Senior Incident Response Engineer (San Jose, CA)

Archer•San Jose, CA

9d•$144,000 - $1,800•Onsite

About The Position

Archer is seeking a Senior Incident Response Engineer to lead our detection and remediation efforts across enterprise and aviation technology environments. In this high-visibility role, you will serve as the primary technical liaison between Archer’s internal security team and our Managed Security Service Provider (MSSP). You will be responsible for translating security alerts into actionable threat intelligence and coordinated response actions while ensuring strict compliance with NIST SP 800-171, CMMC Level 2, and SOX ITGC requirements. This is a highly technical, hands-on position. You will lead investigations from initial detection through recovery, produce forensic reports for legal and regulatory stakeholders, and design automated response playbooks. Because Archer operates in a regulated aerospace environment, you must balance rapid response with meticulous evidence preservation. Why This Role Matters at Archer Archer is building the future of urban air mobility. Our intellectual property and safety-critical systems are high-value targets for nation-state actors and ransomware groups. A single incident could impact aircraft certification or delay FAA approvals. You are the first line of defense when preventive controls fail. Your work ensures our security maturity is "audit-ready" for investors, government agencies, and the DoD.

Requirements

Experience: 5+ years of direct experience in Incident Response or SOC roles, with proven experience managing MSSP SLAs and performance.
OS Internals: Demonstrated expertise in Windows, Mac, and Linux internals (process behavior, registry analysis, and log sources).
Scripting: Proficiency in Python, PowerShell, or Bash to automate analysis workflows and evidence collection.
SIEM/SOAR Mastery: Hands-on experience with platforms like Google SecOps (Chronicle), Splunk, or Microsoft Sentinel, and SOAR tools (Cortex XSOAR or Phantom).
Threat Intelligence: Knowledge of CTI standards (STIX/TAXII) and the ability to translate actor TTPs into actionable detection logic.
Communication: Ability to produce clear, concise written reports for Legal, HR, and regulatory stakeholders that translate technical findings into business risk.

Nice To Haves

Advanced Malware Analysis: Experience with static/dynamic analysis and reverse engineering using IDA Pro, Ghidra, or REMnux.
Aerospace/Regulated Industry: Familiarity with ITAR compliance, CUI handling, or aviation-specific threats (avionics tampering, firmware security).
Cloud IR: Experience conducting forensic analysis within AWS, Azure, or GCP environments.
Certifications: GCIH, GCFA, GCIA, GNFA, or equivalent advanced forensic certifications.

Responsibilities

MSSP Liaison & Alert Management: Serve as the internal SIEM engineer and MSSP relationship owner. Validate alerts by independently querying SIEM data using YARA-L, SPL, or KQL.
Incident Response & Forensics: Lead technical response for breaches, malware, and insider threats. Execute containment (isolating endpoints, blocking IPs) and conduct deep-dive forensics including memory analysis and disk imaging.
Threat Hunting: Execute proactive hunts using EDR telemetry and the MITRE ATT&CK framework to identify lateral movement or persistence mechanisms that evade automated detections.
Detection Engineering & SOAR: Develop and tune custom detection rules. Design SOAR workflows to automate evidence collection and remediation, reducing MTTD and MTTR.
Compliance & Audit Support: Design log retention policies to satisfy NIST 800-171 AU and CMMC IR practices. Facilitate external audits by providing evidence of root cause analysis and post-incident reviews.
Continuous Improvement: Facilitate tabletop exercises for leadership and engineering teams. Lead post-incident reviews to document lessons learned and drive strategic program improvements.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume