Skip to content
FluidstackFluidstackSan Francisco, CA

Staff Incident Responder

Senior-most incident commander building and operating Fluidstack's Detection & Response Engineering program. Defines runbooks, leads material incidents across IT/OT/physical surfaces, and sets standards for agent-first IR at scale.

250k – 350k
On-siteSecurity Engineering

About the role

What you’ll do

  • Run material incidents as incident commander, coordinating across detection, response, physical security, data center operations, legal, communications, and customers.
  • Build the IR program: runbook standards, severity definitions, materiality methodology, evidence contracts, and post-incident review cadence.
  • Define the agent-human contract for response: escalation criteria, evidence packages required from agents, and human verdict feedback into agent quality.
  • Design and operate the senior-IR on-call rotation (ack SLAs, escalation chain, fan-out logic) and remain an active senior IC inside it.
  • Analyze incident trends and patterns to surface systemic risks and recurring root causes, and turn the learnings into runbook, detection, or program improvements.
  • Drive cross-functional follow-through after every significant incident, tracking remediation and systemic fixes to completion across detection, response, infrastructure, and other teams.
  • Define and track the IR program’s KPIs and report on them to security and engineering leadership.
  • Set the tabletop and exercise cadence for IR readiness, executive crisis-comms, and audit-readiness drills.
  • Carry the external face of IR for regulatory and customer disclosure obligations, and audit responses.

About You

  • You have run material incidents at companies with sophisticated threat models, as the most senior commander on the call.
  • You have made disclosure-grade calls under regulatory and customer reporting clocks.
  • You have written runbooks that other engineers followed under pressure, and rewritten them after they did not work.
  • You have built operational processes from the ground up in environments where structure did not previously exist.
  • You read the agent-first thesis as one of the most interesting design choices in incident response today.
  • You have well-founded opinions on what makes a runbook actually used or an incident response process actually effective.
  • You move fluently between technical containment and executive, legal, or customer-facing conversations during a declared incident.
  • You see what is needed, scope it yourself, and run with it.

Strong Candidates May Also Have

  • Experience running incidents that bridge cyber, physical, and OT or ICS surfaces.
  • Experience at critical-infrastructure operators, data centers, or industrial environments.
  • Experience designing or operating agent-augmented incident response, including triage, investigation, or response automation.
  • Experience tuning LLM-based IR systems against measured precision and recall.

Skills

Incident ResponseIncident CommanderRunbook DevelopmentThreat AnalysisOt/Ics SecurityCyber-Physical Incident ResponseSecurity KpisTabletop ExercisesRegulatory ComplianceAgent-Augmented Ir
Replit

Staff Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Trust & Safety

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems at Replit to combat phishing, cryptomining, prompt injection, and other platform abuse at scale. Requires 8+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

250k – 315k
Hybrid8+ YOESecurity Engineering
Crusoe

Staff Product Security Engineer

CrusoeSan Francisco, CA

Leads advanced penetration testing, red team operations, and AI/ML security research to secure applications, infrastructure, and distributed AI systems including LLMs and Kubernetes environments. Requires 8-10 years offensive security experience and strong software engineering in Go/Python/Rust.

250k – 285k
On-site8+ YOESecurity Engineering
Discord

Staff Software Engineer, Platform Security

DiscordUnited States

Staff Software Engineer leading platform security initiatives, building secure IAM systems, cloud infrastructure baselines, and supply chain security tools. Requires 5+ years in production systems, software development in Python/Rust, and securing large-scale cloud environments.

248k – 279k
Remote5+ YOESecurity Engineering