4,879 Incident Response jobs in the United States

**About the Role**
The CyberSecurity Incident Response team (CIRT) is at the forefront of protecting Uber, our customers, and our partners from evolving security threats. We are a hands-on, fast-paced team that responds to security incidents, conducts forensic investigations, and builds automated solutions to scale our defence.
As a Security Analyst on the CIRT team, you will be a key player in our incident response efforts. This is a technical and investigative role where you'll be responsible for:
1. Responding to security incidents and mitigating threats across the company.
2. Conducting in-depth investigations and digital forensics to uncover the root cause of attacks.
3. Developing and implementing automation solutions using tools like SIEM and SOAR to improve our response capabilities.
4. Collaborating with other security and engineering teams to address vulnerabilities and strengthen our security posture.
5. Communicating your findings clearly and concisely to help shape our long-term security strategy.
We are looking for someone who is passionate about solving complex security puzzles and is eager to build innovative solutions to protect a global platform.
**What the Candidate Will Need / Bonus Points**
--- What the Candidate Will Do ---
1. **Incident Response** : Act as a first responder to security alerts, triaging and containing threats across the Uber platform.
2. **Forensic Analysis** : Investigate security incidents by analyzing logs, network traffic, and host data to determine the root cause, scope, and impact.
3. **Automation** : Develop and deploy scripts and playbooks to automate incident response workflows and improve team efficiency.
4. **Threat Hunting** : Proactively search for emerging threats and vulnerabilities using threat intelligence to mitigate risks before they can be exploited.
5. **Collaboration** : Partner with other teams to share threat intelligence, recommend security improvements, and communicate incident findings.
--- Basic Qualifications ---
1. Bachelor's degree in Computer Science, Information Security, or a related field.
2. 3+ years of professional experience in a security-focused role, such as Incident Response, Security Operations, or Digital Forensics.
3. Proven experience with incident response and handling in a professional environment.
4. Familiarity with common security tools and technologies (e.g., SIEM, EDR, network monitoring).
5. Experience in a scripting language (e.g., Python, Bash) for task automation and data analysis.
6. Strong problem-solving skills and the ability to work effectively under pressure.
7. Excellent written and verbal communication skills.
--- Preferred Qualifications ---
1. Experience in a large-scale, enterprise environment, particularly within the technology sectors.
2. Hands-on experience across multiple domains such as network, hosts, applications, data, cloud security etc.
3. Strong understanding of network protocols, TCP/IP, and firewall concepts.
4. Knowledge of scripting and development in languages like **Python** or **Go** .
5. Experience with ML and GenAI security concepts is a plus.
For San Francisco, CA-based roles: The base salary range for this role is USD$152,000 per year - USD$69,000 per year. For Seattle, WA-based roles: The base salary range for this role is USD 152,000 per year - USD 169,000 per year. For Sunnyvale, CA-based roles: The base salary range for this role is USD 152,000 per year - USD 169,000 per year. For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form-

