Senior Security Engineer - Incident Response

5+ years of demonstrated ability managing security incidents at a global scale and/or experience working in Security Operations Centers (SOC), Product Security Incident Response Teams (PSIRT), and Computer Security Incident Response Teams (CSIRT). Expertise with security information and event management (SIEM) systems (eg. ELK, Google BigQuery, Splunk, etc.). Splunk proficiency is preferred. Expertise with endpoint detection and investigation. Hands-on experience with leading EDR tools and demonstrated ability to leverage endpoint telemetry to find root cause. Expertise with security orchestration and automation (SOAR) platforms such as Tines or Splunk SOAR. Superb communication and leadership capacity; ability to partner effectively with diverse company stakeholders. Real-world experience in software development and/or engineering operations for consumer products and services; B.S. in a technology-focused field is helpful. Practical experience working with cloud technologies (eg. Google Cloud Platform, Amazon Web Services, Heroku, Microsoft Azure, etc.).

Identify and respond to security incidents on a global scale. Act as an incident commander to drive incidents through the entire response lifecycle. Design and maintain a portfolio of security alerts, automated actions, playbooks and escalation workflows in support of a high-performing 24/7 incident response capability. Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors. Research threat intelligence reports, triage and manage resulting workflows. Partner with key stakeholders and communicate effectively to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post mortem activities. Participate in on-call rotation.