Key skills
Security monitoringDetection engineeringIncident responseThreat huntingSIEM/SOAR platformsDevOps toolsetsProgramming in GolangProgramming in PythonCollaboration skillsCommunication skillsPythonGolangSaaSCommunication
About this role
Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online. As a Senior Security Engineer, you will design and build detection strategies and response playbooks to protect the platform and its customers, shaping the future of security operations at Incode.
Responsibilities:
- Be the first line of defense to protect, detect, respond to, and recover from cyber-attacks in both our corporate and product environments
- Develop and run tools to gather security telemetry data from cloud production systems
- Automate workflows and improve identification and response time for security events
- Build and optimize high signal detections with enriched data and orchestration
- Define and improve processes, procedures, and technologies used for detection and response
- Develop runbooks and incident playbooks for new and existing detections and influence our security operations roadmap
- Lead threat hunting practices, suggest product and infrastructure signals to surface attacks and incorporate findings into security controls
- Research attacker tactics, techniques, and procedures (TTPs) and craft detections to quickly identify and contain potential security threats
- Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently with partners
- Participate in an on-call rotation
- Onboard new systems and services to SIEM and SOAR and build new detection pipelines
- Facilitate incident response processes and tabletop exercises
Requirements:
- Experience as a security engineer, including security monitoring, detection engineering, incident response, and threat hunting in a SaaS company
- Practical understanding of common attacks, adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
- Operating systems internals and forensics experience for macOS, Windows & Linux
- Domain experience managing and working with current SIEM and SOAR platforms, DLP, email security platforms, endpoint protection platforms, secure service edge, etc
- Experience developing tools and automation using common DevOps toolsets and programming languages
- Understanding of malware functionality and persistence mechanisms
- Ability to analyze endpoint, network, and application logs for anomalous events
- Proficiency in programming in Golang or Python
- Excellent collaborative skills
- Outstanding written and verbal communication