Security Engineer - Incident Response

The Security Incident Response Team (SIRT) is integral to safeguarding Datadog from cybersecurity threats. In this pivotal role, you will collaborate with diverse teams to identify, triage, and swiftly respond to an array of security threats, ensuring that incidents are contained promptly. Your contributions will also extend to enhancing our tools and systems, fostering cross-functional learning from incidents to bolster our overall security posture.At Datadog, we value a vibrant office culture that nurtures relationships, collaboration, and creativity. We support a hybrid workplace model, allowing our team members to achieve a harmonious work-life balance.

GitLab Inc. is seeking a Senior Security Engineer for its Security Incident Response Team (SIRT). This fully remote position is open to candidates based in the United States who hold U.S. citizenship. The role centers on protecting GitLab.com and the broader GitLab ecosystem from a wide range of security threats, with additional responsibility for supporting the FedRAMP environment. Role overview This position leads significant security incidents and investigations, guiding the response from initial detection and triage through containment, eradication, and recovery. The work follows a 24/7 global "follow-the-sun" model, requiring collaboration with cross-functional teams to strengthen GitLab’s overall security posture. Responsibilities also include driving continuous improvements in defense, detection, and response capabilities, as well as scaling security operations through automation and intelligent workflows. Key responsibilities Manage and lead high-impact security incidents and investigations across GitLab.com and related platforms. Support the security needs of the FedRAMP environment. Promote and implement automation and AI-driven approaches to improve detection, investigation, and response times. Collaborate with teams around the globe to ensure effective incident response at all times. Contribute to ongoing enhancements in defense and detection strategies to stay ahead of evolving threats. Requirements U.S. citizenship and residency within the United States. Extensive experience in Digital Forensics and Incident Response (DFIR). Comfort working in a global, always-on environment. Strong interest in automation, AI-driven workflows, and operational excellence. GitLab values innovation, efficiency, and continuous learning. The company encourages the use of AI to enhance productivity and creativity across all teams. For more about the company culture, see this video.

This position is open to remote candidates across the U.S., with a preference for those located in the San Francisco/Bay Area or Seattle/Bellevue. U.S. citizenship is required.Databricks is on the lookout for a highly skilled and strategic Senior Staff Security Engineer specializing in Incident Response to bolster our Incident Response team. In this critical role, you will make decisions that will significantly influence the long-term success of Databricks' security framework, crafting solutions that pave the way for future opportunities even when paths are unclear. Your contributions will be vital in shaping a multi-year technology strategy for key sectors of our business, involving multiple systems and teams, and consistently delivering large-scale projects aligned with corporate objectives.The Incident Response team is dedicated to swiftly, effectively, and uniformly addressing security threats, incidents, and investigations to safeguard our customers, employees, and enterprise data. Utilizing Databricks' own platform for near-real-time log analytics, alerting, and forensics, we embody a philosophy of "Security for Databricks on Databricks." As a Senior Staff Security Engineer, you will tackle the most challenging Security Incident Response Team (SIRT) tasks, navigate complex, ambiguous problems, and enhance the organization’s efficiency through systems enablement, tool creation, or policy innovation.Your Impact:Strategic Direction & Technical Vision: Influence the organization's roadmap and lead discussions on vital technology domains, fostering adoption and contributing decisions with long-term implications for Databricks' success.Incident Leadership & Crisis Management: Spearhead intricate investigations and impact assessments, executing crisis management through the Incident Management System (IMS). Collaborate with various stakeholders and convey findings to executive leadership, ensuring effective handling of significant security incidents with minimal operational disruption.Advanced Threat Management: Demonstrate expert knowledge across all cloud services utilized by Databricks (AWS, Azure, GCP), possessing a deep understanding of the architecture of essential business components and articulating their security and risk parameters. Propel the creation of a sophisticated threat detection and response program aimed at significantly reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.Technical Innovation & Automation: Design scalable security solutions that leverage automation to enhance incident response efficiency and effectiveness.

About ClickHouseRecognized as one of the most innovative and rapidly expanding private cloud companies on the 2025 Forbes Cloud 100 list, ClickHouse serves over 3,000 customers and has achieved an annual recurring revenue growth of over 250% year-over-year. We are at the forefront of real-time analytics, data warehousing, observability, and AI workloads.Our recent $400M Series D financing round validates our ongoing momentum. In the last three months, notable clients such as Capital One, Lovable, Decagon, Polymarket, and Airwallex have either adopted our platform or expanded their existing usage. These new clients join leading AI innovators and prominent global brands including Meta, Cursor, Sony, and Tesla.Join us on our mission to revolutionize the way businesses leverage data!The Security Team at ClickHouse is dedicated to delivering vital security solutions encompassing application, cloud, and enterprise security, incident response, detection, and governance, risk, and compliance (GRC). We are seeking a skilled and proactive security practitioner to enhance modern security protocols and tools, with a primary focus on improving our detection and incident response capabilities.

