Partner 20, Staff Engineer, Incident Response

Andreessen Horowitz

$243K — $284K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in incident response with cloud focus (AWS and GCP)
  • Proven experience leading live incidents from alert to post-mortem
  • Capable of conducting proactive threat hunts based on intel
  • Hands-on in detection writing for modern SIEMs (e.g., Sigma, KQL)
  • Strong Python scripting skills for automation
  • Knowledge of security tooling (cloud telemetry, EDR, SIEM)
  • Comfort in fast-paced environments that prioritize business enablement

Responsibilities

  • Manage incident triage and response across cloud and SaaS environments
  • Develop detections for real threats in the SIEM
  • Integrate AI solutions into incident response workflows
  • Collaborate with various teams during incidents for alignment
  • Lead thorough post-mortems for operational improvement
  • Engage with adversaries targeting the venture capital space
  • Shape the future of the SOC environment.

Benefits

  • Participation in a16z carry program
  • Discretionary bonus programs
  • Comprehensive health, dental, and vision insurance
  • Life insurance and disability coverage
  • 401(k) retirement plan options
  • Generous vacation and sick leave policies
Full Job Description
The Role

We're hiring a Staff Incident Response Engineer to anchor a16z's detection and response work. You'll own incident triage and response across AWS and GCP, write the detections that catch real threats in our SIEM, and run point when something serious happens.

The threats here are not theoretical. We see capital call wire fraud attempts, vishing campaigns, social engineering against IT and partners, and occasionally more sophisticated actors (nation-state groups, organized criminal operations) who specifically target venture capital firms. Your work protects the firm, our LPs, and our portfolio companies. You'll work day to day with the Head of Cybersecurity, Security Engineering, IT, and Legal.

This role requires an in-office presence 2 days a week in our San Francisco, CA office.
To join our team, you should be excited to:
  • Run incidents end to end, from first alert to post-mortem, across cloud and SaaS environments
  • Write the detections that catch real threats, with a strong bias toward signal over noise and broad MITRE ATT&CK coverage
  • Help shape the next generation of our SOC, including AI agent integration into triage and response workflows
  • Partner across the firm during incidents: investing teams, Legal, Compliance, Finance, IT, and firm leadership all get pulled in, and this role keeps every audience aligned under pressure
  • Drive post-mortems that lead to operational change, not process for its own sake
  • Work against real adversaries, including nation-state groups, organized criminal operations, and threat actors who specifically target venture capital firms
Minimum Qualifications
  • 5+ years of incident response experience or equivalent demonstrated impact, with cloud IR depth across both AWS and GCP
  • Experience leading live incidents end to end - triage, containment, eradication, forensic investigation, and post-mortem - across cloud, SaaS, identity, and endpoint surfaces
  • Experience running proactive, hypothesis-driven threat hunts using current TTPs and intel
  • Hands-on detection authoring in modern SIEM platforms (Sigma, KQL, or equivalent) and experience working with detection-as-code
  • Experience building detection frameworks and contributing to SIEM architecture decisions
  • Strong Python scripting. This is a role where you build automation, not one where you only operate someone else's
  • Demonstrated capability across modern security tooling categories (cloud telemetry, EDR, SOAR, SIEM). We weight transferable capability over experience with any specific product
  • GCIH or equivalent IR certification preferred
  • Comfortable in a fast-moving environment where security is expected to enable the business
  • Experience defending against nation-state threat actors or organized criminal groups
  • Working knowledge of AI/agent systems and their security implications, particularly in SOC workflows
  • Experience translating the technical reality of an incident (blast radius, containment status, disclosure decisions) into language non-technical stakeholders can act on.
  • Low ego, high empathy, and the capacity to collaborate effectively with diverse teams

The anticipated salary range for this role is between $243,000 - $284,000, actual starting pay may vary based on a range of factors which can include experience, skills, and scope.

This role is eligible to participate in the a16z carry program and various discretionary bonus programs as well as benefit and perquisite plans including health, dental, vision, disability, life insurance, 401K plan, vacation, and sick leave.

Similar Jobs

More Jobs at Andreessen Horowitz

More Information Technology Jobs

Find similar Partner 20, Staff Engineer, Incident Response jobs: