Staff CSIRT Analyst

About The Position

Requirements

• Experience: 8+ years of experience in Incident Response, SOC Operations, or Digital Forensics (DFIR).
• Technical Expertise: Advanced knowledge of EDR/MDR platforms, log aggregation (SIEM/ELK), and cloud security environments (AWS/Azure/M365).
• Problem Solving: Proven ability to articulate the root cause of complex problems using first principles and translate insights into technical solutions.
• Strategic Thinking: Experience leading small project teams and aligning tech stacks across functions.
• Communication: Exceptional ability to convey complex technical incident details to both technical teams and executive leadership.
• Tooling: Familiarity with automation/SOAR platforms and documentation tools like Confluence, Jira, and Lucid Chart.
• Mindset: A proactive, forward-thinking approach to security with a passion for building "stewardship of culture" through inclusive and actionable security behaviors.

Responsibilities

• Incident Response & Triage: Lead the identification, triage, and validation of security incidents through various telemetry sources, acting as the ultimate escalation point for the SOC.
• Strategic Preparedness: Drive organizational incident readiness by designing and executing practical response exercises (tabletops and purple teaming) to ensure first responders are prepared at all levels of our organization.
• Telemetry Optimization: Partner with engineering, product security, and detection engineering teams to tune existing telemetry sources to a high true-positive rate, reducing noise and increasing detection efficacy.
• Offensive Security Partnership: Collaborate closely with the Offensive Security team to identify visibility gaps and ensure proper coverage against modern threat actor TTPs. Partner with product security, engineering, detection engineering, and other applicable business units to close these gaps rather than treating them as a blocker.
• Continuous Improvement & Leadership: Lead cross-functional Post-Incident Reviews (PIRs) to extract critical lessons learned; own the lifecycle of resulting remediation tasks, driving specific tooling and process enhancements that harden organizational defenses and response against future threats.
• Stakeholder Communication: Develop and present comprehensive reports and "lessons learned" to stakeholders at all levels following major incidents or exercises.
• Documentation: Create and maintain playbooks, system configurations, and incident response standards to ensure scalability and supportability.

Benefits

• 100% remote work environment - since our founding in 2015
• Generous paid time off policy, including vacation, sick time, and paid holidays
• 12 weeks of paid parental leave
• Highly competitive and comprehensive medical, dental, and vision benefits plans
• 401(k) with a 5% contribution regardless of employee contribution
• Life and Disability insurance plans
• Stock options for all full-time employees
• One-time $500 reimbursement for building/upgrading home office
• Annual allowance for education and professional development assistance
• $75 USD/month digital reimbursement
• Access to the BetterUp platform for coaching, personal, and professional growth