Sr. Security Operations Engineer, Incident Response

Affirm

2d•Remote

About The Position

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. At Affirm, security is integral to our mission of building honest financial products and driving the company's long-term success. The Security Operations and Resilience Engineering (SOR) program serves as the foundation of our preventive and responsive efforts to safeguard Affirm's assets and infrastructure. As part of our Security Team, you'll join a group of passionate, highly skilled professionals redefining fintech security through collaboration, innovation, and a team-first mindset. We're seeking a Senior Security Operations Engineer to join the Incident Response function within the broader Security Operations & Resilience org. In this role, you'll be a hands-on practitioner and technical contributor who drives incident response efforts from triage through resolution - with the depth, ownership, and composure to lead when it matters most. This is a highly technical, execution-focused role where you’ll lead hands-on investigations and drive incident response from detection through remediation. You’ll collaborate across engineering, product, and infrastructure teams, and partner with Observability & Automation to improve detections, build automated playbooks, and strengthen our security posture. You will have the opportunity to help solve complex security challenges and build capabilities that protect millions of customers, merchants, and partners.

Requirements

5+ years of experience in Security Operations or Detection & Response, with strong hands-on incident response in cloud environments (AWS and EKS experience strongly preferred).
Proven ability to lead security incidents, including containment and remediation, in fast-moving environments.
Strong investigative and analytical skills, with the ability to synthesize signals from multiple data sources.
Experience with security tooling such as SIEM and EDR platforms (e.g., Splunk, Elastic, SentinelOne, CrowdStrike, or similar).
Solid understanding of cloud security concepts and their application in real-world scenarios.
Strong communication skills, with the ability to clearly convey information across technical and non-technical audiences.
Experience building or improving automation for incident response workflows (e.g., scripting in Python; infrastructure-as-code is a plus).

Nice To Haves

infrastructure-as-code is a plus

Responsibilities

Lead and execute incident response efforts to protect Affirm’s systems, customers, and data.
Lead security incidents end-to-end, from detection and triage through containment, remediation, and post-incident review.
Act as incident commander, driving clear decisions and alignment across teams during high-pressure situations.
Conduct hands-on investigations across cloud and endpoint environments to determine root cause and impact.
Partner with Observability & Automation to improve detections, reduce noise, and build automated response playbooks.
Contribute to and refine incident response playbooks, runbooks, and documentation to improve readiness and consistency.
Collaborate with Security, Infrastructure, and Product teams to identify gaps and strengthen the incident response lifecycle.
Communicate effectively during incidents, providing clear updates to both technical and non-technical stakeholders.

Benefits

monthly stipends for health, wellness and tech spending
100% subsidized medical coverage
dental and vision for you and your dependents
equity rewards offered by Affirm Holdings, Inc. (parent company)
competitive vacation and holiday schedules
An employee stock purchase plan enabling you to buy shares of Affirm at a discount

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume