62 Incident Response jobs in San Francisco

Description
Devices and Services Trust and Privacy (DSTP) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30+ Devices and Services (D&S). DSTP offers horizontal services for builders to ensure trust, privacy, and accessibility is built into our products and services. We also build customer-facing capabilities that provides customers with control and transparency and reducing privacy risk, while enabling partner teams to innovate with appropriate guardrails for content moderation, privacy, accessibility, and trust.
The DSTP team is looking for a passionate Security and Privacy Incident Response Engineer who can lead the response to privacy and data protection issues across Devices & Services. You must thrive in dynamic/ambiguous situations, and think like both an attacker and defender, while working through the entire incident response lifecycle. You'll be working in a global team environment where clear and accurate communication and collaboration on privacy and data protection issues is critical.
In this role, you will apply your creative and critical problem solving skills to quickly contain incidents and then work with cross-functional teams to remediate the root cause. You must have a passion for engineering solutions to complex privacy and data governance challenges, and recognize and fill gaps in capabilities. Above all, you should be passionate about privacy, information security, the ever-changing threat landscape and privacy/security automation and tooling.
Key job responsibilities
* Manage escalated privacy and trust risk events/cases from start to finish; write detailed case notes, reports, summaries, short and long-term recommendations, and trade-off analyses for all audiences, including senior leadership.
* Interact with and influence other teams (e.g., service teams, engineering, product, legal); identify experts and stakeholders on other teams to support decisions on containing incidents or mitigating privacy and trust risks; build consensus and recommendations based on analysis of the nature of potential violations to Privacy Policies, Promises, or Legal/Regulatory requirements.
* Own successful delivery of large, impactful, and highly cross-functional program initiatives while simultaneously tracking a set of smaller projects. Demonstrate comfort with handling technical investigations and analysis, and provide actionable recommendations to senior leadership audience with minimal supervision.
* Develop deep knowledge of global privacy and data governance obligations, processes, best practices, and solutions utilized by Amazon. Utilize this knowledge to provide recommendations and consultation to improve DSTP processes and tooling and reduce risk through control automation and enhancements.
* Establish metrics and regular reporting/escalation mechanisms for measuring results, progress, and gaps in performance and compliance.
* Communicate plans, status, and critical issues clearly and effectively.
* Support deep dive assessments and ad-hoc data analysis requests.
A day in the life
This is an inherently cross-functional role where you will work directly with engineers, product managers, policy and compliance specialists, legal, PR, Marketing, and other Amazon builders to help them identify, expediently contain/mitigate privacy incidents and risks, and implement a Privacy by Design and Default culture. You will use your investigative and/or analytical experience and demonstrate your prowess and experience in writing and briefing complex cases. You will track risk assessment, validation, adjudication, and remediation actions, and ensure that teams prioritize and execute those tasks in a timely fashion. You will be responsible for knowing the ins and outs of impacted systems, and ensure the impacted builders/owners follow the correct paths to compliance. You should be comfortable working in a fast-paced, rapidly evolving environment with fast delivery time, rapid iteration, and data-driven decision-making.
About the team
This role is a part of Trust Fundamentals' Privacy GRC team within DSTP, which includes developing a set of processes, tools, and compliance mechanisms to improve leadership decision making and performance through an integrated view of how well D&S manages its unique set of privacy risks.
Our GRC team values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and are building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.
Basic Qualifications
- Bachelor's degree in computer science or equivalent
- 5+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTestPreferred Qualifications
- Experience applying threat modeling or other risk identification techniques or equivalent
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Experience in Security and Privacy Incident Response and proficiency in at least one of the following domains: Malware Analysis / Reverse Engineering; Digital Forensics; Security and Privacy Tool Development & Automation; Programming/Scripting; Data Protection; Identity and Access Management.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company's reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Our client, a leading cybersecurity solutions provider, is seeking a highly skilled and experienced Lead Incident Response Specialist to join their elite security team in San Francisco, California, US . This critical role is at the forefront of protecting digital assets, responding to sophisticated cyber threats, and minimizing the impact of security incidents. The ideal candidate will possess deep expertise in incident handling, forensic analysis, and security operations. You will be responsible for leading complex investigations, developing response strategies, and mentoring junior team members in a fast-paced and high-stakes environment.

Key Responsibilities:

• Lead and manage the full lifecycle of security incidents, from detection and analysis to containment, eradication, recovery, and post-incident review.
• Conduct advanced forensic analysis on compromised systems, networks, and cloud environments to identify root causes, indicators of compromise (IOCs), and attack methodologies.
• Develop and implement incident response plans, playbooks, and standard operating procedures (SOPs) to enhance response capabilities.
• Utilize various security tools and technologies, including SIEM, EDR, network forensic tools, and threat intelligence platforms.
• Mentor and provide technical guidance to junior incident responders and security analysts.
• Collaborate with cross-functional teams, including IT, legal, and compliance, during incident investigations and remediation efforts.
• Prepare detailed incident reports, executive summaries, and technical documentation for internal and external stakeholders.
• Stay abreast of the latest cyber threats, attack techniques, and defensive strategies, proactively enhancing the organization's security posture.
• Participate in security assessments, vulnerability management, and penetration testing initiatives to identify weaknesses.
• Contribute to the continuous improvement of the incident response program, including automation and integration efforts.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• Minimum of 7-10 years of experience in information security, with at least 4-5 years specifically in incident response or digital forensics.
• Proven experience leading complex security incident investigations and managing response efforts.
• Expertise in forensic tools (e.g., EnCase, FTK, Volatility), network analysis tools (e.g., Wireshark), and SIEM platforms (e.g., Splunk, QRadar).
• Strong understanding of common attack vectors, malware analysis, adversary tactics, techniques, and procedures (TTPs).
• Relevant certifications such as GCIH, GCFA, GNFA, OSCP, or CISSP are highly desirable.
• Excellent analytical, problem-solving, and critical thinking skills under pressure.
• Strong communication and interpersonal skills, capable of explaining complex technical issues to non-technical audiences.
• Ability to work independently and as part of a highly collaborative team.
• Experience with cloud security (AWS, Azure, GCP) incident response is a plus.

What Our Client Offers:

• Highly competitive salary and performance-based bonuses.
• Comprehensive health, dental, and vision insurance with premium coverage.
• Generous paid time off, including vacation, sick leave, and holidays.
• Robust 401(k) retirement plan with strong company matching.
• Significant opportunities for professional development, advanced certifications, and career growth.
• A challenging, fast-paced, and highly collaborative security team environment.
• Exposure to cutting-edge cybersecurity technologies and evolving threat landscapes.
• Flexible hybrid work options.

If you are a driven and expert Incident Response professional ready to tackle the most sophisticated cyber threats, we encourage you to apply. Join our client's elite team in San Francisco, California, US , and protect critical infrastructure.

We are seeking highly skilled Security Engineers with a specialty in Detection and Incident Response to join our Security Engineering team. These roles are crucial in ensuring the rapid and effective response to digital security incidents across Scale. You will perform incident investigations, implement response strategies, and influence our overall incident management approach. Your expertise in digital forensics, threat hunting, malware analysis, and incident response tools will be essential in identifying and mitigating potential security threats. You will also structure complex incidents, diagnose root causes independently, and clearly explain the mechanics and significance of security breaches, including their impact and recommended remediation steps.

You will:

• Perform digital incident investigations to identify and contain potential security breaches.
• Evaluate and enhance our incident response capabilities through process improvements and detection tool implementations.
• Implement and maintain incident response playbooks and workflows.
• Perform digital forensics and malware analysis to understand attack vectors and methodologies.
• Utilize threat intelligence platforms to enhance our detection and response capabilities.
• Guide IT and security teams in implementing robust long-term solutions that improve incident prevention and response, including hunting logging or forensics gaps.
• Clearly explain the mechanics and significance of security incidents, including their potential impact and recommended remediation steps.
• Influence the incident response strategy and direction of the team, advocating for best practices and continuous improvement.

Ideally, you'd have:

• Proven experience as a Security Engineer with an emphasis on Detection Engineering, Incident Response, and Investigations.
• Proficiency in digital forensics tools and techniques.
• Strong understanding of modern cyber threats and attack methodologies.
• Production experience with SIEM and EDR tools.
• Hands-on experience with malware analysis and reverse engineering.
• Familiarity with threat intelligence platforms and their integration into incident response processes.
• The ability to structure complex incidents and diagnose root causes independently, providing actionable insights without requiring manager input.
• Excellent communication skills, with the ability to clearly present technical findings and their implications to both technical and non-technical stakeholders.
• Demonstrated ability to influence incident response strategies and drive improvements within a team.
• Relevant security certifications (e.g., GCFA, GCIA, GCIH, CISSP) are a plus.
• Experience in a senior or lead incident response role is preferred.

Scale has openings for both Senior and Mid-Level experience levels. Both are encouraged to apply for this opening.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You'll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is: $188,000—$254,400 USD

PLEASE NOTE: Our policy requires a 90-day waiting period before reconsidering candidates for the same role. This allows us to ensure a fair and thorough evaluation of all applicants.

About Us:

At Scale, we believe that the transition from traditional software to AI is one of the most important shifts of our time. Our mission is to make that happen faster across every industry, and our team is transforming how organizations build and deploy AI. Our products power the world's most advanced LLMs, generative models, and computer vision models. We are trusted by generative AI companies such as OpenAI, Meta, and Microsoft, government agencies like the U.S. Army and U.S. Air Force, and enterprises including GM and Accenture. We are expanding our team to accelerate the development of AI applications.

We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status.

We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at Please see the United States Department of Labor's Know Your Rights poster for additional information.

We comply with the United States Department of Labor's Pay Transparency provision .

PLEASE NOTE: We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services, and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.

About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine's Top Company Cultures list and ranked among the World's Most Innovative Companies by Fast Company.

We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team. We hire the best people based on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us!

Role Summary

Team Mission

The Security Response Team's mission is to systematically respond to security threats safeguarding Cloudflare. We operate 24/7 across the globe to respond to security incidents, continuously improve our response capabilities, lead digital investigations and enhance our overall security posture. Our Cloudflare on Cloudflare, data and automation first philosophy makes us a cohesive team with high impact.

The Role

This intermediate role on the Security Response Team focuses on refining security processes and leading critical incidents-from threat detection and cyber-attack analysis to containment and forensics. This role collaborates with IT, Engineering, Product, and Legal teams to build scalable response frameworks, leveraging expertise in tooling, automation, custom log analysis, and SIEM systems. Additionally, it requires effective communication of technical topics based on business requirements and participation in a shared on-call rotation with rotating weekend and holiday shifts.

Responsibilities

Security Operations

• Oversee security event triage, validation, and response workflows, ensuring timely investigation of high-priority alerts and security anomalies.


• Collaborate with detection engineers and threat intelligence teams to refine investigative signals and improve security visibility.


• Maintain incident management processes, ensuring incidents are properly categorized, documented, and escalated as needed.


• Perform continuous operational improvements, such as tuning detection rules, optimizing log ingestion, and enhancing alert enrichment pipelines.


• Conduct security gap analysis, identifying weaknesses in monitoring coverage and recommending solutions to enhance detection and response capabilities.


• Work closely with engineering and infrastructure teams to improve log collection, normalization, and visibility across diverse environments.


• Ensure adherence to incident response playbooks, compliance standards, and security best practices (e.g., CISA, GDPR, NIST, ISO 27001).

Incident Investigation & Threat Hunting

• Lead forensic investigations into intrusions, insider threats, APTs, and account compromises.


• Perform log analysis, correlation, and anomaly detection across endpoint, network, and cloud telemetry.


• Use Python, SQL, and data engineering techniques to extract insights from large-scale logs, identifying attacker TTPs and movement across environments.


• Investigate real-time security incidents, working closely with detection teams to validate alerts and escalate threats.


• Conduct post-incident analysis to determine root causes, document findings, and recommend mitigation strategies.

Security Monitoring & Continuous Threat Analysis

• Oversee security monitoring operations, ensuring alert triage, enrichment, and validation align with investigative workflows.


• Optimize SIEM queries, log ingestion pipelines, and case management systems to improve threat visibility.


• Develop playbooks and workflows to streamline investigations and reduce manual effort in repetitive tasks.


• Maintain Standard Operating Procedures (SOPs) for effective response to security alerts and ongoing monitoring.


• Collaborate with the Detection Engineering team to refine detection rules and investigative signals based on real-world attack patterns.

Security Engineering & Automation for Investigations

• Engineer automated solutions to enhance investigation efficiency, such as log parsing scripts, data enrichment tools, and case correlation frameworks.


• Build log analysis pipelines for efficient parsing, enrichment, and correlation of multi-source security data.


• Develop custom detection logic for brute-force attempts, lateral movement, and anomaly-based intrusion detection.


• Automate threat intelligence enrichment, real-time event processing, and security data visualization.


• Engineer scalable solutions for PCAP analysis, network flow monitoring, and cloud security event detection.

Forensic Analysis & Threat Intelligence Correlation

• Perform disk, memory, and network forensics to uncover hidden indicators of compromise (IOCs) and attacker behaviors.


• Correlate multi-source logs (firewall, EDR, web, authentication logs, cloud telemetry) to reconstruct attack chains and identify attacker footholds.


• Analyze network traffic (PCAP, NetFlow, proxy logs) to detect exfiltration attempts, lateral movement, and suspicious patterns.


• Use threat intelligence APIs (e.g., VirusTotal, AbuseIPDB) to enrich investigations and automate IOC processing.

Must-Have Qualifications

• 3+ years of experience in incident response, security operations, and forensic analysis.


• Proven ability to lead crisis situations, make data-driven security decisions, and drive technical and operational improvements.


• Strong expertise in incident management, root cause analysis, and forensic investigation methodologies.


• Hands-on experience with SIEM (SQL, ELK, etc), SOAR, and EDR (CrowdStrike,) for real-time security monitoring and response.


• Expertise in cloud security (AWS, GCP, Azure) and containerized workloads (Kubernetes, Docker) security incident handling.


• Experience managing large-scale security incidents, ensuring effective escalation, resolution, and business alignment.


