Incode Technologies
Senior Security Engineer
Incode Technologies, San Francisco, California, United States, 94199
The Opportunity
We are looking for a trustworthy and proactive
Senior Security Engineer
to be the technical thought leader and driver of holistic security operations across Incode. As an early security hire at Incode, you will work across the security operations lifecycle for detection engineering and incident response, influence the security operations program development and be the first line of defense through assessing threats, collecting, analyzing data, and responding to anomalous activities and events. In close collaboration with our security team members, the compliance team, SRE team, and product engineering teams, we share the responsibility to identify, protect, detect, respond, and recover from cyber threats.
If you are a hands-on Sr. Security Engineer passionate about building high signal detection strategies, conducting threat-hunting exercises, automating and enriching events, and leading our first line of defense across our corporate and product at Incode, we would love to chat with you. This is an exciting opportunity to shape and build security operations and influence our overall security strategy.
Responsibilities
Be the first line of defense to protect, detect, respond to, and recover from cyber-attacks in both our corporate and product environments.
Develop and run tools to gather security telemetry data from cloud production systems.
Automate workflows and improve identification and response time for security events.
Build and optimize high signal detections with enriched data and orchestration.
Define and improve processes, procedures, and technologies used for detection and response.
Develop runbooks and incident playbooks for new and existing detections and influence our security operations roadmap.
Lead threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls.
Research attacker tactics, techniques, and procedures (TTPs) and craft detections to quickly identify and contain potential security threats.
Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently with partners.
Participate in an on-call rotation.
Onboard new systems and services to SIEM and SOAR and build new detection pipelines.
Facilitate incident response processes and tabletop exercises.
Qualifications:
Experience as a security engineer, including security monitoring, detection engineering, incident response, and threat hunting in a SaaS company
Experience developing tools and automation using common DevOps toolsets and programming languages
Practical understanding of common attacks, adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
Operating systems internals and forensics experience for macOS, Windows & Linux
Domain experience managing and working with current SIEM and SOAR platforms, DLP, email security platforms, endpoint protection platforms, secure service edge, etc.
Understanding of malware functionality and persistence mechanisms
Ability to analyze endpoint, network, and application logs for anomalous events
Practical understanding of scripting or programming in at least one language
Excellent collaborative skills
Outstanding written and verbal communication
Preferred Experience and Certification:
SaaS Startup experience in security focused industries, such as fintech, security software and services, healthtech, identity and access management.
Hands-on experience with data analysis, modeling, and correlation at scale
Familiarity in continuous integration and Infrastructure as Code
Experience designing, and optimizing high throughput ETL pipelines
Possess a breadth of knowledge and experience across the information security domain, such as endpoint security, cloud security, application security, or automation
Experience as a software engineer, infrastructure engineer, or site reliability engineer
Experience detecting or responding to threats in Kubernetes (K8s), AWS, and Linux environments
Proficiency in programming in at least one high-level programming language (polyglot preferred)
Certifications in Security, Incident Handling, Forensics, and/or Offensive Security (eg. CERT-CSIH, GCIH, GCIA, GCFA, Security+, ECIH, GX-IH, OSCP, GPEN, CEH, CISSP etc).
#J-18808-Ljbffr
We are looking for a trustworthy and proactive
Senior Security Engineer
to be the technical thought leader and driver of holistic security operations across Incode. As an early security hire at Incode, you will work across the security operations lifecycle for detection engineering and incident response, influence the security operations program development and be the first line of defense through assessing threats, collecting, analyzing data, and responding to anomalous activities and events. In close collaboration with our security team members, the compliance team, SRE team, and product engineering teams, we share the responsibility to identify, protect, detect, respond, and recover from cyber threats.
If you are a hands-on Sr. Security Engineer passionate about building high signal detection strategies, conducting threat-hunting exercises, automating and enriching events, and leading our first line of defense across our corporate and product at Incode, we would love to chat with you. This is an exciting opportunity to shape and build security operations and influence our overall security strategy.
Responsibilities
Be the first line of defense to protect, detect, respond to, and recover from cyber-attacks in both our corporate and product environments.
Develop and run tools to gather security telemetry data from cloud production systems.
Automate workflows and improve identification and response time for security events.
Build and optimize high signal detections with enriched data and orchestration.
Define and improve processes, procedures, and technologies used for detection and response.
Develop runbooks and incident playbooks for new and existing detections and influence our security operations roadmap.
Lead threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls.
Research attacker tactics, techniques, and procedures (TTPs) and craft detections to quickly identify and contain potential security threats.
Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently with partners.
Participate in an on-call rotation.
Onboard new systems and services to SIEM and SOAR and build new detection pipelines.
Facilitate incident response processes and tabletop exercises.
Qualifications:
Experience as a security engineer, including security monitoring, detection engineering, incident response, and threat hunting in a SaaS company
Experience developing tools and automation using common DevOps toolsets and programming languages
Practical understanding of common attacks, adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
Operating systems internals and forensics experience for macOS, Windows & Linux
Domain experience managing and working with current SIEM and SOAR platforms, DLP, email security platforms, endpoint protection platforms, secure service edge, etc.
Understanding of malware functionality and persistence mechanisms
Ability to analyze endpoint, network, and application logs for anomalous events
Practical understanding of scripting or programming in at least one language
Excellent collaborative skills
Outstanding written and verbal communication
Preferred Experience and Certification:
SaaS Startup experience in security focused industries, such as fintech, security software and services, healthtech, identity and access management.
Hands-on experience with data analysis, modeling, and correlation at scale
Familiarity in continuous integration and Infrastructure as Code
Experience designing, and optimizing high throughput ETL pipelines
Possess a breadth of knowledge and experience across the information security domain, such as endpoint security, cloud security, application security, or automation
Experience as a software engineer, infrastructure engineer, or site reliability engineer
Experience detecting or responding to threats in Kubernetes (K8s), AWS, and Linux environments
Proficiency in programming in at least one high-level programming language (polyglot preferred)
Certifications in Security, Incident Handling, Forensics, and/or Offensive Security (eg. CERT-CSIH, GCIH, GCIA, GCFA, Security+, ECIH, GX-IH, OSCP, GPEN, CEH, CISSP etc).
#J-18808-Ljbffr