Remote Staff Product Security Engineer, Incident Response Lead

Summary

Join a team of fun, passionate, and highly skilled individuals who like solving security challenges and enjoy learning new skills. As a Staff Sec Ops Engineer, you will lead the Incident Response pillar, driving remediation and response efforts company-wide.

Requirements

• A seasoned Detection and Response Engineer with experience leading investigations and incidents including containment actions and forensics when needed in an engineering focused cloud heavy environment (AWS, EKS experience strongly preferred)
• 7+ years of experience with Detection and Response engineering with a significant focus on leading incidents and crises
• Ability to handle high pressure, complex situations in a calm and thoughtful manner, and when needed be the voice of reason and calm across the incident group
• Strong ability to analyze, parse and correlate information against data from multiple sources and when needed engineer solutions to do the same
• Strong communication skills with the ability to switch communication styles when needed between technical and non-technical audiences
• Demonstrated experience in common Sec Ops tooling including but not limited to: Elastic, Splunk, Hive, Crowdstrike Falcon or similar
• Experience in creating automations to improve IR program workflows and capabilities (Python preferred)
• Experience with developing & supporting native data ingestion and data normalization integrations
• Ability to lead large projects and work with cross functional stakeholders throughout the organization
• Ability to partner with Legal & Compliance teams for relevant incident reporting requirements across regulatory bodies

Responsibilities

• Lead security incident response efforts driving detection & response across the organization through all phases of an incident from identification to post-incident retrospective
• Serve as incident commander in large scale security incidents driving action oriented containment & remediation results
• Be the senior escalation point for the team when needed assisting with investigations and incidents (this is a very hands on role)
• Balance both tactical & strategic thinking in high pressure situations using facts & clear communications to lead the response team to next steps
• Provide briefings, status updates, and advice to a variety of audiences, including technical and executive leadership teams during incidents
• Lead developing and maturing security incident response playbooks and processes
• Contribute to engineering projects which build, maintain and improve our current monitoring, detection & response programs
• Contribute to our detection program by creating advanced detections based on frameworks such as MITRE ATT&CK
• Collaborate with cross functional teams across Affirm and lead key security projects
• Lead incident response training, road shows, and learning sessions across both engineering and non-engineering teams

Benefits

• 100% subsidized medical coverage, dental and vision for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount