[Remote] Security Response Engineer, Incident Response
Note: The job is a remote job and is open to candidates in USA. Chainlink Labs is the industry-standard oracle platform bringing capital markets on-chain and powering decentralized finance. As a Security Response Engineer, you will own the full security incident response lifecycle, acting as the incident commander and coordinating efforts across diverse environments to improve response capabilities and efficiency.ResponsibilitiesOwn and improve the incident response lifecycle: act as incident commander for high-severity incidentsJoin the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidentsImprove response readiness: create and automate playbooks, conduct tabletop exercisesAddress security telemetry gaps: improve existing or build/deploy new toolsIncrease detection quality: write and tune high-signal detections (in Sigma)Proactively identify and implement areas of improvement and modernizationSkillsProven incident response leadership: experience as the primary incident commander for highâseverity security incidents involving multiple teams and external stakeholders, and can independently manage incident timelines, decisions, and communicationsOperational rigor and investigation depth: demonstrated experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network based incidents; drives rootâcause analysis and postâincident action items to completionExperience in macOS-heavy environments: has secured and operated a predominantly macOS endpoint fleet: deploying / managing endpoint controls, telemetry collection, and performing investigations on macOS systemsCollaborative, straightforward communicator: writes clear incident updates and summaries; can explain risk, impact, and tradeâoffs to both technical and nonâtechnical stakeholders; builds trust with partner teams during highâpressure situations; comfortable handling the regular communication cadence of an incidentDetections experience: ability to create and refine detections based on investigations and threat intelligencePrevious coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automationsPrior success in remote-first environmentsExperience with detectionsâasâcode (Sigma) development and workflowsDomain experience with blockchain/Web3 threatsOpen-source contributions to security related projectsCompany OverviewChainlink Labs provides open-source blockchain oracle solutions and specializes in the development and integration of chainlink. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is https://chainlinklabs.com/.