Security Response Engineer, Incident Response

Remote $154k–$360k 1 month ago full-time quality 8.2/10

Role in brief

Chainlink Labs seeks a Security Response Engineer to manage the full incident response lifecycle, from leading high-severity incidents to improving detection and readiness. This role is for a seasoned security professional with strong incident command experience, particularly in macOS environments, and a background in scripting for automation and data handling.

incident responsemacOSPythonGoRustSigma

About the role

This position centers on leading and refining the incident response process within Chainlink Labs. The engineer will act as the primary incident commander during critical security events, coordinating across teams and external parties. A key part of the role involves participating in an on-call rotation to triage alerts and manage company-wide incidents, ensuring a swift and effective response to security threats.

A significant aspect of this role involves proactively enhancing the organization's security posture. This includes developing and automating playbooks, conducting tabletop exercises to test response capabilities, and addressing gaps in security telemetry by building or deploying new tools. The engineer will also focus on improving detection quality by writing and fine-tuning high-signal detections, particularly using Sigma.

Success in this role requires a blend of leadership in incident management and hands-on technical skill. The ideal candidate will drive root-cause analysis post-incident and ensure that remediation actions are completed. They will also contribute to the continuous modernization of security operations, identifying and implementing improvements to keep pace with evolving threats.

The annual salary for this position ranges from $154,000 to $360,000.

Skills that matter here

  • incident response: This role requires leading the entire incident response lifecycle, from initial triage to post-incident analysis and remediation.
  • macOS: The engineer will secure, operate, and investigate incidents within an environment predominantly using macOS endpoints.
  • Python: Coding experience in Python, Go, Rust, or similar languages is needed for scripting data parsing, enrichment, and simple automations.
  • Go: Coding experience in Go, Python, Rust, or similar languages is needed for scripting data parsing, enrichment, and simple automations.
  • Rust: Coding experience in Rust, Python, Go, or similar languages is needed for scripting data parsing, enrichment, and simple automations.
  • Sigma: The role involves writing and tuning high-signal security detections using the Sigma language.

Who this role suits

  • A leader who can manage high-pressure situations, coordinating multiple teams and external stakeholders during security incidents.
  • Someone with a methodical approach to investigations, ensuring thorough triage, containment, and root-cause analysis.
  • A clear and direct communicator who can explain complex security risks and decisions to both technical and non-technical audiences.
  • An individual who is proactive in identifying and implementing improvements to security processes and tools.

From the employer

  • Own and improve the incident response lifecycle: act as incident commander for high-severity incidents
  • Join the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidents
  • Improve response readiness: create and automate playbooks, conduct tabletop exercises
  • Address security telemetry gaps: improve existing or build/deploy new tools
  • Increase detection quality: write and tune high-signal detections (in Sigma)
  • Proactively identify and implement areas of improvement and modernization

Required

  • Proven incident response leadership: experience as the primary incident commander for high-severity security incidents involving multiple teams and external stakeholders, and can independently manage incident timelines, decisions, and communications
  • Operational rigor and investigation depth: demonstrated experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network based incidents; drives root-cause analysis and post-incident action items to completion.
  • Experience in macOS-heavy environments: has secured and operated a predominantly macOS endpoint fleet: deploying / managing endpoint controls, telemetry collection, and performing investigations on macOS systems.
  • Collaborative, straightforward communicator: writes clear incident updates and summaries; can explain risk, impact, and trade-offs to both technical and non-technical stakeholders; builds trust with partner teams during high-pressure situations; comfortable handling the regular communication cadence of an incident
  • Detections experience: ability to create and refine detections based on investigations and threat intelligence
  • Previous coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automations

Questions about this role

What is the remote work policy for this role?

This is a remote-first position, allowing for work from various locations.

What level of experience is required for this position?

The role requires proven incident response leadership, acting as the primary incident commander for high-severity security incidents.

What are the key technical skills needed for this role?

Key technical skills include incident response, experience with macOS environments, and coding abilities in languages like Python, Go, or Rust, along with experience in writing Sigma detections.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Chainlink Labs.