Staff Cyber Incident Response Security Engineer

Job Summary:

We are seeking an experienced Cyber Incident Response Security Engineer to join our global security team in Newark, CA. This is a critical role within our Cyber Incident Response Team (CIRT), responsible for managing and responding to security incidents across our global operations. You will serve as an escalation point for our 24/7 Security Operations Center (SOC) and play a key role in the automation, orchestration, and enhancement of our security incident response capabilities. This position requires deep expertise in cybersecurity, strong analytical skills, and the ability to work collaboratively in a fast-paced environment. If you thrive in a role where you can actively defend against cyber threats, conduct threat hunting, and drive security automation, this opportunity is for you.  

You will:

Threat Detection & Response – Key Responsibilities   

Incident Response & Escalation 

• Serve as the senior escalation point (Level 3) for high-impact security incidents within the global 24/7 SOC. 
• Lead advanced investigations into sophisticated cyber threats, including malware outbreaks, targeted intrusions, and persistent adversary activity. 
• Provide strategic guidance on containment, eradication, and remediation to minimize business risk and operational disruption. 
• Conduct proactive threat hunting using intelligence-driven and behavior-based analytics to identify hidden adversary activity. 
• Develop, refine, and optimize threat detection rules and signatures to enhance SOC visibility and response accuracy. 
• Analyze emerging threats, leveraging global intelligence sources, and deliver actionable recommendations to strengthen enterprise defenses.  

Security Automation & Orchestration 

• Architect and deploy automated workflows to improve incident triage, enrichment, and response efficiency. 
• Operationalize SOAR platforms to orchestrate end-to-end response processes and reduce mean time to respond (MTTR). 
• Integrate SIEM technologies to optimize log ingestion, correlation, and alerting while reducing false positives.  

Security Tooling & Continuous Improvement 

• Partner with security engineering and architecture teams to enhance detection and response capabilities. 
• Perform root cause analysis of incidents and drive improvements to detection rules, playbooks, and security controls. 
• Continuously evaluate evolving adversary TTPs, industry best practices, and frameworks (e.g., MITRE ATT&CK) to maintain a robust defense posture.  

You bring:

• 8+ years of progressive experience in Threat Detection & Response, Incident Response, or SOC Operations. 
• Strong expertise in investigating malware, BEC, 3rd party supply chain, phishing, insider threats, web-based attacks, and advanced persistent threats (APTs). 
• Hands on experience with industry leading tools, CrowdStrike, Palo alto Networks FW, Netskope, Wiz, Splunk. 
• Proven experience leading Insider threat and Insider Risk Management, and confidential investigation. 
• Proven experience with SIEM platforms, SOAR solutions, and threat intelligence integration. 
• Proficiency in scripting (Python, PowerShell, Bash) to enable automation and custom detections. 
• Deep understanding of adversary tradecraft, MITRE ATT&CK framework, TTPs, and the cyber kill chain. 
• Proficiency in communication and collaboration during and post Incidents. 
• Hands-on experience with cloud environments (AWS, OCI) strongly preferred.  

Preferred Qualifications 

• Experience in the automotive industry or manufacturing environments. 
• Industry-recognized certifications such as GCIH, GCFA, CISSP, CISM, or OSCP highly desirable. 
• Demonstrated ability to operate in a fast-paced, global environment and effectively collaborate across cross-functional teams. 
• Experience integrating SOAR with enterprise SOC operations and threat intelligence platforms.