• Proficiency in OKR methodologies, Agile workflows, and project prioritization strategies.


• Strong understanding of threat intelligence, attacker tactics (MITRE ATT&CK), and real-world attack chains.

Nice-to-Have Qualifications

• Certifications: GCFA, GNFA, GREM, GCIH, or equivalent forensic/security certifications.


• Familiarity with SOAR platforms and security case management automation.


• Experience in Red Teaming, Threat Intelligence, or Malware Analysis.


• Understanding of cloud-native security monitoring (AWS, GCP, Azure).
  Compensation


• For Texas based hires: Estimated annual salary of $115,000-$141,000.
  

  Equity

  
  

  This role is eligible to participate in Cloudflare's equity plan.

  
  
  
  
  • 
    
    
    
    • 
      

      Benefits

      
      

      Cloudflare offers a complete package of benefits and programs to support you and your family. Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun! The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

      
      

      Health & Welfare Benefits

      
      
      
      
      • Medical/Rx Insurance
      
      
      • Dental Insurance
      
      
      • Vision Insurance
      
      
      • Flexible Spending Accounts
      
      
      • Commuter Spending Accounts
      
      
      • Fertility & Family Forming Benefits
      
      
      • On-demand mental health support and Employee Assistance Program
      
      
      • Global Travel Medical Insurance
      
      
      
      

      Financial Benefits

      
      
      
      
      • Short and Long Term Disability Insurance
      
      
      • Life & Accident Insurance
      
      
      • 401(k) Retirement Savings Plan
      
      
      • Employee Stock Participation Plan
      
      
      
      

      Time Off

      
      
      
      
      • Flexible paid time off covering vacation and sick leave
      
      
      • Leave programs, including parental, pregnancy health, medical, and bereavement leave
      
      
      
      
    
    
    
    
  
  
  
  

What Makes Cloudflare Special?

We're not just a highly ambitious, large-scale technology company. We're a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

Project Galileo : Since 2014, we've equipped more than 2,400 journalism and civil society organizations in

We are seeking a highly skilled Senior Incident Response Engineer to join our Security Engineering team. This role is crucial in ensuring the rapid and effective response to digital security incidents across our organization. You will lead incident investigations, implement response strategies, and influence our overall incident management approach. Your expertise in digital forensics, threat hunting, malware analysis, and incident response tools will be essential in identifying and mitigating potential security threats. You will also structure complex incidents, diagnose root causes independently, and clearly explain the mechanics and significance of security breaches, including their impact and recommended remediation steps.

You will:

• Lead digital incident investigations to identify and contain security breaches.


• Evaluate and enhance our incident response capabilities through process improvements and tool implementations.


• Implement and maintain incident response playbooks and workflows.


• Perform digital forensics and malware analysis to understand attack vectors and methodologies.


• Utilize threat intelligence platforms to enhance our detection and response capabilities.


• Guide IT and security teams in implementing robust long-term solutions that improve incident prevention and response, including hunting logging or forensics gaps.


• Clearly explain the mechanics and significance of security incidents, including their potential impact and recommended remediation steps.


• Influence the incident response strategy and direction of the team, advocating for best practices and continuous improvement.

Ideally, you'd have:

• Proven experience as an Incident Response Engineer with a focus on digital security.


• Proficiency in digital forensics tools and techniques.


• Strong understanding of modern cyber threats and attack methodologies.


• Production experience with SIEM and EDR tools.


• Hands-on experience with malware analysis and reverse engineering.


• Familiarity with threat intelligence platforms and their integration into incident response processes.


• You can structure complex incidents and diagnose root causes independently, providing actionable insights without requiring manager input.


• Excellent communication skills, with the ability to clearly present technical findings and their implications to both technical and non-technical stakeholders.


• Demonstrated ability to influence incident response strategies and drive improvements within a team.


• Relevant security certifications (e.g., GCFA, GCIA, GCIH, CISSP) are a plus.


• Experience in a senior or lead incident response role is preferred.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You'll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

Please reference the job posting's subtitle for where this position will be located. For pay transparency purposes, the base salary range for this full-time position in the locations of San Francisco, New York, Seattle is:

$188,000 — $254,400 USD

PLEASE NOTE: Our policy requires a 90-day waiting period before reconsidering candidates for the same role. This allows us to ensure a fair and thorough evaluation of all applicants.

About Us:

At Scale, we believe that the transition from traditional software to AI is one of the most important shifts of our time. Our mission is to make that happen faster across every industry, and our team is transforming how organizations build and deploy AI. Our products power the world's most advanced LLMs, generative models, and computer vision models. We are trusted by generative AI companies such as OpenAI, Meta, and Microsoft, government agencies like the U.S. Army and U.S. Air Force, and enterprises including GM and Accenture. We are expanding our team to accelerate the development of AI applications.

