Principal Security Engineer V, Incident Response & Operations

P6 - Job Title: Principal Security Engineer V, Incident Response & Operations

Reports to: Head of InfoSec

About The Role

We are seeking a seasoned and proactive Senior Security Engineer to build and lead our new Security Operations and Incident Response function. This is a foundational hands-on role for a critical security capability, and you will be responsible for developing our detection and response strategy from the ground up. As the subject matter expert, you will own the incident response lifecycle, manage our security monitoring and detection systems, and collaborate across the organization to reduce risk and rapidly respond to emerging threats.

This is a hands-on-keyboard role for a strategic thinker who is passionate about building resilient systems and hunting for malicious activity.

What You Will Do (Key Responsibilities)

- Act as the primary technical owner for our SIEM solution. Lead the integration, log source onboarding, and continuous fine-tuning of detection rules and alerts in collaboration with our partners. Manage partner relationships, including service delivery, budget, and performance metrics. - Design and implement a comprehensive monitoring strategy to ensure visibility across all critical environments, including our cloud service providers (AWS, Azure, GCP) and corporate networks. - Own and manage the security operations tool stack, including Extended Detection and Response (XDR), Security Orchestration, Automation, and Response, and other detection technologies. - Lead and manage the end-to-end incident response lifecycle for all security incidents, from initial detection and triage to containment, eradication, and recovery, ensuring minimal impact on the business. - Develop, document, and maintain a library of incident response playbooks for various scenarios (e.g., malware, ransomware, phishing, data exfiltration, cloud security incidents). - Develop and execute proactive, intelligence-driven threat hunts to identify malicious actors and TTPs that evade traditional security controls. - Integrate and operationalize threat intelligence to enrich security alerts, inform detection strategies, and guide proactive security efforts. - Build and mature the company-wide Incident Response program, including defining policies, procedures, and communication plans. - Develop and lead incident response training, including conducting regular tabletop exercises and purple team assessments with stakeholders from IT, Engineering, Legal, and Communications. - Define and report on key security metrics (e.g., Mean Time to Detect, Mean Time to Respond) to leadership. Conduct post-mortem reviews and ensure remediation actions are tracked to completion.

Required Qualifications

- 10+ years of experience in a hands-on cybersecurity role, with at least 7 years focused specifically on security operations (SecOps), incident response (IR), and digital forensics (DFIR). - Expert-level knowledge of the incident response lifecycle (e.g., NIST) and experience acting as an incident commander for major security events. - Deep technical expertise with core security technologies, including SIEM (e.g., Splunk, Sentinel, QRadar), XDR (e.g., CrowdStrike), and network analysis tools (e.g., Wireshark, Zeek). - Proven experience with security in at least one major cloud platform (AWS, Azure, or GCP), including native security services (e.g., AWS GuardDuty, Azure Sentinel, GCP Security Command Center). - Proficiency in scripting for automation and analysis (e.g., Python, PowerShell). - Exceptional communication skills and the ability to remain calm and effective under pressure, translating complex technical issues for both technical and non-technical audiences.

Preferred Qualifications

- Experience building a security operations or incident response function from the ground up. - Experience managing relationships with third-party vendors, particularly MSSPs. - Proficiency with Security Orchestration, Automation, and Response platforms. - Relevant industry certifications such as GCIH, GCFA, or CISSP. - Bachelor's degree in Computer Science, Information Security, or a related field.