Security Response Engineer, Incident Response

Chainlink is the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance (DeFi). The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, lending, payments, stablecoins, and more. Since inventing decentralized oracle networks, Chainlink has enabled tens of trillions in transaction value and now secures the vast majority of DeFi.

- Own and improve the incident response lifecycle: act as incident commander for high-severity incidents - Join the team's on-call rotation: triage inbound alerts/escalations, coordinate internal and company-wide incidents - Improve response readiness: create and automate playbooks, conduct tabletop exercises - Address security telemetry gaps: improve existing or build/deploy new tools - Increase detection quality: write and tune high-signal detections (in Sigma) - Proactively identify and implement areas of improvement and modernization

### Required - Proven incident response leadership: experience as the primary incident commander for high-severity security incidents involving multiple teams and external stakeholders, and can independently manage incident timelines, decisions, and communications - Operational rigor and investigation depth: demonstrated experience with triage, scoping, containment, and remediation across endpoint, cloud, and/or network based incidents; drives root-cause analysis and post-incident action items to completion. - Experience in macOS-heavy environments: has secured and operated a predominantly macOS endpoint fleet: deploying / managing endpoint controls, telemetry collection, and performing investigations on macOS systems. - Collaborative, straightforward communicator: writes clear incident updates and summaries; can explain risk, impact, and trade-offs to both technical and non-technical stakeholders; builds trust with partner teams during high-pressure situations; comfortable handling the regular communication cadence of an incident - Detections experience: ability to create and refine detections based on investigations and threat intelligence - Previous coding experience (Python, Go, Rust, or similar): scripting for data parsing/enrichment and simple automations

Chainlink Labs is the primary contributing developer of Chainlink, the industry-standard decentralized oracle platform that connects blockchains with real-world data, offchain computation, and cross-chain interoperability. The platform powers verifiable applications across DeFi, banking, global trade, and gaming, having enabled over $20 trillion in transaction value.