Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud infrastructure. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP.
What You’ll Do
Incident Response Leadership: Act as the primary Incident Lead during high-severity events. Own the end-to-end response lifecycle: driving triage, containment, evidence capture, and post-incident root-cause analysis.
Automation & SOAR Engineering: Use Tines to build and design workflows that automate triage, enrichment, and containment actions, significantly reducing operational toil and improving time-to-contain.
Detection & Endpoint Monitoring: Manage and fine-tune detection rule lifecycles utilizing CrowdStrike EDR and SIEM/SOAR capabilities to maintain high-precision, low-latency coverage against modern adversary tradecraft.
Data Protection & Visibility: Monitor and respond to data risks across endpoints, identity, and SaaS applications using Cyberhaven DLP. Identify gaps in IAM and vulnerability management and advocate for direct fixes.
Architecture Partnership: Partner with infrastructure owners to ensure new systems ship across all cloud environments with the right telemetry, encryption, authentication, and response playbooks from day one.
Emergent Threats: Evaluate and design response strategies for frontier security concerns, such as automated agents or bots operating across infrastructure at scale.
On-Call Rotation: Actively participate in the scheduled Incident Response on-call rotation, ensuring reliable coverage and operational readiness for emergent threats.
What We’re Looking For
- 5+ years of experience in a dedicated Incident Response, SOC, or Security Engineering role, with a proven track record of leading high-severity incident containment in fast-paced environments
- Strong familiarity with the MITRE ATT&CK framework, modern adversary tactics, techniques, and procedures (TTPs), and common attack vectors targeting SaaS platforms
- Proven experience managing and tuning detection logic within CrowdStrike Falcon (or equivalent enterprise EDR/XDR) and enterprise SIEM platforms
- Excellent leadership skills with the ability to remain calm under pressure, coordinate cross-functional teams (Engineering, Legal, PR), and clearly communicate complex technical risks to stakeholders
Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud infrastructure. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
Sr. Security Engineer, Incident Response
Technical lead for incident response across multi-cloud environments. Owns triage, containment, automation, and detection tuning using CrowdStrike, Tines, and Cyberhaven DLP. Requires 5+ years in IR/SOC roles.
Director, Product Security Engineering
Lead product security initiatives by embedding security into the SDLC, performing threat modeling, building security tooling, and mentoring teams. Requires 8-10+ years of product security experience and deep expertise in cloud, application, and mobile security.