Lead complex investigations and automate response workflows in security operations, significantly contributing to enhancing incident response quality and efficiency.
The Senior Security Incident Response Analyst leads complex security investigations, drives automated response workflows, and works alongside a managed SOC to raise the quality and speed of day-to-day security operations. This is a senior individual contributor role: you will own the hardest cases, serve as the escalation point for investigations that go beyond standard triage, and build the automation and tooling that makes the entire operation more effective. Success requires independence — the ability to make sound decisions in ambiguous situations, operate without constant direction, and drive work forward in an environment that is still maturing.
We are an automation-first team, and this role is central to that. You will work closely with SOAR and automation engineers to translate investigative insight into scalable response workflows — identifying inefficiencies, eliminating manual processes, and building the tools that reduce toil for the entire team. The right candidate cares deeply about investigative quality and is equally driven to automate, scale, and continuously improve how that work gets done. Strong judgment, a builder's mindset, and high-quality written communication are essential.
RESPONSIBILITIES
Lead high-severity and complex investigations alongside the managed SOC — serving as the senior escalation point for cases that require deeper analysis, cross-platform pivoting, or containment decisions beyond standard playbook scope
Perform host-based triage and forensic analysis across Windows, Linux, and macOS, and conduct cloud-native IR across AWS and Azure — pivoting fluently between endpoint, identity, infrastructure, and network telemetry.
Integrate threat intelligence into active investigations and operationalize it proactively — use adversary TTPs, IOC context, and external monitoring to sharpen scope, accelerate attribution, and surface threats before they become incidents
Make and execute containment decisions — account disabling, host isolation, infrastructure blocking — and drive those actions through coordination with relevant teams
Partner with SOAR and automation engineers to design and build automated response workflows — translate what you learn in investigations into playbooks, enrichment pipelines, and containment automations the SOC can execute at scale
Identify repetitive investigative tasks and own their elimination — write the scripts, build the integrations, and design the workflow tools that reduce toil for the entire team
Define what automated response should look like for specific threat categories; work with engineering to implement it and validate that it holds up against how investigations actually unfold
Contribute detection logic informed by investigation findings — close the loop between what you observe in cases and what the team catches next time
Calibrate the SOC's triage thresholds and escalation criteria; raise the floor on case documentation quality through direct review and feedback
Produce case notes, post-incident summaries, and leadership briefs that are reproducible, defensible, and readable by a non-technical audience
QUALIFICATIONS & REQUIREMENTS
5+ years of hands-on incident response experience with direct investigation ownership — candidates should understand the difference between owning an investigation and working a SOC queue
Proven ability to operate independently: prioritize without direction, drive investigations to closure, and make sound judgment calls under ambiguity
Experience working alongside or managing an MSSP or managed SOC — comfortable defining what escalates, setting investigation standards, and serving as the technical authority on complex cases
Deep SIEM proficiency; able to write complex queries and correlate across heterogeneous log sources
Host forensics fluency across Windows, Linux, and macOS: process execution, persistence mechanisms, lateral movement artifacts, and platform-native log sources. Cloud IR experience in AWS a plus.
Demonstrated automation experience — scripting languages, SOAR platforms, or both — applied to real investigative and detection workflows; this is a core expectation of the role, not a bonus
Strong written communication; case notes and summaries that hold up to peer review, legal scrutiny, and executive reading
Comfort operating in environments where tooling and processes are still maturing; able to build structure and make progress without waiting for perfect conditions
Experience contributing to detection engineering, mentoring junior analysts, or working in multi-tenant or post-merger environments is a plus.
Additional Requirements:
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Salary range: $120,000 - $160,000 (bonus eligible).
We are accepting applications for this position on an ongoing basis.
As part of our selection process, external candidates may be required to attend an in-person interview with a VERSANT Media employee at one of our locations prior to a hiring decision. VERSANT Media's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
For LA County and City Residents Only: VERSANT Media will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.
If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected].
VERSANT Media is committed to fair and equitable compensation practices. We include a good faith pay range for each position to comply with applicable state and local pay transparency laws and to promote equity across our organization. Actual compensation will be based on factors such as the candidate's skills, qualifications, experience, and location and may include additional forms of compensation and benefits such as health insurance, retirement plans, paid time off, etc.
VERSANT Media is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at VERSANT via-email, the Internet, or in any form and/or method without a valid written Statement of Work in place for this position from VERSANT's Talent Acquisition team will be deemed the sole property of VERSANT. No fee will be paid in the event the candidate is hired by VERSANT as a result of the referral or through other means.
Versant is a media and technology organization dedicated to transforming the media landscape by merging innovative ideas with established brands. We cater to audiences in news, sports, and entertainment, offering a blend of content, technology, and services that inspire and engage.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