We believe that everyone should be able to bring their whole selves to work, which is why we are proud to be an inclusive and equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability status, gender identity or Veteran status.

We are committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. If you need assistance and/or a reasonable accommodation in the application or recruiting process due to a disability, please contact us at Please see the United States Department of Labor's Know Your Rights poster for additional information.

We comply with the United States Department of Labor's Pay Transparency provision .

PLEASE NOTE: We collect, retain and use personal data for our professional business purposes, including notifying you of job opportunities that may be of interest and sharing with our affiliates. We limit the personal data we collect to that which we believe is appropriate and necessary to manage applicants' needs, provide our services, and comply with applicable laws. Any information we collect in connection with your application will be treated in accordance with our internal policies and programs designed to protect personal data. Please see our privacy policy for additional information.

#J-18808-Ljbffr

At Gilead, we're creating a healthier world for all people. For more than 35 years, we've tackled diseases such as HIV, viral hepatitis, COVID-19 and cancer - working relentlessly to develop therapies that help improve lives and to ensure access to these therapies across the globe. We continue to fight against the world's biggest health challenges, and our mission requires collaboration, determination and a relentless drive to make a difference.
Every member of Gilead's team plays a critical role in the discovery and development of life-changing scientific innovations. Our employees are our greatest asset as we work to achieve our bold ambitions, and we're looking for the next wave of passionate and ambitious people ready to make a direct impact.
We believe every employee deserves a great leader. People Leaders are the cornerstone to the employee experience at Gilead and Kite. As a people leader now or in the future, you are the key driver in evolving our culture and creating an environment where every employee feels included, developed and empowered to fulfil their aspirations. Join Gilead and help create possible, together.
**Job Description**
**POSITION SUMMARY**
As a Cyber Security Incident Response Lead, you will be at the forefront of our organization's defense against Cyber threats. This hands-on technical role requires a seasoned Cybersecurity professional with extensive experience in Threat detection & Incident response, a strategic mindset, and the ability to guide and mentor other response teams. Your core role will be to orchestrate the response to complex cybersecurity incidents, ensuring effective mitigation strategies, and contributing to the enhancement of our overall cyber resilience. A key responsibility is to continually assess security monitoring effectiveness and to make recommendations to improve Cyber Security Incident Response capabilities. This position reports to the Director of Cyber Fusion Center (Global Cyber Security Operations) and works closely with key stakeholders in incident response roles company wide.
**_Office Location: Foster City, CA (preferred) or Raleigh, NC_**
**ESSENTIAL JOB FUNCTIONS**
+ Extensive knowledge and experience in handling Cyber Security threats and Incident response activities including Detection, Triage, Investigation, Remediation and Recovery from security issues.
+ Extensive experience as Security Incident commander, leading security investigations while liaising with IT Operations, legal, and business teams through security incidents
+ Extensive experience with designing, implementing, and optimizing a Security Incident Response process
+ Extensive experience with designing and implementing SOC and IR technologies including SIEM, EDR, UEBA, among other capabilities
+ Monitor security events to detect threats and analyze situations in context to detect advanced threats.
+ Alerts analysis
+ Investigate Incidents
+ Analyze Malware
+ Develop Security Operations Center detection tools, rules and intelligence to improve detection & investigation efficiency of the Center.
+ Assess new technologies, tests them in a lab environment and proposes them for SOC improvement.
+ Operate Security Operations Center devices to ensure high availability and security.
+ Maintain and operate SOC network, systems, workstations and other technical components.
+ On-call availability outside business hours.
**REQUIRED SKILLS & JOB QUALIFICATIONS**
+ Minimum 8+ years of IT experience with progressive responsibilities, and with at least 5 years of Cyber Security experience.
+ Security professional with a strong technical background in Cyber Security, Windows / Linux, Network Security, Security Operations Center (SOC), Cloud Security (AWS, Azure), MITRE ATT&CK or similar frameworks, Threat Analysis, IT Operations and Incident response
+ Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience.
+ Ability to create or review procedures for protection of systems and applications.
