Role Scope- - Lead incident response end to end across corporate, cloud, and data center environments, from detection and containment through eradication and post-incident review.
- - Build the detection logic, response playbooks, and forensic tooling for an environment where the assets under threat are the most targeted model weights in technology.
- - Run investigations across a threat surface measured in gigawatts, correlating signals from cloud, endpoint, network, and physical systems into a single picture of an attack.
- - Stand up the incident response function from the ground up, defining severity models, on-call rotations, and the escalation path to leadership.
- - Turn each incident into a permanent improvement by partnering with the security and IT teams to close the gaps your investigations surface.
What We're Looking For- **The below is a starting point. We always make space for exceptional people, so if you don't fit this role exactly, tell us where you would.**
- - You've personally led major security incidents from first alert to resolution, making containment calls under pressure with the business watching.
- - You've built detection logic and response playbooks that caught real intrusions, not just theoretical ones.
- - You've run digital forensics across cloud, endpoint, and network evidence and reconstructed what an attacker actually did.
- - You've stood up or substantially rebuilt an incident response program rather than only operating inside someone else's.
- - You've hunted for threats proactively and found activity that existing tooling missed.
- - You write incident reports and postmortems clear enough that both engineers and executives act on them.
- - Bonus: Experience defending high-value targets such as AI labs, financial infrastructure, or critical infrastructure against nation-state threat models. Cloud-native forensics (AWS, GCP). Detection engineering and SIEM or SOAR tooling. Malware analysis or reverse engineering.
We are committed to pay equity and transparency.