AlphaSense · 11 hours ago
Senior Incident Response Engineer
United States
Full-time
Remote
Mid, Senior Level
$128K/yr - $161K/yr
7+ years expAlphaSense is a company that provides AI-driven market intelligence to help professionals make smarter decisions. The Senior Incident Response Engineer will lead the organization's defensive security capabilities, focusing on detection engineering, security orchestration, automation, and response, while co-leading the threat hunting program.
AnalyticsArtificial Intelligence (AI)Machine LearningMarket ResearchSaaSSearch Engine
Responsibilities
Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
Lead detection strategy and architecture aligned with the Detection Quality frameworks
Write high-fidelity detection rules using languages like SIGMA and YARA-L
Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
Conduct detection gap analysis to identify coverage opportunities across the kill chain
Create and maintain detection playbooks, runbooks, and comprehensive documentation
Perform detection quality assessments and continuous improvement initiatives
Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
Develop automated containment actions (account disable, host isolation, firewall rule updates)
Measure and report automation ROI, tracking metrics like time saved and incident handling efficiency
Handle Incident Response processes and procedures as needed
Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planning
Execute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platforms
Analyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activity
Develop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and Velociraptor
Collaborate with threat intelligence sources to incorporate latest TTPs into hunting campaigns
Qualification
Required
7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
Proven experience designing and implementing SOAR platform architecture from concept to production
Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Preferred
Experience with YARA-L
Deep familiarity with Detection Frameworks and detection engineering quality frameworks
Proven track record implementing SOAR platforms from architecture through operationalization, with experience evaluating multiple platforms
Advanced knowledge of CrowdStrike Falcon platform including custom IOA rules
Background in purple team activities, adversary emulation, or red teaming
Experience with CI/CD practices for detection-as-code and automation-as-code
Contributions to open-source security projects or security certifications (GCDA, GCIH, GCIA, GCFA, OSCP, or equivalent)
Knowledge of security data lakes (Snowflake, BigQuery) and experience with threat intelligence platforms (TIP)
Published research, blog posts, or conference presentations on detection engineering, automation, or threat hunting topics
Benefits
Performance-based bonus
Equity
Generous benefits program
Company
AlphaSense
AlphaSense is a platform harnessing AI to deliver insights, helping professionals make informed, impactful decisions. It is a sub-organization of AlphaSense.
1001-5000 employees
H1B Sponsorship
AlphaSense has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (1)
2023 (3)
2022 (3)
2021 (3)
2020 (4)
Funding
Current Stage
Late StageTotal Funding
$1.42BKey Investors
BondCapitalGBlackRock
2024-06-11Series F· $650M
2023-09-28Series E· $150M
2023-04-11Series D· $100M
Leadership Team
Jack Kokko
CEO and Founder
Joe Hill
CFO
Recent News
2026-01-21
Morningstar.com
2025-12-29
Company data provided by crunchbase