+ Knowledge of information security principles, concepts, practices, systems software, database software, and immediate access storage technology to carry out activities relating to security certification and accreditation.
+ Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.
+ Recommends and coordinates the application of fixes, patches, & recovery procedures in the event of a security breach.
+ Experience with security tools and platforms including SIEM, IPS/IDS, Endpoint and Server protection, Network protection, Firewalls, etc.
+ Extensive experience in Cyber threat and vulnerability analysis and remediation.
+ Forensic examination and data preservation.
+ Significant experience doing internal and external penetration testing (red / blue / purple team experience)
+ Very strong security awareness and knowledge.
+ Strong understanding of key infrastructure systems (Active Directory, Windows/Linux, Databases, Cloud systems)
+ Ability to multitask and manage multiple topics and demands concurrently.
+ Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management.
+ Prior working experience in a Pharmaceutical company is a plus.
+ Performs other duties as assigned.
Preferred Skills:
Proficiency in digital forensics, malware analysis, and threat hunting.
Experience with threat intelligence platforms and attack frameworks.
Familiarity with Cloud security threat detection and monitoring best practices.
**EDUCATION & CERTIFICATION**
+ High School Degree and Twelve Years Experience OR Associate's Degree and Ten Years Experience OR Bachelor's Degree and Eight Years Experience OR Master's Degree and Six Years Experience OR PhD
+ Information Security Certification (CISSP, GSEC, GPEN, CEH, etc.) or other related security certification is highly desired.
+ Microsoft, AWS, Linux, Unix, and Cisco certifications would be an asset
People Leader Accountabilities:
-Create Inclusion - knowing the business value of diverse teams, modeling inclusion, and embedding the value of diversity in the
way they manage their teams.
-Develop Talent - understand the skills, experience, aspirations and potential of their employees and coach them on current
performance and future potential. They ensure employees are receiving the feedback and insight needed to grow, develop and
realize their purpose.
-Empower Teams - connect the team to the organization by aligning goals, purpose, and organizational objectives, and holding
them to account. They provide the support needed to remove barriers and connect their team to the broader ecosystem.
The salary range for this position is:
Bay Area: $169,320.00 - $19,120.00.
Raleigh: 146,200.00 - 189,200.00.
Gilead considers a variety of factors when determining base compensation, including experience, qualifications, and geographic location. These considerations mean actual compensation will vary. This position may also be eligible for a discretionary annual bonus, discretionary stock-based long-term incentives (eligibility may vary based on role), paid time off, and a benefits package. Benefits include company-sponsored medical, dental, vision, and life insurance plans*.
For additional benefits information, visit:
Eligible employees may participate in benefit plans, subject to the terms and conditions of the applicable plans.
**For jobs in the United States:**
Gilead Sciences Inc. is committed to providing equal employment opportunities to all employees and applicants for employment, and is dedicated to fostering an inclusive work environment comprised of diverse perspectives, backgrounds, and experiences. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, sex, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job related characteristics or other prohibited grounds specified in applicable federal, state and local laws. In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans' Readjustment Act of 1974, and Title I of the Americans with Disabilities Act of 1990, applicants who require accommodation in the job application process may contact for assistance.
For more information about equal employment opportunity protections, please view the 'Know Your Rights' ( poster.
NOTICE: EMPLOYEE POLYGRAPH PROTECTION ACT ( RIGHTS UNDER THE FAMILY AND MEDICAL LEAVE ACT
PAY TRANSPARENCY NONDISCRIMINATION PROVISION ( environment respects individual differences and recognizes each employee as an integral member of our company. Our workforce reflects these values and celebrates the individuals who make up our growing team.
Gilead provides a work environment free of harassment and prohibited conduct. We promote and support individual differences and diversity of thoughts and opinion.
**For Current Gilead Employees and Contractors:**
Please apply via the Internal Career Opportunities portal in Workday.
Gilead Sciences, Inc. is a biopharmaceutical company that has pursued and achieved breakthroughs in medicine for more than three decades, with the goal of creating a healthier world for all people. The company is committed to advancing innovative medicines to prevent and treat life-threatening diseases, including HIV, viral hepatitis and cancer. Gilead operates in more than 35 countries worldwide, with headquarters in Foster City, California.