**About the Role**
The CyberSecurity Incident Response team (CIRT) is at the forefront of protecting Uber, our customers, and our partners from evolving security threats. We are a hands-on, fast-paced team that responds to security incidents, conducts forensic investigations, and builds automated solutions to scale our defence.
As a Security Analyst on the CIRT team, you will be a key player in our incident response efforts. This is a technical and investigative role where you'll be responsible for:
1. Responding to security incidents and mitigating threats across the company.
2. Conducting in-depth investigations and digital forensics to uncover the root cause of attacks.
3. Developing and implementing automation solutions using tools like SIEM and SOAR to improve our response capabilities.
4. Collaborating with other security and engineering teams to address vulnerabilities and strengthen our security posture.
5. Communicating your findings clearly and concisely to help shape our long-term security strategy.
We are looking for someone who is passionate about solving complex security puzzles and is eager to build innovative solutions to protect a global platform.
**What the Candidate Will Need / Bonus Points**
--- What the Candidate Will Do ---
1. **Incident Response** : Act as a first responder to security alerts, triaging and containing threats across the Uber platform.
2. **Forensic Analysis** : Investigate security incidents by analyzing logs, network traffic, and host data to determine the root cause, scope, and impact.
3. **Automation** : Develop and deploy scripts and playbooks to automate incident response workflows and improve team efficiency.
4. **Threat Hunting** : Proactively search for emerging threats and vulnerabilities using threat intelligence to mitigate risks before they can be exploited.
5. **Collaboration** : Partner with other teams to share threat intelligence, recommend security improvements, and communicate incident findings.
--- Basic Qualifications ---
1. Bachelor's degree in Computer Science, Information Security, or a related field.
2. 3+ years of professional experience in a security-focused role, such as Incident Response, Security Operations, or Digital Forensics.
3. Proven experience with incident response and handling in a professional environment.
4. Familiarity with common security tools and technologies (e.g., SIEM, EDR, network monitoring).
5. Experience in a scripting language (e.g., Python, Bash) for task automation and data analysis.
6. Strong problem-solving skills and the ability to work effectively under pressure.
7. Excellent written and verbal communication skills.
--- Preferred Qualifications ---
1. Experience in a large-scale, enterprise environment, particularly within the technology sectors.
2. Hands-on experience across multiple domains such as network, hosts, applications, data, cloud security etc.
3. Strong understanding of network protocols, TCP/IP, and firewall concepts.
4. Knowledge of scripting and development in languages like **Python** or **Go** .
5. Experience with ML and GenAI security concepts is a plus.
For San Francisco, CA-based roles: The base salary range for this role is USD$152,000 per year - USD$69,000 per year. For Seattle, WA-based roles: The base salary range for this role is USD 152,000 per year - USD 169,000 per year. For Sunnyvale, CA-based roles: The base salary range for this role is USD 152,000 per year - USD 169,000 per year. For all US locations, you will be eligible to participate in Uber's bonus program, and may be offered an equity award & other types of comp. You will also be eligible for various benefits. More details can be found at the following link is proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know by completing this form-

Alternate Locations: Work from Home

Work Arrangement:

Remote : Work at home employee

Relocation assistance: is not available for this opportunity.

Requisition #: 74030

The Role at a Glance

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.

What you'll be doing

• Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

• Document incidents from initial detection through final resolution.

• Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

• Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

• Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

• Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

• Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

• Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.

What we're looking for

• 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

• 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

• 4 Year/Bachelor's degree or equivalent work experience

#DICE

What's it like to work here?

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.

What's in it for you:

• Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

• Leadership development and virtual training opportunities

• PTO/parental leave

• Competitive 401K and employee benefits (

• Free financial counseling, health coaching and employee assistance program

• Tuition assistance program

• Work arrangements that work for you

• Effective productivity/technology tools and training

The pay range for this position is $75,701 - $140,700 with anticipated pay for new hires between the minimum and midpoint of the range and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.

About The Company

Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.

With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.

Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.

Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .

Be Aware of Fraudulent Recruiting Activities

If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.

Lincoln will not ask applicants to provide their social security numbers, date of birth,

Alternate Locations: Work from Home

Work Arrangement:

Remote : Work at home employee

Relocation assistance: is not available for this opportunity.

Requisition #: 74030

The Role at a Glance

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.

What you'll be doing

• Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

• Document incidents from initial detection through final resolution.

• Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

• Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

• Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

• Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

• Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

• Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.

What we're looking for

• 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

• 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

• 4 Year/Bachelor's degree or equivalent work experience

#DICE

What's it like to work here?

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.

What's in it for you:

• Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

• Leadership development and virtual training opportunities

• PTO/parental leave

• Competitive 401K and employee benefits (

• Free financial counseling, health coaching and employee assistance program

• Tuition assistance program

• Work arrangements that work for you

• Effective productivity/technology tools and training

The pay range for this position is $75,701 - $140,700 with anticipated pay for new hires between the minimum and midpoint of the range and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.

About The Company

Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.

With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.

Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.

Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .

Be Aware of Fraudulent Recruiting Activities

If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.

Lincoln will not ask applicants to provide their social security numbers, date of birth,

Alternate Locations: Work from Home

Work Arrangement:

Remote : Work at home employee

Relocation assistance: is not available for this opportunity.

Requisition #: 74030

The Role at a Glance

This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.

What you'll be doing

• Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.

• Document incidents from initial detection through final resolution.

• Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.

• Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.

• Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents

• Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.

• Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.

• Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.

• Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.

What we're looking for

• 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)

• 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.

• 4 Year/Bachelor's degree or equivalent work experience

#DICE

What's it like to work here?

At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.

What's in it for you:

• Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes

• Leadership development and virtual training opportunities

• PTO/parental leave

• Competitive 401K and employee benefits (

• Free financial counseling, health coaching and employee assistance program

• Tuition assistance program

• Work arrangements that work for you

• Effective productivity/technology tools and training

The pay range for this position is $75,701 - $140,700 with anticipated pay for new hires between the minimum and midpoint of the range and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.

About The Company

Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.

With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.

Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.

Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .

Be Aware of Fraudulent Recruiting Activities

If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.

Lincoln will not ask applicants to provide their social security numbers, date of birth,

**Alternate Locations:** Work from Home
**Work Arrangement:**
Remote : Work at home employee
**Relocation assistance:** is not available for this opportunity.
**Requisition #:** 74030
**The Role at a Glance**
This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
**What you'll be doing**
+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.
+ Document incidents from initial detection through final resolution.
+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.
+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.
+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents
+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.
+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
**What we're looking for**
+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)
+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.
+ 4 Year/Bachelor's degree or equivalent work experience
#DICE
**What's it like to work here?**
At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
**What's in it for you:**
+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes
+ Leadership development and virtual training opportunities
+ PTO/parental leave
+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program
+ Tuition assistance program
+ Work arrangements that work for you
+ Effective productivity/technology tools and training
The pay range for this position is $75,701 - $140,700 with **anticipated pay for new hires between the minimum and midpoint of the range** and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.
**About The Company**
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.
With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.
Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.
Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .
**Be Aware of Fraudulent Recruiting Activities**
If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.
Lincoln will not ask applicants to provide their social security numbers, date of birth,

**Alternate Locations:** Work from Home
**Work Arrangement:**
Remote : Work at home employee
**Relocation assistance:** is not available for this opportunity.
**Requisition #:** 74030
**The Role at a Glance**
This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
**What you'll be doing**
+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.
+ Document incidents from initial detection through final resolution.
+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.
+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.
+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents
+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.
+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
**What we're looking for**
+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)
+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.
+ 4 Year/Bachelor's degree or equivalent work experience
#DICE
**What's it like to work here?**
At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
**What's in it for you:**
+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes
+ Leadership development and virtual training opportunities
+ PTO/parental leave
+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program
+ Tuition assistance program
+ Work arrangements that work for you
+ Effective productivity/technology tools and training
The pay range for this position is $75,701 - $140,700 with **anticipated pay for new hires between the minimum and midpoint of the range** and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.
**About The Company**
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.
With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.
Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.
Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .
**Be Aware of Fraudulent Recruiting Activities**
If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.
Lincoln will not ask applicants to provide their social security numbers, date of birth,

**Alternate Locations:** Work from Home
**Work Arrangement:**
Remote : Work at home employee
**Relocation assistance:** is not available for this opportunity.
**Requisition #:** 74030
**The Role at a Glance**
This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
**What you'll be doing**
+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.
+ Document incidents from initial detection through final resolution.
+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.
+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.
+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents
+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.
+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
**What we're looking for**
+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)
+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.
+ 4 Year/Bachelor's degree or equivalent work experience
#DICE
**What's it like to work here?**
At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
**What's in it for you:**
+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes
+ Leadership development and virtual training opportunities
+ PTO/parental leave
+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program
+ Tuition assistance program
+ Work arrangements that work for you
+ Effective productivity/technology tools and training
The pay range for this position is $75,701 - $140,700 with **anticipated pay for new hires between the minimum and midpoint of the range** and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.
**About The Company**
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.
With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.
Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.
Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .
**Be Aware of Fraudulent Recruiting Activities**
If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.
Lincoln will not ask applicants to provide their social security numbers, date of birth,

