Senior Incident Response Engineer

About AlphaSense: The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content. The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!Location: Remote within USAAbout The RoleThe Senior Detection, Automation, and Incident Response Engineer is a critical technical role responsible for driving the organization's defensive security capabilities across detection engineering, security orchestration, automation, and response (SOAR), and co-leading the organization's threat hunting program. This role is crucial for integrating new threat intelligence into high-fidelity detections and automating incident response processes to maximize team efficiency and response speed.You'll work directly with the Director of Security Monitoring, Detection and Response and collaborate closely with the SOC Manager to co-lead threat hunting initiatives, while partnering with cross-functional security teams to build and scale our security operations capabilities.About Our Security TeamYou'll be joining a fast-paced security organization that emphasizes automation, engineering-driven approaches, and systematic problem-solving. Our team operates at the intersection of security operations, detection engineering, incident response, and infrastructure security. We value practical solutions, measurable outcomes, and continuous improvement.What You’ll Do:1. Detection Engineering & Platform Leadership (40%)Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)Lead detection strategy and architecture aligned with the Detection Quality frameworksWrite high-fidelity detection rules using languages like SIGMA and YARA-LConduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverageConduct detection gap analysis to identify coverage opportunities across the kill chainCreate and maintain detection playbooks, runbooks, and comprehensive documentationPerform detection quality assessments and continuous improvement initiatives2. Security Automation (SOAR) & Response Leadership (40%)Develop complex automated response playbooks for multi-stage incidents spanning multiple security toolsIntegrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analyticsDevelop automated containment actions (account disable, host isolation, firewall rule updates)Measure and report automation ROI, tracking metrics like time saved and incident handling efficiencyHandle Incident Response processes and procedures as needed3. Threat Hunting Co-Leadership & Execution (20%)Co-lead the organization's threat hunting program with the SOC Manager, defining strategy, methodology, and campaign planningExecute proactive threat hunting campaigns by conducting hunt queries across SIEM and EDR platformsAnalyze large datasets to identify anomalous behavior patterns including user behavior, process execution, network traffic, and cloud activityDevelop hunting automation and tooling using custom Python scripts, Jupyter Notebooks, Osquery, and VelociraptorCollaborate with threat intelligence sources to incorporate latest TTPs into hunting campaignsWhat We Are Looking For: 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL).Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework.Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development.Proven experience designing and implementing SOAR platform architecture from concept to production.Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration.Strong background in threat hunting methodology, hypothesis