Join dstaff as the Information Security Incident Response Lead, where you will play a crucial role in protecting our organization from security threats. You will spearhead our incident response efforts, leading a team to swiftly address and mitigate security incidents, ensuring the integrity and confidentiality of our data.Your expertise in incident management and security protocols will be essential in developing strategies to enhance our response capabilities. This position offers a dynamic work environment where you will collaborate with various teams to implement security measures and improve our overall security posture.

Role overview Space Exploration Technologies Corp. (SpaceX) seeks a Security Analyst - Detection and Incident Response in Hawthorne, CA. This role centers on protecting SpaceX’s technology and systems from security threats. The analyst will play a key part in detecting, investigating, and responding to security incidents, helping safeguard critical infrastructure. Key responsibilities Monitor SpaceX systems to identify potential security incidents. Analyze security events, assess their impact, and recommend next steps. Respond to incidents by coordinating actions to contain and resolve threats. Develop and improve incident response strategies and processes. Collaborate with teams across the company to support security protocols. Collaboration and impact This position works closely with multiple departments to strengthen SpaceX’s security posture. The analyst’s efforts contribute to compliance and help foster a culture of security awareness throughout the organization.

About UsAt Prophet Security, we understand the challenges faced by security teams overwhelmed by alerts, disparate workflows, and unintegrated tools. As adversaries evolve rapidly, deploying ransomware and compromising data in record time, organizations require more than just additional alerts; they need comprehensive solutions that transcend human limitations.We are pioneering an AI-powered Security Operations Center (SOC) platform designed to provide insightful context and consistent responses to security threats. Our technology leverages large language models to empower analysts, enabling them to investigate and respond at unprecedented speeds, transforming the capabilities of SOCs today and redefining future possibilities.Your RoleIf you are an investigator at heart, eager to leave a significant mark on the security landscape, this is your opportunity. You think beyond isolated alerts and focus on comprehensive workflows. You understand the critical context around incidents, know how to connect disparate information, and can determine the most effective next steps.Your experience includes investigating account takeovers, identifying session hijacking, tracking ransomware groups, and triaging suspicious cloud activities, especially those involving intricate control plane issues. True expertise is not simply about closing alerts; it’s about establishing repeatable processes: creating effective detections that sift through noise, developing orchestration workflows, and training AI to reason with your insights.You excel at navigating between investigations, coding, and customer interactions. One moment you’re analyzing complex logs, the next you’re collaborating with a teammate on response strategies or guiding a customer through an investigation. Your commitment to precision and context ensures that investigations are efficient and not duplicated.Continuous learning and sharing knowledge are your passions, and you aspire to influence the next generation of security operations.Your ImpactAt Prophet, you won’t just be responding to alerts; you will play a key role in shaping the application of AI in threat detection and response. Your investigative work and the workflows you establish will enhance Prophet AI’s reasoning capabilities, ensuring that our customers receive the coverage, accuracy, and clarity they require. Collaborating with engineers and fellow practitioners, you will help redefine the future of security operations.

Join our team as an Incident Response Engineer, where you will play a critical role in enhancing our cybersecurity infrastructure and safeguarding our digital assets. In this dynamic position, you will be responsible for identifying, analyzing, and responding to security incidents while ensuring our systems remain resilient against potential threats.As an essential member of our security team, you will collaborate closely with both technical and non-technical stakeholders to develop effective incident response strategies, conduct post-incident reviews, and implement robust security measures.

Join the forefront of cybersecurity as an Incident Response Engineer with reteam, where you will play a pivotal role in safeguarding our clients' digital assets.In this role, you'll lead investigations into security breaches, develop incident response strategies, and collaborate with cross-functional teams to enhance our security posture.As a key member of our team, you will be responsible for identifying vulnerabilities, conducting risk assessments, and implementing best practices to mitigate potential threats.

