Security Incident Response Engineer

Your opportunity

New Relic's Information Security Team is searching for a Security Incident Response Engineer If you enjoy a work environment where you're part of a successful distributed team that collaborates to achieve successful outcomes, we would love to talk to you In this role, you will use your background and deep understanding of how attackers gain access to systems and apply it to respond to cyber security incidents covering all phases including identification, containment and eradication.

As an engineer of our growing Security Response team, you will collaborate with teams throughout the organization, providing security insight, mitigation strategies, and preventive measures from detections. You will help develop our security program through collaboration, investigation, documentation, and engineering practices.

What you'll do

• Support and maintain response strategy and tooling to serve incidents and key attack scenarios.
• Support the SOC alert lifecycle: triage security risk, investigate alerts, develop runbooks, policies and procedures to help the company respond, and run retrospectives to coordinate effort across the company to prevent future incidents.
• Maintain healthy working relationships with our managed security service providers and respond to incident escalations.
• Maintain coordination and communication streams horizontally and vertically as part of major cyber related incident handling.
• Know the latest APT tactics and techniques and use engineering practices to detect and respond.
• Provide technical expertise to engineering teams on standard methodologies, tools and frameworks.
• Work with product managers, senior management, and end users to drive security maturity across the business.
• Be available for on call support during off hours
• Be flexible to work on weekend shifts and avail weekly offs during weekdays

This role requires

Must-have:

• Willingness to work in rotational shifts including Day, Afternoon and Night shifts
• You have at least two years of recent experience working in a threat hunting, threat intelligence, incident response, SOC analyst or security engineering role
• Experience configuring security incident and event management tools, including creating event filtering, correlation rules, and reports
• Strong understanding of the MITRE ATT&CK Framework
• Experience performing risk assessment, threat tracking, or vulnerability management and success in evaluating and communicating severity, impact, and likelihood of a risk to a wide audience
• Familiarity with digital forensic tools and techniques for hands-on response during incidents

Bonus points if you have

• Experience creating SOAR workflows and automation
• Experience building a successful SOC or developing incident response plans or runbooks
• Software engineering experience, primarily in Python or other high-level programming language
• Experience in cloud detections (AWS, Azure, GCP)
• Experience with DevOps CI/CD pipelines including Terraform, Atlantis, Ansible, Kubernetes, and Argo
• Experience with enterprise Kubernetes deployments, including EKS

Fostering a diverse, welcoming and inclusive environment is important to us. We work hard to make everyone feel comfortable bringing their best, most authentic selves to work every day. We celebrate our talented Relics' different backgrounds and abilities, and recognize the different paths they took to reach us – including nontraditional ones. Their experiences and perspectives inspire us to make our products and company the best they can be. We're looking for people who feel connected to our mission and values, not just candidates who check off all the boxes.

If you require a reasonable accommodation to complete any part of the application or recruiting process, please reach out to

We believe in empowering all Relics to achieve professional and business success through a flexible workforce model. This model allows us to work in a variety of workplaces that best support our success, including fully office-based, fully remote, or hybrid.

Our hiring process

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification. Note: Our stewardship of the data of thousands of customers' means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic develops and distributes encryption software and technology that complies with U.S. export controls and licensing requirements. Certain New Relic roles require candidates to pass an export compliance assessment as a condition of employment in any global location. If relevant, we will provide more information later in the application process.

Candidates are evaluated based on qualifications, regardless of race, religion, ethnicity, national origin, sex, sexual orientation, gender expression or identity, age, disability, neurodiversity, veteran or marital status, political viewpoint, or other legally protected characteristics.

Review our Applicant Privacy Notice