AlphaSense is hiring a Senior Incident Response Engineer

AlphaSense is hiring a Senior Detection, Automation, and Incident Response Engineer to drive our defensive security capabilities. This critical technical role focuses on detection engineering, security orchestration, automation, and response (SOAR), and co-leading our threat hunting program. You will integrate new threat intelligence into high-fidelity detections and automate incident response processes to maximize team efficiency and speed.

What You'll Do

• Design, implement, and maintain advanced detection rules and correlation logic across SIEM, EDR, and Cloud platforms (AWS, GCP).
• Lead detection strategy and architecture aligned with the Detection Quality frameworks.
• Write high-fidelity detection rules using languages like SIGMA and YARA-L.
• Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage.
• Conduct detection gap analysis to identify coverage opportunities across the kill chain.
• Create and maintain detection playbooks, runbooks, and comprehensive documentation.
• Perform detection quality assessments and continuous improvement initiatives.
• Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools.
• Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms).
• Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics.
• Develop automated containment actions (account disable, host isolation, firewall rule updates).
• Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency.
• Handle Incident Response processes and procedures as needed.
• Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning.
• Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms.
• Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity.
• Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor.
• Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns.

What We're Looking For

• 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL).
• Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework.
• Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development.
• Proven experience designing and implementing SOAR platform architecture from concept to production.
• Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration.
• Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs.
• Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor.
• Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS.
• Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices.
• Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences.

Nice to Have

• Experience with YARA-L.
• Deep familiarity with Detection Frameworks and detection engineering quality frameworks.
• Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms.
• Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules.
• Background in purple team activities, adversary emulation, or red teaming.
• Experience with CI/CD practices for detection-as-code and automation-as-code.
• Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent).
• Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP).
• Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics.

Technical Stack

• SIEM, EDR, AWS, GCP
• SIGMA, YARA-L, KQL, SPL
• SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR)
• Python, Jupyter Notebooks, Osquery, Velociraptor
• CrowdStrike Falcon

Team & Environment

You'll work directly with the Director of Security Monitoring, Detection and Response and collaborate closely with the SOC Manager to co-lead threat hunting initiatives.

Benefits & Compensation

• Compensation: $128,000 - $161,000 USD
• Performance-based bonus
• Equity
• Generous benefits program

Work Mode

This role is remote within the USA.

AlphaSense is an equal-opportunity employer and does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor.