What You'll Do
Take ownership of escalated security incidents and conduct in-depth investigations into advanced threats such as identity breaches, cloud misconfigurations, lateral movement, and data exfiltration. Analyze telemetry from SIEM, EDR, cloud platforms, email security, IAM, and SaaS applications to build accurate timelines and assess impact.
Lead technical response during active incidents, coordinating containment and remediation actions within defined protocols. Collaborate with incident response teams and other functions to ensure effective resolution. Use threat intelligence to enrich findings and align observed behaviors with frameworks like MITRE ATT&CK to strengthen detection logic.
Refine detection rules, alerting thresholds, and correlation logic to reduce noise and improve signal accuracy. Develop and enhance playbooks for common attack patterns including phishing, credential theft, API abuse, and insider threats. Automate repetitive investigative steps using SOAR platforms, scripts, and query languages.
Guide Level 1 analysts through real-time coaching and structured feedback to improve investigation quality and escalation readiness. Ensure thorough documentation during shift handovers and maintain high standards in case records. Contribute to key SOC performance metrics including mean time to detect, respond, and resolve, supporting ongoing operational improvements.
Requirements
You have 2–5 years of hands-on experience in security operations, incident response, or a similar technical role within a high-velocity environment. You’re skilled in analyzing security events across cloud infrastructure, endpoints, identity systems, and network traffic.
You are proficient with at least one major SIEM platform—such as Splunk, Elastic, or Microsoft Sentinel—and familiar with EDR tools like CrowdStrike or Defender. You can navigate ticketing systems including Jira or ServiceNow and write clear, actionable incident reports covering scope, impact, and remediation steps.
You thrive in shift-based or on-call settings and maintain composure during high-pressure situations. Your investigative approach is methodical, and you consistently apply structured analysis across diverse data sources.
Preferred Qualifications
- Experience designing and tuning detection logic using Sigma, KQL, or SPL
- Knowledge of digital forensics and incident response fundamentals, including evidence collection and endpoint artifact analysis
- Familiarity with containerized environments and Kubernetes security monitoring
- Scripting ability in Python or Bash for automation and data analysis
- Exposure to digital asset platforms, 24/7 trading systems, or Web3 infrastructure
- Relevant certifications such as GCIH, GCIA, GCED, SC-200, or cloud security specialties
Benefits
- Work remotely with flexible coordination across global locations
- Connect with teammates through regular virtual and in-person gatherings
- Engage with innovation labs focused on Rust-based algorithmic trading systems
- Access to Web3 accelerator programs and research initiatives
- Opportunities to contribute to governance and emerging protocols in DeFi and digital assets
- Collaborate with a diverse, multinational team operating across multiple continents
- Gain exposure to RWA, NFTs, and decentralized finance ecosystems
- Work at the forefront of digital asset security with access to global exchange networks
