[Remote] Security Response Engineer, Incident Response

Note: The job is a remote job and is open to candidates in USA. Chainlink Labs is the industry-standard oracle platform bringing capital markets on-chain and powering decentralized finance. As a Security Response Engineer, you will own the full security incident response lifecycle, acting as the incident commander and coordinating efforts across diverse environments to improve response capabilities and efficiency.

Responsibilities

• Own and improve the incident response lifecycle: act as incident commander for high-severity incidents
• Join the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidents
• Improve response readiness: create and automate playbooks, conduct tabletop exercises
• Address security telemetry gaps: improve existing or build/deploy new tools
• Increase detection quality: write and tune high-signal detections (in Sigma)
• Proactively identify and implement areas of improvement and modernization

Skills

• Proven incident response leadership: experience as the primary incident commander for high‑severity security incidents involving multiple teams and external stakeholders, and can independently manage incident timelines, decisions, and communications
• Operational rigor and investigation depth: demonstrated experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network based incidents; drives root‑cause analysis and post‑incident action items to completion
• Experience in macOS-heavy environments: has secured and operated a predominantly macOS endpoint fleet: deploying / managing endpoint controls, telemetry collection, and performing investigations on macOS systems
• Collaborative, straightforward communicator: writes clear incident updates and summaries; can explain risk, impact, and trade‑offs to both technical and non‑technical stakeholders; builds trust with partner teams during high‑pressure situations; comfortable handling the regular communication cadence of an incident
• Detections experience: ability to create and refine detections based on investigations and threat intelligence
• Previous coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automations
• Prior success in remote-first environments
• Experience with detections‑as‑code (Sigma) development and workflows
• Domain experience with blockchain/Web3 threats
• Open-source contributions to security related projects

Company Overview