Lead Security Analyst, Cloud & Endpoint Incident Response
About The Position
This senior-level role focuses on leading cloud-centric and endpoint security incident response, with a primary emphasis on AWS environments. The position involves full ownership of high-severity incidents, from initial detection to containment, remediation, and post-incident review, while improving overall security processes and automation. The ideal candidate will partner closely with engineering, SRE, and IT teams to remediate vulnerabilities, enhance detection capabilities, and ensure scalable, resilient security practices. You will also be responsible for mentoring team members, developing incident response playbooks, and identifying gaps in telemetry, tooling, and workflows. The role demands hands-on investigative expertise, strong technical leadership, and the ability to operate under pressure in a fast-paced environment. Opportunities exist to influence security strategy and drive continuous improvement across cloud and endpoint platforms.
Requirements
- Strong understanding of AWS security services, cloud architecture, CI/CD pipelines, and DevOps workflows
- Hands-on experience responding to cloud and endpoint security incidents, including investigation and containment
- Solid knowledge of identity and access management concepts, SaaS systems, and multi-account AWS environments
- Proficiency in Linux investigations, with working knowledge of macOS and Windows environments
- Experienced in using SIEM tools for detection and investigations (Splunk preferred) and scripting in Python for automation
- Proven ability to lead complex security incidents and drive collaboration across engineering and security teams
- Excellent problem-solving, communication, and documentation skills, with the ability to operate under pressure
Responsibilities
- Lead end-to-end investigations of high-severity security incidents across AWS, endpoint, identity, and SaaS environments
- Track emerging threats, assess risks, and translate threat intelligence into actionable guidance and mitigation strategies
- Develop, maintain, and improve incident response playbooks and automation workflows using SOAR tools and scripting
- Collaborate with Engineering, SRE, and IT teams to implement remediation and preventive measures for security incidents
- Conduct forensic analysis to reconstruct attacker activity and provide clear documentation for technical and non-technical stakeholders
- Identify gaps in detection, telemetry, and security tooling, and partner with relevant teams to close them
- Mentor and guide security team members, fostering a culture of continuous improvement and technical excellence
Benefits
- Competitive base salary range ($130,800 â $209,300 USD), with eligibility for performance-based bonuses
- Participation in equity plans for eligible roles (RSUs)
- Comprehensive healthcare, dental, and vision coverage
- Flexible work arrangements, including remote options
- Paid time off, holidays, and wellness programs
- Opportunities for professional development and career growth
- Supportive, collaborative, and inclusive work environment
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
11-50 employees
