from executive communication to incident leadership.
- Experience defining team strategy, priorities, and operating models.
- Strong judgment in risk assessment, escalation, and trade-offs.
- Excellent communication across technical and executive audiences.
Compensation
Pay Range: $204,000—$255,000 USD (base pay; may include bonus, equity, benefits, Employee Travel Credits).