Senior Security Incident Response Engineer


Full Time Senior-level / Expert
OneLogin, Inc. logo

OneLogin, Inc.

Secure your workforce, customers, and partner data with our modern IAM platform at a price that works with your budget.
Apply now Apply later


OneLogin is looking for a talented and motivated Senior Security Incident Response Engineer.  As a Senior Security
Incident Response Engineer you will be responsible for triaging critical security events detected by security monitoring,
analyzing all available data to determine if a cyber-attack is occurring, scoping the extent of a suspected attack,
coordinating efforts to contain attacks, and conducting forensic investigation to determine the details around the attack. As
well as preforming root cause analysis after the investigation is completed.
This role is not a traditional black box digital forensics role. This role requires broad technical capabilities across multiple
disciplines supporting incident response ranging from the ability to build and automate tooling, performing packet analysis,
analyzing custom logs, understanding OS internals, and integrating technical incident response into a multi-cloud
environment. The ideal candidate will have prior training and experience in incident response, forensics, and detection


  • Conduct incident response across the entire incident lifecycle: from initial detection and triage to resolution and
    after action
  • Able to act as Incident Commander as appropriate
  • Lead technical investigation and perform digital forensics involving a broad range of adversarial activity in cloud
    environments and host investigations (including Mac, Linux, Ubuntu, and Windows)
  • Maintain incident policies and playbooks, introducing automation where appropriate
  • Lead and participate in IR tabletop exercises to validate and improve existing processes and procedures
  • Ensure stakeholders (both technical and non-technical) are informed on details in a clear and concise manner,
    both written and verbally.
  • Participate in an incident response on-call rotation 
  • Develop postmortem write-ups and lead postmortem discussions.
  • Run Quarterly Phishing drills
  • Provide feed back to OneLogin Product Teams
  • Act as a mentor to junior security analysts


  • 3 to 5 years of experience in information security, with a focus on Digital Forensics and Incident Response
  • Bachelor’s degree in Computer Science, Information Security, or related field; or equivalent combination of
    education and experience
  • Able to demonstrate expert forensic knowledge of Linux/Unix/Ubuntu, Mac and Windows files systems
  • Participate in an incident response on-call rotation and willingness to work outside normal business hours in
    support of incidents
  • Experience with integration of threat hunting and cyber threat intelligence into the incident response process
  • Experience with SIEM, SOAR, and EDR  that are used to detect anomalous behavior and respond
  • Working knowledge of Information Security standards and policies like ISO 27001/27002, NIST, and others
  • Familiarity with one or more scripting languages (e.g., Python, PowerShell)
  • Security certification a plus (e.g. Security+, GCIA, GCIH, CISSP)
  • Excellent verbal and written communication skills
  • Accepts responsibility and personal accountability
  • Successful management of multiple priorities


OneLogin, the leader in Unified Access Management, connects people with technology through a simple and secure login, empowering organizations to access the world™. We are headquartered in San Francisco, California. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,500 customers worldwide.

We are proud that Gartner has named us a Leader in the 2020 Magic Quadrant for Access Management. For more information, visit www.onelogin.comBlogFacebookTwitter, or LinkedIn.

Our core values

  • Security first - We make it our #1 priority to protect data and privacy. From the way we work to the technology we provide, security is top of mind
  • Customer focused - We design for, listen to and partner with customers to come up with smart solutions that drive business value
  • Collaborative - We take bold steps and work together to thrive across boundaries. We drive productivity as we grow as one team
  • Accountable - We get things done and take ownership in our work. Showcasing consistent quality and pride to perform at the highest levels
  • Creative - We embody creativity in everything we do. We embrace a diversity of ideas. We execute with ingenuity, flexibility, and agility


Job perks/benefits: Team events
Job region(s): Remote/Anywhere
Job stats:  20  5  0
  • Share this job via
  • or

Explore more Information Security career opportunities