Senior Lead for Detection and Response in Security OperationsSan Carlos, CA (on-site)About 1XAt 1X, we are at the forefront of innovation, developing humanoid robots that collaborate with humans to address labor shortages and foster abundance across various industries.Role OverviewIn the capacity of Senior Lead for Detection and Response, you will take charge of 1X's comprehensive detection strategy, encompassing centralized logging, SIEM architecture, and the implementation of a high-efficiency 24/7 SOC/MDR operational model. This role demands a hands-on leader who is adept at managing the entire detection loop—from logging and incident response to ongoing enhancements. You will engineer scalable systems, mitigate alert fatigue, and ensure dependable responses during critical situations. Your contributions will significantly bolster 1X's proficiency in detecting, managing, and learning from security incidents as our organization continues to expand.Your ResponsibilitiesEstablish and manage the entire detection lifecycle, including log collection, normalization, detection engineering, triage, response, and post-incident analysis.Oversee centralized logging across cloud infrastructures, endpoints, identity systems, networks, and essential SaaS platforms.Drive the SIEM strategy, incorporating new data sources, parsing, tuning, detection engineering, routing logic, and executive-level dashboards.Develop and maintain a 24/7 SOC/MDR partnership, outlining requirements, playbooks, SLAs, escalation pathways, and quality benchmarks.Implement incident readiness programs, including runbooks, tabletop exercises, evidence capture protocols, and post-incident improvements.Minimize alert noise while enhancing detection signals through continuous tuning and risk-based alerting practices.Lead investigations, focusing on triage, containment, root cause analysis, and the facilitation of post-mortem assessments.Pinpoint and address detection gaps with measurable advancements in detection and containment timelines.

Join us in revolutionizing the data storage industry at Pure Storage! As a Senior Security Operations Manager, you'll be at the forefront of innovative technology, leading a team that is shaping the future of security operations.This is your chance to engage in work that truly matters, as we transform the tech landscape. If you're ready to embrace a world of opportunities and make a significant impact, we invite you to be part of our dynamic team.THE ROLEThe Senior Security Operations Manager for Detection Engineering & Incident Response will spearhead the evolution of Pure’s Security Operations (SecOps) function encompassing Detection Engineering, Threat Intelligence, and Incident Response (CIDR). Your mission will be to revolutionize SecOps into a proactive, intelligence-driven program that effectively mitigates enterprise risk and enhances security across cloud, SaaS, infrastructure, and endpoint environments.This position is pivotal, positioned at the nexus of detection, incident response, threat hunting, attack surface management, and platform security. You will develop and refine a high-signal detection and response system—from telemetry pipelines to actionable alerts—ensuring all detections are aligned with real attacker behaviors and effectively mitigate risk.You will collaborate closely with leaders across Governance, Risk & Compliance (GRC), Product Security, Infrastructure, Identity and Access Management (IAM), and Engineering to operationalize risk-informed detections, enhance incident response processes, and drive quantifiable improvements in our security posture.WHAT YOU’LL DOLead and enhance Detection Engineering and CIDR functions, focusing on threat detection, response workflows, incident triage, and automation.Create and sustain a detailed detection inventory categorized by threat type, log source, MITRE mapping, and detection method.Drive continuous validation through red team, purple team, and atomic testing.

Join Worldpay as an Incident Response Lead/Engineer in Offensive Security, where you will play a crucial role in safeguarding our systems against potential threats. Your expertise in incident response and offensive security will help us enhance our security posture, ensuring the integrity and confidentiality of our financial systems. Collaborate with a dynamic team of security professionals, leveraging cutting-edge technologies to identify vulnerabilities and respond to security incidents effectively.

At Roblox, millions of users engage daily in a vibrant ecosystem of exploration, creativity, and connection within immersive 3D digital worlds, all crafted by our diverse community of developers and creators. We are dedicated to providing the tools and platform that empower our community to transform their imaginative experiences into reality. Our mission is to redefine how individuals connect globally, across any device, while fostering an environment of optimism and civility. We are seeking exceptional talent to join us on this journey to connect a billion people. A career with Roblox allows you to influence the future of human interaction, tackle unique technical challenges at scale, and contribute to creating safer, more respectful shared experiences for everyone.As a pivotal member of the Security Operations team, you will take the reins as the Incident Response Program Lead at Roblox headquarters. In this essential role, you will be responsible for developing, enhancing, and expanding our Security Incident Response Team (SIRT) capabilities across people, processes, and technology. You will architect our response maturity, transitioning us from reactive firefighting to a structured, highly coordinated operation. While you’ll remain hands-on during incidents, your primary focus will be to amplify our capabilities: ensuring that our alert pipeline, response procedures, tools, and capacities are deeply integrated with the entire organization. Collaborating closely with leadership, you will shape the roadmap for the Security Incident Response Team, work cohesively with Security Operations Center (SOC) operations, and ensure our team is well-equipped to protect Roblox’s platform, developers, and millions of users.

Join our dynamic Security Engineering team as a Senior Security Engineer specializing in Detection and Incident Response. In this pivotal role, you will blend the realms of security operations and software engineering, not only investigating incidents but also developing the systems that detect, contain, and prevent them. Your contributions will involve designing and deploying high-precision detection mechanisms across cloud services and enterprise SaaS platforms, crafting automation to expedite response times, and enhancing telemetry pipelines essential for robust security measures.Your expertise in coding will be as vital as your incident triaging skills. You will structure investigations, analyze root causes, and clearly communicate the implications of security incidents to both technical and non-technical stakeholders. Additionally, you'll leverage these insights to drive lasting engineering improvements, resulting in better detections and smarter automation.

