This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This isn’t just another security operations role. As the Incident Response & Security Operations Engineer, you will play a critical role in protecting Magnet Forensics by leading security incident response efforts, strengthening operational security practices, and ensuring that detection and response functions work effectively at scale.

You will serve as the central authority during security incidents, coordinating response activities across Information Security, IT, Business Systems, and third‑party security providers. Your work will directly influence how quickly and effectively the organization identifies threats, responds to incidents, and reduces operational risk.

This role blends incident leadership, security operations judgment, and continuous improvement. You’ll be empowered to make decisions, improve processes, and ensure security operations remain resilient as the organization grows.

What You'll Do

• Incident Response Leadership
  • Lead security incidents from initial triage through containment, remediation, recovery, and closure.
  • Assess alert severity, scope, and business impact to determine appropriate response actions.
  • Coordinate response efforts across IT, Business Systems, Compliance, Legal, and other stakeholders as needed.
  • Lead incident bridges and response coordination during active events.
  • Ensure incidents conclude with clear outcomes, documentation, and follow-through.
  • Availability to respond and investigate incidents as part of the 365/24/7 SOC/NOC.
• Managed SOC & Security Service Oversight
  • Own the operational relationship with managed detection and response providers.
  • Review and validate alert quality, relevance, and escalation decisions.
  • Ensure third‑party security services align with Magnet’s risk tolerance and operational needs.
  • Drive improvements in alert routing, escalation paths, response workflows, and automation.
  • Act as the internal authority on what constitutes actionable security signal.
• Security Operations & Vulnerability Effectiveness
  • Ensure vulnerability management and detection processes reduce exposure windows and support timely remediation.
  • Improve visibility into vulnerability trends and patching progress over time.
  • Identify and resolve operational bottlenecks that slow remediation or response efforts.
  • Partner with IT teams to improve workflows, ownership, and accountability.
• Digital Investigation & Forensic Enablement
  • Learn and utilize Magnet Forensics Axiom as part of incident investigation and response activities.
  • Support investigations involving computer, mobile device, and cloud data using a unified forensic platform.
  • Apply Axiom workflows to interrogate and analyze digital evidence during security incidents.
  • Leverage Magnet Axiom microlearning to build practical, real‑world forensic capability.
  • Ensure investigative findings support incident understanding, decision‑making, and documentation.
• Vendor & Tool Accountability
  • Serve as the escalation point for security tooling vendors when issues impact response timelines or risk reduction.
  • Hold vendors accountable to operational expectations and support commitments.
  • Evaluate tooling effectiveness from an operational and risk‑reduction perspective.
  • Ensure security tools integrate cleanly into existing workflows.
• Documentation & Continuous Improvement
  • Produce clear incident documentation including root cause, impact, response actions, and lessons learned.
  • Lead post‑incident reviews and ensure corrective actions are tracked and implemented.
  • Identify recurring incident patterns and drive long‑term improvements to reduce repeat issues.
• Cross‑Functional Communication & Readiness
  • Act as the primary security point of contact during incidents for IT and Business Systems teams.
  • Communicate clearly and calmly during high‑pressure situations.
  • Translate technical security findings into business‑relevant risk and impact.
  • Support readiness activities such as tabletop exercises and response testing.

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent practical experience.
• Demonstrated experience leading or coordinating security incident response efforts.
• Experience working in a co‑managed SOC or managed detection and response environment.
• Broad security operations experience across endpoint, email, identity, vulnerability management, SaaS, and cloud environments.

Requirements

• Strong judgment in assessing alert severity, business impact, and escalation needs.
• Ability to operate effectively with incomplete or ambiguous information.
• Strong written communication skills, including incident summaries and RCA documentation.
• Proven ability to coordinate across multiple teams during operational events.
• Process‑oriented mindset with a focus on continuous improvement.

Benefits

• Generous time off policies.
• Competitive compensation.
• Volunteer opportunities.
• Reward and recognition programs.
• Employee committees & resource groups.
• Healthcare and retirement benefits.