Security Response Engineer, Incident Response

This is a fully remote position, open to applicants in Australia.

📋 Description

• Take ownership of and enhance the incident response lifecycle: serve as the incident commander for high-severity incidents.

• Participate in the team's on-call rotation: assess incoming alerts/escalations and coordinate both internal and company-wide incidents.

• Enhance response preparedness: develop and automate playbooks and conduct tabletop exercises.

• Address gaps in security telemetry: improve existing tools or build and deploy new ones.

• Elevate detection quality: create and fine-tune high-signal detections using Sigma.

• Proactively identify and implement opportunities for improvement and modernization.

⛳️ Requirements

• Established incident response leadership: experience as the lead incident commander for high-severity security incidents involving multiple teams and external stakeholders, with the ability to independently manage incident timelines, decisions, and communications.

• Operational rigor and investigative depth: proven experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network-based incidents; drives root-cause analysis and ensures completion of post-incident action items.

• Expertise in macOS-centric environments: has secured and managed a primarily macOS endpoint fleet, including deploying/managing endpoint controls, collecting telemetry, and conducting investigations on macOS systems.

• Collaborative and clear communicator: writes concise incident updates and summaries; capable of explaining risk, impact, and trade-offs to both technical and non-technical stakeholders; builds trust with partner teams during high-pressure situations; comfortable with the regular communication cadence of an incident.

• Experience with detections: ability to create and refine detections based on investigations and threat intelligence.

• Prior coding experience (Python, Go, Rust, or similar): capable of scripting for data parsing/enrichment and simple automation tasks.

• Prior success in remote-first work environments.

• Familiarity with detections-as-code (Sigma) development and workflows.

• Domain knowledge related to blockchain/Web3 threats.

• Contributions to open-source security-related projects.

🏝️ Benefits

• All positions at Chainlink Labs are global and remote-based.

• We thoroughly review all applications and aim to respond to every candidate within two weeks after the job posting closes.

• We want to give full consideration to your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.