Join Human as a strategic security leader, where you will spearhead our global incident response and investigative efforts. In this pivotal role, you will ensure our organization is fully equipped to prepare for, detect, and respond to security incidents affecting HUMAN, our service ventures, partners, and customers. Collaborating closely with engineering, infrastructure, legal, and business teams, you will enhance our incident handling and continuously improve our detection and response capabilities. As part of a dynamic team, you will also engage with adjacent security domains such as Governance, Risk & Compliance (GRC), product security, and corporate security as needed. This position is open to candidates on the USA East Coast or in the UK.Key ResponsibilitiesOversee Global Incident ResponseLead the incident response process from start to finish, providing both strategic direction and hands-on support during critical incidents.Manage the entire incident lifecycle – preparation, detection, triage, containment, eradication, recovery, and post-incident analysis – ensuring clear roles and communication plans are in place.Act as the Incident Response Commander (IRC) for major incidents, guiding the Cyber Security Incident Response Team (CSIRT) through technical investigations and remediation efforts.Develop and conduct regular tabletop exercises and simulations alongside Security, IT, Engineering, Legal, People, and Customer Operations teams to validate our readiness and drive enhancements.Enhance and Automate Security OperationsDesign, implement, and refine detection strategies across our technology landscape (including endpoint, network, cloud, SaaS, and identity) while actively pursuing proactive threat hunting initiatives.Analyze current and developing threats, transforming threat intelligence into actionable detection use cases, playbooks, and risk narratives for leadership consideration.Continuously enhance automation and orchestration, evolving detection, enrichment, and response workflows using scripting and AI-driven techniques to minimize detection and containment times.Enable Security, IT, and Engineering teams by providing reusable workflows, integrations, and comprehensive documentation instead of isolated scripts.Manage relationships with Managed Detection and Response (MDR), Security Operations Center (SOC), and other security vendors, ensuring playbooks and runbooks align with HUMAN’s threat landscape.Collaborate with engineering and cloud platform teams to strengthen security monitoring practices.

The Trade Desk is revolutionizing how global brands and their agencies engage with audiences worldwide. Our media buying platform enhances the ad experience for consumers, establishing new benchmarks for global reach, accuracy, and transparency. We take immense pride in our company culture, valuing the diverse experiences and viewpoints each individual contributes to The Trade Desk. We are dedicated to creating inclusive environments where everyone can authentically express themselves at work. If you are a talented, driven, and innovative professional eager to join a dynamic, globally-connected team, we would love to hear from you! WHAT WE DO: The SPIDER (Security Posture, Incident Detection Engineering & Response) team at The Trade Desk is committed to safeguarding the people, processes, and technologies that drive the open internet. We are in search of a seasoned and adaptable Security Operations Engineer to join our Cybersecurity Department, reporting within the Cybersecurity Incident Response Team, actively managing cybersecurity incidents across the enterprise.

About Scribd:At Scribd Inc., we ignite curiosity and foster a vibrant ecosystem of stories and knowledge. Our mission is to democratize access to ideas and empower collective wisdom through our innovative platforms: Everand, Scribd, Slideshare, and Fable. Join us as we create an inclusive environment where creativity and collaboration thrive.We believe in cultivating a culture where authenticity and boldness flourish—encouraging open discussions and commitment to our goals while embracing the unexpected. Every team member is empowered to prioritize customer needs and take meaningful actions.Our flexible work policy, Scribd Flex, enhances individual work styles while fostering community connections. We encourage team members to collaborate intentionally through in-person moments, regardless of their location.We're looking for team members who embody "GRIT"—a blend of passion and perseverance towards long-term objectives. We seek individuals who can set and achieve Goals, deliver Results, offer Innovative solutions, and positively impact the Team's culture through collaboration.Role OverviewAs a Senior Security Engineer on our Infrastructure Security team, you'll play a crucial role in safeguarding our applications, platforms, and users. As we scale, we're enhancing our Detection & Response capabilities, transitioning towards a time-based security model that prioritizes speed, signal quality, and resilience as core design principles.

Join cape as a Senior Security Engineer specializing in Detection and Response, where you will play a crucial role in safeguarding our digital assets. In this fully remote position, you will leverage your expertise to enhance our security posture, proactively identifying and mitigating threats. Collaborate with cross-functional teams to develop effective security solutions and respond to incidents with agility and precision.

As an Incident Response Expert III at Arsiem, you will be pivotal in identifying, analyzing, and mitigating security incidents. You will leverage your expertise to develop and implement effective incident response strategies, while collaborating with cross-functional teams to enhance our security posture.