Do you want to help make the world safe from cyber attack?

At Corelight, we believe that the best approach to cybersecurity risk starts with the network. Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse. Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use, Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights. Our customers use these insights to speed incident response and proactively hunt for threats.

We are looking for a cybersecurity and enterprise platform veteran to join our Product Management Team. Investigator is our SaaS platform for the enterprise SOC. This person will play a critical role in ensuring Investigator meets the needs of all enterprises. This will include advancing capabilities in policy management, asset databases, and policy configuration and optimization. This person will work closely with customer SOC Managers, CISOs, and oversight roles to ensure Investigator, as a SaaS platform, meets enterprise compliance and operational needs.

As part of the Investigator Product Management team, you will work with engineers, UX designers, and fellow Product Managers to define and execute our roadmap. Your focus will be on general platform features, policy assignment, policy tuning, alert prioritization, and building a centralized asset database that drives everything from policy assignment to triage context. You will drive execution to deliver scalable, high-impact solutions that simplify enterprise security operations.

Responsibilities

• Own the policy and asset database roadmap within the Investigator platform, ensuring device groups and policy assignment work seamlessly together.
• Develop tuning mechanisms that maximize granular tuning of policy quickly and easily.
• Develop custom prioritization engines with great defaults but a focus on putting the power in the customer’s hands.
• Build out powerful CMDB/CAASM-like asset management capabilities to improve everything from policy assignment to triage context.
• Work with SOC teams and CISOs to validate policy workflows and ensure the platform meets oversight and compliance needs.
• Collaborate with sales and customers to prioritize features that have the biggest impact on security operations.
• Write detailed product requirements, ensuring engineering has a clear understanding of expectations.
• Work closely with team members to ensure policy workflows support effective detection and investigation processes.
• Drive executive reporting to support SOC leadership in tracking detection effectiveness.

Required Qualifications

• 5+ years of experience in cybersecurity, with a strong focus on enterprise security workflows, policy management, or asset intelligence.
• 3+ years in product management or a similar role, driving roadmap and feature execution.
• Experience with security operations (SOC), including detection tuning, policy frameworks, and compliance needs.
• Strong understanding of network security monitoring, intrusion detection, and enterprise security architecture.
• Familiarity with CMDB, CAASM, or asset intelligence tools and their role in security operations.
• Strong knowledge of SOC workflows and security event triage processes.
• Experience working with enterprise IT/security leaders (CISO, SOC Managers, Compliance Teams) to align security policies with operational needs.
• Ability to work cross-functionally with engineering, UX, and customers to deliver scalable solutions.

Preferred Qualifications

• Experience as a Product Owner/Product Manager in an Agile/Scrum environment.
• Excellent communication skills with experience collaborating across UX, engineering, and security teams.
• Familiarity with data analytics, AI-assisted security decision-making, and automation.
• Experience with building and shipping SaaS-based security services.
• Education: Degrees in Computer Science, Cybersecurity, or related technical disciplines (or equivalent experience).

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel, and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security, and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we are proud of our diversity of background and thought, and we’re united by our strong shared culture and values.

We are looking forward to meeting you. Check us out at

#J-18808-Ljbffr

Senior Cyber Security Analyst (Incident Response)

Department: Security Operations

Employment Type: Full Time

Location: Remote

Reporting To: Cris Hamilton

Description

Position Overview

We are seeking a Senior Security Incident Response Analyst to join our growing Cybersecurity team. The ideal candidate will have extensive hands-on experience in detecting, responding to, and remediating sophisticated cyber threats using industry-leading tools, particularly EDR platforms. This role requires a deep technical background in both offensive and defensive security, forensic analysis, and threat hunting. The successful candidate will serve as a senior technical escalation point for complex incidents and help drive continuous improvement of our incident response capabilities.

**Must be located in Costa Rica**

Key Responsibilities

• Lead and conduct advanced investigations into security incidents using EDR, Network traffic analysis, and Forensic tools.
• Perform root cause analysis and develop mitigation strategies for complex cyber threats, including APTs, malware outbreaks, insider threats, ransomware, encryption, data exfil activities and others.
• Act as a technical escalation point during major security incidents, providing in-depth knowledge of tools, techniques, and procedures (TTPs) used by threat actors.
• Conduct deep dive investigations and threat hunting activities to detect and respond to anomalies and early indicators of compromise (IOCs), using EDRs products. (Mostly MS Defender).
• Perform memory, disk, and log forensics using tools such as Volatility, Autopsy, and Windows/Linux forensic utilities.
• Develop and refine incident response runbooks, playbooks, and standard operating procedures (SOPs).
• Contribute with IR Partners by leveraging offensive and threat hunting security knowledge.
• Assist with post-incident reviews and lessons learned to improve detection and response strategies.
• Mentor junior IR analysts.
• Stay current with the threat landscape, emerging attack techniques, and relevant security technologies.

Skills Knowledge and Expertise

• Experience: Minimum 5+ years in a dedicated Incident Response or Security Operations role, with hands-on investigative experience using advanced EDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, etc.).
• Technical Security Skills:
• Defensive: Malware analysis, memory forensics, log analysis, endpoint and network triage.
• Offensive: Understanding of exploitation techniques, red teaming, vulnerability assessment, and attack simulations.
• Certifications: One or more of the following is required or highly preferred:
• GIAC GCFA / GCIA / GCIH / GNFA
• OSCP / OSCE / GPEN
• Microsoft SC-200 / MS Defender-specific certifications
• OWASP or web application security certifications
• Networking and Systems Expertise:
• Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, SMTP, etc.)
• Proficiency in analyzing packet captures and netflow data (e.g., Wireshark, Zeek)
• Deep understanding of Windows, Linux, and cloud environments (AWS, Azure)
• Knowledge of IR Frameworks: NIST 800-61, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain.
• Scripting and Automation: Python, PowerShell, Bash, or equivalent scripting languages for automating investigation and response tasks.

Why DeepSeas?

At Deep Seas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren’t Deep Seas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are:

• We are client obsessed.
• We stand in solidarity with our teammates.
• We prioritize personal health and well-being.
• We believe in the power of diversity.
• We solve hard problems at the speed of cyber.

