Chainlink LabsRemote
Security Response Engineer, Incident Response
United States of America
Full Time
2 weeks ago
Visa Sponsor
Key skills
PythonGoRustOracleBlockchainLeadershipCommunication
About this role
Chainlink Labs is the industry-standard oracle platform powering decentralized finance. As a Security Response Engineer, you will own the full security incident response lifecycle, coordinate high-severity incidents, and improve operational readiness through automation and tool deployment.
Responsibilities:
- Own and improve the incident response lifecycle: act as incident commander for high-severity incidents
- Join the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidents
- Improve response readiness: create and automate playbooks, conduct tabletop exercises
- Address security telemetry gaps: improve existing or build/deploy new tools
- Increase detection quality: write and tune high-signal detections (in Sigma)
- Proactively identify and implement areas of improvement and modernization
Requirements:
- Proven incident response leadership: experience as the primary incident commander for high‑severity security incidents involving multiple teams and external stakeholders, and can independently manage incident timelines, decisions, and communications
- Operational rigor and investigation depth: demonstrated experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network based incidents; drives root‑cause analysis and post‑incident action items to completion
- Experience in macOS-heavy environments: has secured and operated a predominantly macOS endpoint fleet: deploying / managing endpoint controls, telemetry collection, and performing investigations on macOS systems
- Collaborative, straightforward communicator: writes clear incident updates and summaries; can explain risk, impact, and trade‑offs to both technical and non‑technical stakeholders; builds trust with partner teams during high‑pressure situations; comfortable handling the regular communication cadence of an incident
- Detections experience: ability to create and refine detections based on investigations and threat intelligence
- Previous coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automations
- Prior success in remote-first environments
- Experience with detections‑as‑code (Sigma) development and workflows
- Domain experience with blockchain/Web3 threats
- Open-source contributions to security related projects