Partner 20, Senior Incident Response Engineer
About The Position
Andreessen Horowitz (a16z) is seeking a Senior Incident Response Engineer to anchor its detection and response efforts. This role involves owning incident triage and response across AWS and GCP, developing threat-catching detections in the SIEM, and leading response efforts during critical security events. The position addresses real-world threats, including financial fraud attempts, social engineering, and sophisticated actors targeting venture capital firms. The engineer will work closely with the Head of Cybersecurity, Security Engineering, IT, and Legal, requiring an in-office presence two days a week in San Francisco, CA. The role is crucial for protecting the firm, its Limited Partners (LPs), and its portfolio companies.
Requirements
- 5+ years of incident response experience or equivalent demonstrated impact, with cloud IR depth across both AWS and GCP
- Experience leading live incidents end to end — triage, containment, eradication, forensic investigation, and post-mortem — across cloud, SaaS, identity, and endpoint surfaces
- Experience running proactive, hypothesis-driven threat hunts using current TTPs and intel
- Hands-on detection authoring in modern SIEM platforms (Sigma, KQL, or equivalent) and experience working with detection-as-code
- Experience building detection frameworks and contributing to SIEM architecture decisions
- Strong Python scripting. This is a role where you build automation, not one where you only operate someone else's
- Demonstrated capability across modern security tooling categories (cloud telemetry, EDR, SOAR, SIEM). We weight transferable capability over experience with any specific product
- GCIH or equivalent IR certification preferred
- Comfortable in a fast-moving environment where security is expected to enable the business
- Experience defending against nation-state threat actors or organized criminal groups
- Working knowledge of AI/agent systems and their security implications, particularly in SOC workflows
- Experience translating the technical reality of an incident (blast radius, containment status, disclosure decisions) into language non-technical stakeholders can act on.
- Low ego, high empathy, and the capacity to collaborate effectively with diverse teams
Responsibilities
- Run incidents end to end, from first alert to post-mortem, across cloud and SaaS environments
- Write detections that catch real threats, with a strong bias toward signal over noise and broad MITRE ATT&CK coverage
- Help shape the next generation of our SOC, including AI agent integration into triage and response workflows
- Partner across the firm during incidents: investing teams, Legal, Compliance, Finance, IT, and firm leadership all get pulled in, and this role keeps every audience aligned under pressure
- Drive post-mortems that lead to operational change, not process for its own sake
- Work against real adversaries, including nation-state groups, organized criminal operations, and threat actors who specifically target venture capital firms
Benefits
- health insurance
- dental insurance
- vision insurance
- disability insurance
- life insurance
- 401K plan
- vacation
- sick leave
- a16z carry program
- various discretionary bonus programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
