Security Response Engineer, Incident Response

About Chainlink
Chainlink is the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance (DeFi). The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, lending, payments, stablecoins, and more. Since inventing decentralized oracle networks, Chainlink has enabled tens of trillions in transaction value and now secures the vast majority of DeFi.

Many of the world’s largest financial services institutions have also adopted Chainlink’s standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, S&P Dow Jones Indices, FTSE Russell, WisdomTree, ANZ, and top protocols such as Aave, Lido, GMX and many others. Chainlink leverages a novel fee model where offchain and onchain revenue from enterprise adoption is converted to LINK tokens and stored in a strategic Chainlink Reserve. Learn more at chain.link.

As a Security Response Engineer, you’ll own the full security incident response lifecycle. You’ll serve as incident commander – owning the high-level coordination of incidents from scoping through to recovery and post-mortem improvements. In addition to leading response, you’ll be heavily involved with the team’s operational responsibilities (creating and refining detections to improve alert quality) and project work (automating response actions, building enrichment pipelines). You would help continuously improve our response capabilities and efficiency by collaborating with internal and external stakeholders across the company.

Your Impact

• Own and improve the incident response lifecycle: act as incident commander for high-severity incidents

• Join the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidents

• Improve response readiness: create and automate playbooks, conduct tabletop exercises

• Address security telemetry gaps: improve existing or build/deploy new tools

• Increase detection quality: write and tune high-signal detections (in Sigma)

• Proactively identify and implement areas of improvement and modernization

Requirements

• Proven incident response leadership: experience as primary coordinator for high-severity incidents involving multiple teams and external stakeholders

• Hands-on investigation experience: expertise performing triage, scoping, containment across endpoint, cloud, and/or network based incidents

• Detections experience: ability to create and refine detections based on investigations and threat intelligence

• Operational rigor: comfortable stepping through all phases of an incident, working with runbooks, handling the communication cadence of an incident (internal/stakeholder), root cause analysis and post-mortem learnings

• Previous coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automations

Preferred Requirements

• Prior success in remote-first environments.

• Experience with detections‑as‑code (Sigma) development and workflows.

• Domain experience with blockchain/Web3 threats.

• Open-source contributions to security related projects.

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes. The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application. We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.