Incident Response Engineer

Location: Remote - India

About Turing

Based in Palo Alto, California, Turing is one of the world's fastest-growing AI companies accelerating the advancement and deployment of powerful AI systems. Turing helps customers in two ways: working with the world's leading AI labs to advance frontier model capabilities in thinking, reasoning, coding, agentic behavior, multimodality, multilingualism, STEM and frontier knowledge; and leveraging that expertise to build real-world AI systems that solve mission-critical priorities for Fortune 500 companies and government institutions. Turing has received numerous awards, including Forbes's "One of America's Best Startup Employers," #1 on The Information's annual list of "Most Promising B2B Companies," and Fast Company's annual list of the "World's Most Innovative Companies." Turing's leadership team includes AI technologists from industry giants Meta, Google, Microsoft, Apple, Amazon, Twitter, McKinsey, Bain, Stanford, Caltech, and MIT. For more information on Turing, visit For information on upcoming Turing AGI Icons events, visit

Turing provides a platform that connects talents with our enterprise customers in a global marketplace. Our security engineers work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. Our security engineers work on building the industry standard and implementing the best security practices in our platforms that connect enterprise environments. Our security engineers define and enforce the security protocols to operate services in a protected environment. Our security engineers also build and manage the framework for data access both internally and externally.

At Turing, we are continuously addressing the complex challenges of scaling our systems in a safe and secure manner. We're looking for passionate security engineers and leaders who are excited to solve intricate security problems in dynamic enterprise environments.

We are seeking an experienced Incident Response Engineer to join our global security operations team. Based in India as part of a shared technical escalation pool, this role is central to handling complex security incidents, engineering detection capabilities, and leading forensic investigations. You will drive improvements in detection content, response automation, and mentor junior analysts while supporting critical security infrastructure and processes.

• Lead complex investigations into advanced threats, including root cause analysis, malware behaviour, persistence mechanisms, and forensic evidence collection across cloud and endpoint environments.
• Build lightweight tools and scripts to support forensic analysis, incident enrichment, or threat hunting (e.g., log correlation, IOC extraction).
• Act as the Incident Commander (IC) during high-severity incidents, leading technical response and coordinating with stakeholders across IT, Legal, and Engineering.
• Provide feedback on SIEM detection logic (e.g., Chronicle rules, UDM mappings) based on real investigations and hunting findings, in collaboration with MDR and Detection Engineering.
• Contribute to SOAR playbook development and refinement - including enrichment, escalation logic, and automated containment steps to accelerate incident handling and reduce response time.
• Define escalation criteria, triage workflows, and decision trees to guide team to ensure clear handoffs for high-priority incidents.
• Collaborate with platform owners to tune and validate security tools (e.g., EDR policies, SOAR workflows) for effective incident detection and response.
• Provide input on detection and response tooling gaps based on incident experience and help evaluate solutions where needed.
• Build or extend automation for investigation tasks, enrichment, or containment actions using APIs and lightweight scripts.
• Conduct proactive threat hunts using IOC searches, TTP mapping (MITRE ATTACK), and internal behavioural data to detect hidden or emerging threats.
• Develop threat hunting hypotheses based on current threat landscape or recent incidents, test them using available telemetry, and document outcomes and recommendations.
• Mentor team through real-case reviews, knowledge sharing, and training sessions to strengthen their triage, investigation, and escalation skills.
• Contribute to internal playbooks and IR documentation to ensure procedures, tools, and best practices are clearly documented and regularly updated.

• Required Skills

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field (or equivalent practical experience).

• 5+ years of experience in Security Operations, Incident Response, or Detection Engineering roles.
• Demonstrated experience with digital forensics, malware analysis, and network-based incident investigations.
• Strong hands-on experience with SIEM platforms such as Splunk, Chronicle, Elastic, or QRadar.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell), and familiarity with configuration formats like YAML for automation and tooling.
• Deep understanding of EDR solutions (e.g., CrowdStrike, SentinelOne) and SOAR platforms.
• Working knowledge of the MITRE ATT&CK framework and TTP-driven detection and response.

• Familiarity with threat intelligence and applying it to hunt and detect advanced threats.
  Excellent communication and collaboration skills, especially during incident handling.

• Good to have:

• Industry-recognized certifications such as GIAC GCFA, GCIH, GREM, GCIA, or OSCP.

• Experience with memory analysis tools (e.g., Volatility, Rekall).
• Experience handling security incidents in cloud-native environments (e.g., GCP, Azure, SaaS platforms).
• Experience writing detection logic using YARA, Sigma rules, or Sysmon.
• Familiarity with automation platforms (e.g., Phantom, XSOAR, StackStorm).
• Contributions to open-source IR tools or threat research communities.
• Experience integrating security tooling with workflow platforms (e.g., Slack, Jira) to support response automation and incident coordination.
• Knowledge of compliance-driven incident response requirements (e.g., SOC 2, ISO 27001, breach notifications).

• Amazing work culture (Super collaborative & supportive work environment; 5 days a week)
• Awesome colleagues (Surround yourself with top talent from Meta, Google, LinkedIn etc. as well as people with deep startup experience)
• Competitive compensation
• Flexible working hours
• Full-time remote opportunity

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. Turing is proud to be an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, disability, protected veteran status, or any other legally protected characteristics. At Turing we are dedicated to building a diverse, inclusive and authentic workplace and celebrate authenticity, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.