**Alternate Locations:** Work from Home
**Work Arrangement:**
Remote : Work at home employee
**Relocation assistance:** is not available for this opportunity.
**Requisition #:** 74030
**The Role at a Glance**
This position continuously monitors the alert queue; investigates security alerts; monitors health of security sensors and endpoints; collects data and context necessary to initiate IR response. In addition, the analyst will be responsible for maintaining multiple security technologies for detecting and preventing IT security incidents.
**What you'll be doing**
+ Responsible for correlation and initial triage of security events and indicators generated by security monitoring tools to determining scope, urgency and potential impact.
+ Document incidents from initial detection through final resolution.
+ Perform incident response functions including but not limited to - host-based analysis functions through investigating Windows, Linux, and Mac OS X systems to identify suspicious and malicious activities.
+ Maintain expertise in Operating Systems (Windows/Linux) operations and artifacts to assist in investigations.
+ Ability to analyze different data types from various sources within the enterprise and draw conclusions regarding past and potential current security incidents
+ Provide after-hours (on-call/weekend rotational) support as required to address critical incidents and maintain continuous coverage.
+ Perform threat hunting exercises to proactively and iteratively discover current or historical threats that evade existing security mechanisms and use that information to improve cyber resilience.
+ Create and modify SIEM dashboards to clearly identify scope of findings or monitor activity.
+ Tune and maintain security tool policies (EDR, IPS, Content Filter, etc.) to reduce false positives and improve tool detection capabilities.
**What we're looking for**
+ 3 - 5+ Years Experience with one or more of the following technologies: Endpoint Detection and Response (EDR/XDR) and/or DFIR opensource tools (Ex. Kape, Plaso Log2Timeline, Autopsy, etc.)
+ 3 - 5+ Years Information Security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, system patching, log analysis, intrusion detection, or firewall administration.
+ 4 Year/Bachelor's degree or equivalent work experience
#DICE
**What's it like to work here?**
At Lincoln Financial, we love what we do. We make meaningful contributions each and every day to empower our customers to take charge of their lives. Working alongside dedicated and talented colleagues, we build fulfilling careers and stronger communities through a company that values our unique perspectives, insights and contributions and invests in programs that empower each of us to take charge of our own future.
**What's in it for you:**
+ Clearly defined career tracks and job levels, along with associated behaviors for each of Lincoln's core values and leadership attributes
+ Leadership development and virtual training opportunities
+ PTO/parental leave
+ Competitive 401K and employee benefits ( Free financial counseling, health coaching and employee assistance program
+ Tuition assistance program
+ Work arrangements that work for you
+ Effective productivity/technology tools and training
The pay range for this position is $75,701 - $140,700 with **anticipated pay for new hires between the minimum and midpoint of the range** and could vary above and below the listed range as permitted by applicable law. Pay is based on non-discriminatory factors including but not limited to work experience, education, location, licensure requirements, proficiency and qualifications required for the role. The base pay is just one component of Lincoln's total rewards package for employees. In addition, the role may be eligible for the Annual Incentive Program, which is discretionary and based on the performance of the company, business unit and individual. Other rewards may include long-term incentives, sales incentives and Lincoln's standard benefits package.
**About The Company**
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path to financial security, with products including annuities, life insurance, group protection, and retirement plan services.
With our 120-year track record of expertise and integrity, millions of customers trust our solutions and service to help put their goals in reach.
Lincoln Financial Distributors, a broker-dealer, is the wholesale distribution organization of Lincoln Financial. Lincoln Financial is the marketing name for Lincoln Financial Corporation and its affiliates including The Lincoln National Life Insurance Company, Fort Wayne, IN, and Lincoln Life & Annuity Company of New York, Syracuse, NY. Lincoln Financial affiliates, their distributors, and their respective employees, representatives and/or insurance agents do not provide tax, accounting or legal advice.
Lincoln is committed to creating a diverse and inclusive ( environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Follow us on Facebook ( , X ( , LinkedIn ( , Instagram ( , and YouTube ( . For the latest company news, visit our newsroom ( .
**Be Aware of Fraudulent Recruiting Activities**
If you are interested in a career at Lincoln, we encourage you to review our current openings and apply on our website. Lincoln values the privacy and security of every applicant and urges all applicants to diligently protect their sensitive personal information from scams targeting job seekers. These scams can take many forms including fake employment applications, bogus interviews and falsified offer letters.
Lincoln will not ask applicants to provide their social security numbers, date of birth,