This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let’s talk!

Information security is everyone’s responsibility:

• Understanding and following DeepSeas’s information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas’s information security.
• Actively participating in DeepSeas’s efforts to maintain and improve information security.
• DeepSeas considers this position is as Moderate Risk with a potential to view/access/download restricted/private client/internal data. This information must be treated with Sensitivity and in the most secure manner. HR reserves the right to perform random background/drug Screens to ensure the safety of client/DeepSeas data

#J-18808-Ljbffr

Senior Cyber Security Analyst (Incident Response)

Department : Security Operations

Employment Type : Full Time

Location : Remote

Reporting To : Cris Hamilton

Description

Position Overview

We are seeking a Senior Security Incident Response Analyst to join our growing Cybersecurity team. The ideal candidate will have extensive hands-on experience in detecting, responding to, and remediating sophisticated cyber threats using industry-leading tools, particularly EDR platforms. This role requires a deep technical background in both offensive and defensive security, forensic analysis, and threat hunting. The successful candidate will serve as a senior technical escalation point for complex incidents and help drive continuous improvement of our incident response capabilities.

Must be located in Costa Rica

Key Responsibilities

• Lead and conduct advanced investigations into security incidents using EDR, Network traffic analysis, and Forensic tools.
• Perform root cause analysis and develop mitigation strategies for complex cyber threats, including APTs, malware outbreaks, insider threats, ransomware, encryption, data exfil activities and others.
• Act as a technical escalation point during major security incidents, providing in-depth knowledge of tools, techniques, and procedures (TTPs) used by threat actors.
• Conduct deep dive investigations and threat hunting activities to detect and respond to anomalies and early indicators of compromise (IOCs), using EDRs products. (Mostly MS Defender).
• Perform memory, disk, and log forensics using tools such as Volatility, Autopsy, and Windows / Linux forensic utilities.
• Develop and refine incident response runbooks, playbooks, and standard operating procedures (SOPs).
• Contribute with IR Partners by leveraging offensive and threat hunting security knowledge.
• Assist with post-incident reviews and lessons learned to improve detection and response strategies.
• Mentor junior IR analysts.
• Stay current with the threat landscape, emerging attack techniques, and relevant security technologies.

Skills Knowledge and Expertise

• Experience : Minimum 5+ years in a dedicated Incident Response or Security Operations role, with hands-on investigative experience using advanced EDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, etc.).
• Technical Security Skills :
• Defensive : Malware analysis, memory forensics, log analysis, endpoint and network triage.
• Offensive : Understanding of exploitation techniques, red teaming, vulnerability assessment, and attack simulations.
• Certifications : One or more of the following is required or highly preferred :
• GIAC GCFA / GCIA / GCIH / GNFA
• OSCP / OSCE / GPEN
• Microsoft SC-200 / MS Defender-specific certifications
• OWASP or web application security certifications
• Networking and Systems Expertise :
• Strong understanding of network protocols (TCP / IP, DNS, HTTP / S, SMTP, etc.)
• Proficiency in analyzing packet captures and netflow data (e.g., Wireshark, Zeek)
• Deep understanding of Windows, Linux, and cloud environments (AWS, Azure)
• Knowledge of IR Frameworks : NIST 800-61, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain.
• Scripting and Automation : Python, PowerShell, Bash, or equivalent scripting languages for automating investigation and response tasks.

Why DeepSeas?

At Deep Seas, we like to say that heart rates go down, careers take off, and security programs mature. Our values provide the ultimate guide for our daily behavior and decisions. Without these values, we aren't Deep Seas. They preserve the essence of our organization, reflect the personalities of our Deeps (how we affectionately refer to our teammates), and enable us to exceed expectations. Our values are :

• We are client obsessed.
• We stand in solidarity with our teammates.
• We prioritize personal health and well-being.
• We believe in the power of diversity.
• We solve hard problems at the speed of cyber.

This is your chance to join a supportive crew of teammates and an industry-leading organization that values opportunities for growth. If DeepSeas sounds like a good fit for you, send us your resume and let's talk!

Information security is everyone's responsibility :

• Understanding and following DeepSeas's information security policies and procedures.
• Remaining vigilant and reporting any suspicious activity or possible weaknesses in DeepSeas's information security.
• Actively participating in DeepSeas's efforts to maintain and improve information security.
• DeepSeas considers this position is as Moderate Risk with a potential to view / access / download restricted / private client / internal data. This information must be treated with Sensitivity and in the most secure manner. HR reserves the right to perform random background / drug Screens to ensure the safety of client / DeepSeas data

J-18808-Ljbffr

Create a job alert for this search

Incident Response Analyst • San Diego, CA, US

#J-18808-Ljbffr