Lead Security Analyst, Cloud & Endpoint Incident Response

About The Position

Requirements

• Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams.
• Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.
• Solid knowledge of cloud architecture, especially Amazon Web Services (AWS) services used in modern cloud-native deployments.
• Hands-on experience responding to AWS security incidents, including investigation and containment actions.
• Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.
• Proven experience leading complex security incidents across cloud and endpoint environments.
• Strong understanding of identity and access concepts (IAM roles, federation, OAuth, privilege escalation patterns).
• Experience using a SIEM for investigations and detection development (Splunk preferred).
• Comfortable scripting or automating in Python to accelerate investigations and response workflows.
• Strong Linux investigation skills; solid working knowledge of macOS and Windows.

Nice To Haves

• Experience operating in multi-account AWS environments and building practical IR workflows for scale (centralized logging, access patterns, guardrails).
• Familiarity with AWS security services beyond core telemetry (e.g., Security Hub, Detective, Config, Macie).
• Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems.
• SOAR experience building reliable, auditable automations and response workflows.

Responsibilities

• Threat awareness & rapid assessment
• Incident response & investigation
• AWS incident response
• Detection, automation & readiness
• Engineering partnership & remediation ownership